Compiler doesn't like the statement.
Is holder the same as holder db 50 dup(0) ?
START PROC
LOCAL holder[50] :BYTE
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
mov bx,offset holder
No, they different. The first array (DUP) is compile time thus you can use OFFSET operator to address it and the second one (LOCAL) is runtime one it resides in stack dynamically, while PROC is executed thus you should use LEA instruction.
Quote from: asmfan on April 09, 2006, 08:30:04 PM
No, they different. The first array (DUP) is compile time thus you can use OFFSET operator to address it and the second one (LOCAL) is runtime one it resides in stack dynamically, while PROC is executed thus you should use LEA instruction.
Thanks, it compiles now but still isn't working right.
.DATA
ValueOK db "Registry key added OK",0
Sample db "BOX",0
string db "Œ‹?–'˜Û" ; unencrypted value is 'string'
.CODE
begin:
call START
invoke ExitProcess,0
START PROC
LOCAL holder[10] :BYTE ; This should hold unencrypted string
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
invoke RtlZeroMemory, ADDR holder, sizeof holder ; in kernel32.inc
lea ebx, holder
mov esi,offset string
descramble:
lodsb
not al
mov [ebx],eax
inc ebx
cmp al,219
jz exit
jmp descramble
exit:
ret
START endp
END begin
I see 2 strange things
1. You can spoil the stack by moving 4 bytes (eax) instead 1 (al)
2. When the cycle ends? When NOT(al)=219 ? Why? If you do till 0 in source compare to 255...
Quote from: asmfan on April 10, 2006, 06:11:47 AM
I see 2 strange things
1. You can spoil the stack by moving 4 bytes (eax) instead 1 (al)
2. When the cycle ends? When NOT(al)=219 ? Why? If you do till 0 in source compare to 255...
I implemented your suggestions. Do you know how I can tell what is in LOCALl holder? It should contain
'string' but I can't see it using Ollydbg.
START PROC
LOCAL holder[10] :BYTE ; This should hold unencrypted string
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
invoke RtlZeroMemory, ADDR holder, sizeof holder ; in kernel32.inc
lea ebx, holder
mov esi,offset string
descramble:
lodsb
not al
mov [ebx],al
inc ebx
cmp al,255
jz exit
jmp descramble
If you know the string will be null terminated, you could just use the print macro:
print ADDR holder,13,10
If RtlZeroMemory is being used for security, shouldn't it be called after you have finished using the buffer?
Another question do you encrypt the zero terminator as the other chars? If yes then change to cmp al,0
Quote from: asmfan on April 11, 2006, 06:58:42 PM
Another question do you encrypt the zero terminator as the other chars? If yes then change to cmp al,0
I am getting undefined symbol for StdOut with the print macro.
begin:
call START
print ADDR holder,13,10
invoke ExitProcess,0
--------------------------------------------
This is what I'm using to encrypt the string.
;-------------------------------------------------2006 Andrew Kennedy--------
; crypt.asm Basic encryption of a string
; Takes a string, NOT each character, and puts it into array
;
; DOES NOT PRINT THE ALT 219 character !
.model small
.stack 200h
.data ; not Û = $
; not $ = Û(Alt 219)
string db 'Software\skywalkerÛ'
array db ($ - string) dup('1')
.code
start:
mov ax,@data
mov ds,ax
mov bx,offset array
mov si,offset string
scramble:
lodsb
not al ; flip bits
mov [bx], al
inc bx
cmp al,'Û' ; not Û = $ (end of string marker)
jz print
jmp scramble
print:
mov dx,offset array
mov ah,9
int 21h
jmp exit
mov ah,2 ; print a space
mov dl,' ' ; ->
int 21h ; and another
mov dl,'-' ; space
int 21h
mov dl,'>'
int 21h
mov dl,' '
int 21h
mov bx,offset array
mov si,offset array
descramble:
lodsb
cmp al,'$'
jz last_print
not al
mov [bx],al
inc bx
jmp descramble
last_print:
mov dx,offset array ; decrambled text stored here
mov ah,9
int 21h
exit:
mov ax,4c00h
int 21h
end start
Quote from: skywalker on April 11, 2006, 07:51:15 PM
I am getting undefined symbol for StdOut with the print macro.
Might have to re-install MASM32.
Quote from: Mark Jones on April 11, 2006, 09:03:59 PM
Quote from: skywalker on April 11, 2006, 07:51:15 PM
I am getting undefined symbol for StdOut with the print macro.
Might have to re-install MASM32.
What makes you think that ?
Quote from: Mark Jones on April 11, 2006, 09:03:59 PM
Quote from: skywalker on April 11, 2006, 07:51:15 PM
I am getting undefined symbol for StdOut with the print macro.
Might have to re-install MASM32.
This fills holder with string\ but I can't figure out how to get it null terminated so CreateRegKeyEx will work.
The print macro works fine in other code, don't know why it gets "scared" with this code.
.DATA
ValueOK db "Registry key added OK",0
Sample db "BOX",0
holder db 10 dup(0)
string db "¬‹?–'˜£0" ; unencrypted value is 'string\'
.CODE
begin:
START PROC
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
invoke RtlZeroMemory, ADDR holder, sizeof holder ; in kernel32.inc
lea ebx, holder
mov esi,offset string
descramble:
lodsb
not al
mov [ebx],al
inc ebx
cmp al,255
jz finish
jmp descramble
finish:
invoke RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR holder, NULL, NULL,\
REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
Andy,
If holder is defined in the Start procedure, it is not visible outside the procedure. Move the print statement into the procedure and it should work OK.
If the string you started with was null terminated, then when this code reaches the encrypted null terminator it will NOT it to zero, and move it into the destination string:
descramble:
lodsb
not al
mov [ebx],al
inc ebx
cmp al,255
jz finish
jmp descramble
The only problem I see is that
cmp al,255
Should be
cmp al,0 ; cmp al,not 255 would also work
Quote from: MichaelW on April 12, 2006, 09:15:29 AM
Andy,
If holder is defined in the Start procedure, it is not visible outside the procedure. Move the print statement into the procedure and it should work OK.
If the string you started with was null terminated, then when this code reaches the encrypted null terminator it will NOT it to zero, and move it into the destination string:
I figured that out last night.
I am trying to figure why my RegCreateKeyEx isn't working. It points to a null terminated string now, but isn't
working.
Whether holder is in or out of the procedure, I get this error with the print macro.
Very strange, as the macro works fine in other code ? I even re-installed masm.
C:\masm32\source\crypt5.asm(52) : error A2006: undefined symbol : StdOut
print(1): Macro Called From
C:\masm32\source\crypt5.asm(52): Main Line Code
I misread your statement of the problem so my reply was not correct. On my system the print macro produces a
error A2006: undefined symbol : StdOut
If I fail to include \masm32\include\masm32.inc
Quote from: MichaelW on April 12, 2006, 08:02:58 PM
I misread your statement of the problem so my reply was not correct. On my system the print macro produces a
error A2006: undefined symbol : StdOut
If I fail to include \masm32\include\masm32.inc
No problem, I can live without that macro in that code anyway.