I could use some help converting the goasm statements to masm style.
Thanks.
PUSH ADDR FINAL_HANDLER
CALL SetUnhandledExceptionFilter
CALL PROTECTED_AREA
CALL CLEAR_UP ;here the program clears up normally
PUSH 40h ;exclamation sign + ok button only
PUSH "Except1","This is a very happy ending",0
CALL MessageBoxA ;wait till ok pressed
PUSH 0 ;code meaning a succesful conclusion
CALL ExitProcess ;and finish with aplomb!
PROTECTED_AREA:
PUSH EBP,0,0 ; )create the
PUSH OFFSET SAFE_PLACE ; )ERR structure
PUSH OFFSET HANDLER ; )on the
FS PUSH
- ; )stack
FS MOV - ,ESP ;point to structure just established on the stack
;
;*********************** and now lets cause the exception ..
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
;*********************** because of the exception the code never gets to here
SAFE_PLACE: ;but the handler will jump to here ..
FS POP - ;restore original exception handler from stack
ADD ESP,14h ;throw away remainder of ERR structure made earlier
the only problems i see are...
PUSH "Except1","This is a very happy ending",0
and
PUSH EBP,0,0 ; )create the
for the first one, you need to make it a string in the data area, then push the address of that string
.data
HappyStr db "Except1","This is a very happy ending",0
.
.
.code
.
.
PUSH offset HappyStr
for the other, i think pushing them seperately should work
PUSH EBP
PUSH 0
PUSH 0
you should be able to look at the assembled code with Olly and see what is actually generated
Thanks.
I think these 3 are all that's left to convert.
I know that the FS is one of those extra segments that I haven't seen used all that much
in 32 bit coding.
1. The push addr handler
2. FS PUSH
i'm sorry - i didn't even see those - lol
pushing the handler address should be ok, although i would just use
PUSH FINAL_HANDLER
as for the FS ones, i am not sure what to tell you
they don't make any sense to me :P
maybe it's
PUSH FS
MOV FS,ESP
Quote from: dedndave on October 03, 2009, 01:31:57 AM
i'm sorry - i didn't even see those - lol
[/tt]
I am getting close.
Just 3 statements to fix.(marked)
I attached the working .exe.
That Ollydbg is handy as a pocket.
(With this being a goasm forum, I am hoping some others will jump in.)
;FS PUSH
- ; )stack
push dword ptr fs:[0] ; line 71 error A2108: use of register assumed to ERROR
;FS MOV - ,ESP ;point to structure just established on the stack
mov dword ptr fs:[0],esp ; line 74 error A2108: use of register assumed to ERROR
;
;*********************** and now lets cause the exception ..
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
;*********************** because of the exception the code never gets to here
SAFE_PLACE: ;but the handler will jump to here ..
;FS POP - ;restore original exception handler from stack
pop dword ptr fs:[0] ; line 86 error A2108: use of register assumed to ERROR
You can remove the assumption, and fix the problem, with:
ASSUME fs:NOTHING
Quote from: MichaelW on October 03, 2009, 03:30:31 AM
You can remove the assumption, and fix the problem, with:
ASSUME fs:NOTHING
I tried it with no luck in 2 places.
Right after .data and after start:
I even tried assembling with 2 different versions of Masm.
When I replied I did not connect with the GoAsm part, I was looking at the ML error codes. I'm not sure about GoAsm, but for ML:
ASSUME fs:NOTHING
Should work fine, I just tested it. Are these error codes returned by ML or by your debugger?
you have to put ASSUME FS:NOTHING right after START: in your MASM version. Since MASM always assumes the FS register to ERROR, you have to remove that assumption before you execute any code requiring that segment register. GoAsm does not have an equivalent to the assume directive (a useless obfuscation anyway) so you will not find it in GoAsm code.
The actual code you are trying to translate is from the SEH tutorial (http://www.jorgon.freeserve.co.uk/ExceptFrame.htm):
PUSH ADDR HANDLER
FS PUSH [0]
FS MOV [0],ESP
...
...
...
FS POP [0]
ADD ESP,4h
RET
;***********************
HANDLER:
...
...
...
MOV EAX,1
RET
Have to put this into a code block or BBcode will remove the square braces...
FS PUSH [0]
would push the DWORD at address 0 in the FS segment onto the stack, in MASM it would be:
push dword ptr fs:[0]
similarly:
pop dword ptr fs:[0]
FS MOV [0],ESP
moves the value in ESP into address zero of the FS segment, in MASM:
mov fs:[0], ESP
Edgar
Here is the complete source with the 3 lines with errors commented.
Andy
except.asm Conversion of except1.asm (Goasm) to masm code
;
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
include \masm32\include\shlwapi.inc
include \masm32\macros\macros.asm
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\shlwapi.lib
.DATA
HappyStr db "Except1,This is a very happy ending",0
Except db "Except1,There was an exception - do you want me to swallow it?",0
Except1 db "Except1",0
Except2 db "Except1 - well it's all over for now.",0
Unwind db "The system calling the handler again for more clearing up (unwinding)",0
FATALMESS DB "I thoroughly enjoyed it and I have already tidied everything up - "
DB "you know, completed records, closed file handles, "
DB "released memory, that sort of thing .."
DB "Glad this was by design - bye, bye .."
DB ".. but first, I expect the system will do an unwind ..",0
.CODE
;ASSUME fs:NOTHING
START:
; Lets make our final handler which would do all clearing up if the program has to close
;ASSUME fs:NOTHING
PUSH offset FINAL_HANDLER
CALL SetUnhandledExceptionFilter
CALL PROTECTED_AREA
CALL CLEAR_UP ;here the program clears up normally
PUSH 40h ;exclamation sign + ok button only
push offset Except1
PUSH offset HappyStr
push 0
CALL MessageBoxA ;wait till ok pressed
PUSH 0 ;code meaning a succesful conclusion
CALL ExitProcess ;and finish with aplomb!
; PROGRAM END
PROTECTED_AREA:
;PUSH EBP,0,0 ; )create the
push ebp
push 0
push 0
PUSH OFFSET SAFE_PLACE ; )ERR structure
PUSH OFFSET HANDLER ; )on the
;FS PUSH [0] ; )stack
push dword ptr fs:[0] ; line 71 error A2108: use of register assumed to ERROR
;FS MOV [0],ESP ;point to structure just established on the stack
mov dword ptr fs:[0],esp ; line 74 error A2108: use of register assumed to ERROR
;*********************** and now lets cause the exception ..
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
;*********************** because of the exception the code never gets to here
SAFE_PLACE: ;but the handler will jump to here ..
;FS POP [0] ;restore original exception handler from stack
pop dword ptr fs:[0] ; line 86 error A2108: use of register assumed to ERROR
ADD ESP,14h ;throw away remainder of ERR structure made earlier
RET
;This simple handler is called by the system when the divide by zero
;occurs.In this handler the user is given a choice of swallowing the
;exception by jumping to the safe-place, or not dealing with it at all,
;in which case the system will send the exception to the FINAL_HANDLER
HANDLER:
;save registers as required by Windows
PUSH EBX
PUSH EDI
PUSH ESI
MOV EBX,[EBP+8] ;get exception record in ebx
MOV EAX,[EBX+4] ;get flag sent by the system
TEST AL,1h ;see if its a non-continuable exception
JNE short nodeal
;JNZ >.nodeal ;yes, so not allowed by system to touch it
TEST AL,2h ;see if its the system unwinding
JNE short unwind ;yes
PUSH 24h ;question mark + YES/NO buttons
PUSH offset Except1
push offset Except
CALL MessageBoxA ;wait till button pressed
CMP EAX,6 ;see if yes clicked
JNE short nodeal ;no -line 113 orig. jnz
; go to SAFE_PLACE
MOV ESI,[EBP+10h] ;get register context record in esi
MOV EDI,[EBP+0Ch] ;get pointer to ERR structure in edi
MOV [ESI+0C4h],EDI ;insert new esp (happens to be pointer to ERR)
MOV EAX,[EDI+8] ;get address of SAFE_PLACE given in ERR structure
MOV [ESI+0B8h],EAX ;insert that as new eip in register context
MOV EAX,[EDI+14h] ;get ebp at safe place given in ERR structure
MOV [ESI+0B4h],EAX ;insert that as new ebp in register context
XOR EAX,EAX ;eax=0 reload context and return to system
jmp short fin
;JMP > fin
unwind:
PUSH 40h ;exclamation sign + ok button only
PUSH offset Except1
PUSH offset Unwind
PUSH 0
CALL MessageBoxA ;wait till ok pressed, then return eax=1
nodeal:
MOV EAX,1 ;eax=1 system to go to next handler
fin:
POP ESI
POP EDI
POP EBX
RET
CLEAR_UP: ;all clearing up would be done here
RET
;
FINAL_HANDLER: ;system passes EXCEPTION_POINTERS
PUSH EBX
PUSH EDI
PUSH ESI ;save registers as required by Windows
CALL CLEAR_UP
PUSH 40h ;exclamation sign + ok button only
PUSH offset Except2
PUSH offset FATALMESS
CALL MessageBoxA ;wait till ok pressed
MOV EAX,1 ;terminate process without showing system message box
POP ESI
pop EDI
pop EBX
RET
end
added code blocks - donkey
Quote from: donkey on October 03, 2009, 01:36:31 PM
you have to put ASSUME FS:NOTHING right after START: in your MASM version. Since MASM always assumes the FS register to ERROR, you have to remove that assumption before you execute any code requiring that segment register. GoAsm does not have an equivalent to the assume directive (a useless obfuscation anyway) so you will not find it in GoAsm code.
Edgar
I got the source to compile.
When I ran it through the debugger,
it stops at the div instruction.
Ollydbg won't let me "step into" or "step over."
I don't know what to try next.
;*********************** and now lets cause the exception ..
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
Quote from: Magnum on October 04, 2009, 02:02:37 PM
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
Olly allows you to temporarily change the div ecx to e.g. nop. Click on div ecx, hit Space, type nop and hit Enter. Then F7 to proceed...
Quote from: jj2007 on October 04, 2009, 03:33:32 PM
Quote from: Magnum on October 04, 2009, 02:02:37 PM
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
Olly allows you to temporarily change the div ecx to e.g. nop. Click on div ecx, hit Space, type nop and hit Enter. Then F7 to proceed...
I tried it. It jumps around and ends up closing, but no message boxes appear.
I even tried replacing the Divide by Zero with cli, and the same thing happens.
I guess I will study seh.asm since it does show exception handlers.
I just don't understand.
No matter what assembler is used, it all has to end up as the same machine code.
How can I get the machine code of a program?
If it's necessary to solve this mystery, I will go thru every line and compare it with the .exe that works.
Andy
I opened up the except1.exe(compiled using Goasm) in a hex editor.
I found some text including the web page for goasm.
Interesting thing is, it doesn't show up in a debugger. ??
Maybe code obfuscation or pecularities of the compiler.
I love assembly because it's "like a box of chocolates..."
Andy
Quote from: Magnum on October 04, 2009, 07:36:56 PM
I opened up the except1.exe(compiled using Goasm) in a hex editor.
I found some text including the web page for goasm.
Interesting thing is, it doesn't show up in a debugger. ??
Maybe code obfuscation or pecularities of the compiler.
I love assembly because it's "like a box of chocolates..."
Andy
Added by the linker at the DOS header :toothy
I was bored and made a patcher to untag my exes/dlls (not sharing it)
Maybe there should be a switch to keep the header cleaner. I don't like my exes to look like graffiti walls under a hex editor :green2
Interesting idea.
I did not see the "This program cannot be run in Dos..", is it encrpyted or not there?
Andy
It says "Win32 program!" :toothy
EDIT: I should run one of them in DosBox btw, should be fun !
I got it running right.
I left out two cases of push 0. :-)
Andy
; except.asm Shows a Per-Thread Exception Handler
; Written by Jeremy Gordon 2002
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
include \masm32\include\shlwapi.inc
include \masm32\macros\macros.asm
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\shlwapi.lib
.DATA
HappyStr db "This is a very happy ending.",0
Except db "There was an exception - do you want me to swallow it?",0
Except1 db "Except1",0
Except2 db "Well it's all over for now.",0
Unwind db "The system calling the handler again for more clearing up (unwinding)",0
FATALMESS DB "I thoroughly enjoyed it and I have already tidied everything up.",0
.CODE
START:
ASSUME fs:NOTHING
PUSH offset FINAL_HANDLER
CALL SetUnhandledExceptionFilter
CALL PROTECTED_AREA
CALL CLEAR_UP ;here the program clears up normally
PUSH 40h ;exclamation sign + ok button only
push offset Except1 ;Except1
PUSH offset HappyStr ;This is a very happy ending
push 0
CALL MessageBoxA ;wait till ok pressed
PUSH 0 ;code meaning a succesful conclusion
CALL ExitProcess ;and finish with aplomb!
; PROGRAM END
PROTECTED_AREA:
push ebp ; create the
push 0 ; ERR structure
push 0 ; on the stack
PUSH OFFSET SAFE_PLACE
PUSH OFFSET HANDLER
push dword ptr fs:[0]
mov dword ptr fs:[0],esp ;point to structure just established on the stack
; Now lets cause the exception ..
XOR ECX,ECX ;set ecx to zero
DIV ECX ;divide by zero, causing exception
;cli
; Because of the exception the code never gets to here
SAFE_PLACE: ;but the handler will jump to here ..
pop dword ptr fs:[0] ;restore original exception handler from stack
ADD ESP,14h ;throw away remainder of ERR structure made earlier
RET
;This simple handler is called by the system when the divide by zero
;occurs.In this handler the user is given a choice of swallowing the
;exception by jumping to the safe-place, or not dealing with it at all,
;in which case the system will send the exception to the FINAL_HANDLER
HANDLER:
;save registers as required by Windows
PUSH EBX
PUSH EDI
PUSH ESI
MOV EBX,[EBP+8] ;get exception record in ebx
MOV EAX,[EBX+4] ;get flag sent by the system
TEST AL,1h ;see if its a non-continuable exception
JNE short nodeal
;yes, so not allowed by system to touch it
TEST AL,2h ;see if its the system unwinding
JNE short unwind ;yes
PUSH 24h ;question mark + YES/NO buttons
PUSH offset Except1 ;Except1
push offset Except ;There was an exception - do you want me to swallow it?
push 0 ; ADDED today
CALL MessageBoxA ;wait till button pressed
CMP EAX,6 ;see if yes clicked..if yes, exit
JNE short nodeal ;
; go to SAFE_PLACE
MOV ESI,[EBP+10h] ;get register context record in esi
MOV EDI,[EBP+0Ch] ;get pointer to ERR structure in edi
MOV [ESI+0C4h],EDI ;insert new esp (happens to be pointer to ERR)
MOV EAX,[EDI+8] ;get address of SAFE_PLACE given in ERR structure
MOV [ESI+0B8h],EAX ;insert that as new eip in register context
MOV EAX,[EDI+14h] ;get ebp at safe place given in ERR structure
MOV [ESI+0B4h],EAX ;insert that as new ebp in register context
XOR EAX,EAX ;eax=0 reload context and return to system
jmp short fin
unwind:
PUSH 40h ;exclamation sign + ok button only
PUSH offset Except1 ;Except1
PUSH offset Unwind ;The system calling the handler again for more clearing up (unwinding)
PUSH 0
CALL MessageBoxA ;wait till ok pressed, then return eax=1
nodeal:
MOV EAX,1 ;eax=1 system to go to next handler
fin:
POP ESI
POP EDI
POP EBX
RET
CLEAR_UP: ;all clearing up would be done here
RET
; Lets make our final handler which would do all clearing up if the program has to close
FINAL_HANDLER: ;system passes EXCEPTION_POINTERS
PUSH EBX
PUSH EDI
PUSH ESI ;save registers as required by Windows
CALL CLEAR_UP
PUSH 40h ;exclamation sign + ok button only
PUSH offset Except2 ;Well it's all over for now.
PUSH offset FATALMESS
PUSH 0
CALL MessageBoxA ;wait till ok pressed
MOV EAX,1 ;terminate process without showing system message box
POP ESI
pop EDI
pop EBX
RET
end START