Need some more goasm statements converted

[Magnum]

I could use some help converting the goasm statements to masm style.

Thanks.

PUSH ADDR FINAL_HANDLER
CALL SetUnhandledExceptionFilter
CALL PROTECTED_AREA
CALL CLEAR_UP           ;here the program clears up normally
PUSH 40h                ;exclamation sign + ok button only
PUSH "Except1","This is a very happy ending",0
CALL MessageBoxA        ;wait till ok pressed
PUSH 0                  ;code meaning a succesful conclusion
CALL ExitProcess        ;and finish with aplomb!
PROTECTED_AREA:

PUSH EBP,0,0            ; )create the
PUSH OFFSET SAFE_PLACE  ; )ERR structure
PUSH OFFSET HANDLER     ; )on the
FS PUSH

•              ; )stack
  FS MOV
• ,ESP          ;point to structure just established on the stack
  ;
  ;*********************** and now lets cause the exception ..
  XOR ECX,ECX             ;set ecx to zero
  DIV ECX                 ;divide by zero, causing exception
  ;*********************** because of the exception the code never gets to here
  
  
  SAFE_PLACE:             ;but the handler will jump to here ..
  
  FS POP
•               ;restore original exception handler from stack
  ADD ESP,14h             ;throw away remainder of ERR structure made earlier
  

[dedndave]

the only problems i see are...

PUSH "Except1","This is a very happy ending",0
and
PUSH EBP,0,0            ; )create the

for the first one, you need to make it a string in the data area, then push the address of that string

.data
HappyStr db "Except1","This is a very happy ending",0
.
.
.code
.
.
PUSH offset HappyStr

for the other, i think pushing them seperately should work

PUSH EBP
PUSH 0
PUSH 0

you should be able to look at the assembled code with Olly and see what is actually generated

[Magnum]

Thanks.

I think these 3 are all that's left to convert.

I know that the FS is one of those extra segments that I haven't seen used all that much
in 32 bit coding.

1. The push addr handler
2. FS PUSH

•              ; )stack
  3. FS MOV
• ,ESP
  

[dedndave]

i'm sorry - i didn't even see those - lol
pushing the handler address should be ok, although i would just use

PUSH FINAL_HANDLER

as for the FS ones, i am not sure what to tell you
they don't make any sense to me   :P
maybe it's

PUSH FS
MOV  FS,ESP

[Magnum]

i'm sorry - i didn't even see those - lol

[/tt]

I am getting close.
Just 3 statements to fix.(marked)

I attached the working .exe.
That Ollydbg is handy as a pocket.

(With this being a goasm forum, I am hoping some others will jump in.)

;FS PUSH

•              ; )stack
  push dword ptr fs:[0]   ; line 71 error A2108: use of register assumed to ERROR
  
  ;FS MOV
• ,ESP          ;point to structure just established on the stack
  mov dword ptr fs:[0],esp ; line 74 error A2108: use of register assumed to ERROR
  ;
  ;*********************** and now lets cause the exception ..
  
  XOR ECX,ECX             ;set ecx to zero
  DIV ECX                 ;divide by zero, causing exception
  
  ;*********************** because of the exception the code never gets to here
  
  SAFE_PLACE:             ;but the handler will jump to here ..
  
  ;FS POP
•              ;restore original exception handler from stack
  pop dword ptr fs:[0]    ; line 86 error A2108: use of register assumed to ERROR
  

[MichaelW]

You can remove the assumption, and fix the problem, with:

ASSUME fs:NOTHING

[Magnum]

You can remove the assumption, and fix the problem, with:

ASSUME fs:NOTHING

I tried it with no luck in 2 places.

Right after .data and after start:

I even tried assembling with 2 different versions of Masm.

[MichaelW]

When I replied I did not connect with the GoAsm part, I was looking at the ML error codes. I'm not sure about GoAsm, but for ML:

ASSUME fs:NOTHING

Should work fine, I just tested it.  Are these error codes returned by ML or by your debugger?

[donkey]

you have to put ASSUME FS:NOTHING right after START: in your MASM version. Since MASM always assumes the FS register to ERROR, you have to remove that assumption before you execute any code requiring that segment register. GoAsm does not have an equivalent to the assume directive (a useless obfuscation anyway) so you will not find it in GoAsm code.

The actual code you are trying to translate is from the SEH tutorial:

Code Select Expand

PUSH ADDR HANDLER
FS PUSH [0]
FS MOV [0],ESP
...
...
...
FS POP [0]
ADD ESP,4h
RET
;***********************
HANDLER:
...
...
...
MOV EAX,1
RET

Have to put this into a code block or BBcode will remove the square braces...

Code Select Expand

FS PUSH [0]

would push the DWORD at address 0 in the FS segment onto the stack, in MASM it would be:

push dword ptr fs:[0]

similarly:

pop dword ptr fs:[0]

FS MOV [0],ESP

moves the value in ESP into address zero of the FS segment, in MASM:

mov fs:[0], ESP

Edgar

[Magnum]

Here is the complete source with the 3 lines with errors commented.

Andy

Code Select Expand

except.asm Conversion of except1.asm (Goasm) to masm code
;
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE

    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\advapi32.inc
    include \masm32\include\shlwapi.inc
    include \masm32\macros\macros.asm

    includelib  \masm32\lib\kernel32.lib
    includelib  \masm32\lib\user32.lib
    includelib  \masm32\lib\advapi32.lib
    includelib  \masm32\lib\shlwapi.lib

.DATA

HappyStr db "Except1,This is a very happy ending",0

Except   db "Except1,There was an exception - do you want me to swallow it?",0

Except1  db "Except1",0

Except2  db "Except1 - well it's all over for now.",0

Unwind   db "The system calling the handler again for more clearing up (unwinding)",0

FATALMESS DB "I thoroughly enjoyed it and I have already tidied everything up - "
          DB "you know, completed records, closed file handles, "
          DB "released memory, that sort of thing .."
          DB "Glad this was by design - bye, bye .."
          DB ".. but first, I expect the system will do an unwind ..",0
.CODE

;ASSUME fs:NOTHING

START:

; Lets make our final handler which would do all clearing up if the program has to close

;ASSUME fs:NOTHING

PUSH offset FINAL_HANDLER
CALL SetUnhandledExceptionFilter
CALL PROTECTED_AREA
CALL CLEAR_UP           ;here the program clears up normally
PUSH 40h                ;exclamation sign + ok button only
push offset Except1
PUSH offset HappyStr
push 0
CALL MessageBoxA        ;wait till ok pressed
PUSH 0                  ;code meaning a succesful conclusion
CALL ExitProcess        ;and finish with aplomb!

; PROGRAM END

PROTECTED_AREA:

;PUSH EBP,0,0            ; )create the
push ebp
push 0
push 0
PUSH OFFSET SAFE_PLACE  ; )ERR structure
PUSH OFFSET HANDLER     ; )on the
;FS PUSH [0]             ; )stack

push dword ptr fs:[0]   ; line 71 error A2108: use of register assumed to ERROR

;FS MOV [0],ESP          ;point to structure just established on the stack
mov dword ptr fs:[0],esp ; line 74 error A2108: use of register assumed to ERROR

;*********************** and now lets cause the exception ..

XOR ECX,ECX             ;set ecx to zero
DIV ECX                 ;divide by zero, causing exception

;*********************** because of the exception the code never gets to here

SAFE_PLACE:             ;but the handler will jump to here ..

;FS POP [0]             ;restore original exception handler from stack
pop dword ptr fs:[0]    ; line 86 error A2108: use of register assumed to ERROR

ADD ESP,14h             ;throw away remainder of ERR structure made earlier
RET

;This simple handler is called by the system when the divide by zero
;occurs.In this handler the user is given a choice of swallowing the
;exception by jumping to the safe-place, or not dealing with it at all,
;in which case the system will send the exception to the FINAL_HANDLER

HANDLER:

;save registers as required by Windows

PUSH EBX
PUSH EDI
PUSH ESI
MOV EBX,[EBP+8]         ;get exception record in ebx
MOV EAX,[EBX+4]         ;get flag sent by the system
TEST AL,1h              ;see if its a non-continuable exception
JNE short nodeal

;JNZ >.nodeal           ;yes, so not allowed by system to touch it
TEST AL,2h              ;see if its the system unwinding
JNE  short unwind             ;yes
PUSH 24h                ;question mark + YES/NO buttons
PUSH offset Except1
push offset Except
CALL MessageBoxA        ;wait till button pressed
CMP EAX,6               ;see if yes clicked
JNE short nodeal             ;no -line 113 orig. jnz

; go to SAFE_PLACE

MOV ESI,[EBP+10h]       ;get register context record in esi
MOV EDI,[EBP+0Ch]       ;get pointer to ERR structure in edi
MOV [ESI+0C4h],EDI      ;insert new esp (happens to be pointer to ERR)
MOV EAX,[EDI+8]         ;get address of SAFE_PLACE given in ERR structure
MOV [ESI+0B8h],EAX      ;insert that as new eip in register context
MOV EAX,[EDI+14h]       ;get ebp at safe place given in ERR structure
MOV [ESI+0B4h],EAX      ;insert that as new ebp in register context
XOR EAX,EAX             ;eax=0 reload context and return to system

jmp short fin
;JMP > fin

unwind:

PUSH 40h                ;exclamation sign + ok button only
PUSH offset Except1
PUSH offset Unwind
PUSH 0
CALL MessageBoxA        ;wait till ok pressed, then return eax=1

nodeal:

MOV EAX,1               ;eax=1 system to go to next handler

fin:

POP ESI
POP EDI
POP EBX
RET

CLEAR_UP:               ;all clearing up would be done here

RET
;
FINAL_HANDLER:          ;system passes EXCEPTION_POINTERS

PUSH EBX
PUSH EDI
PUSH ESI        ;save registers as required by Windows
CALL CLEAR_UP
PUSH 40h                ;exclamation sign + ok button only
PUSH offset Except2
PUSH offset FATALMESS
CALL MessageBoxA        ;wait till ok pressed
MOV EAX,1               ;terminate process without showing system message box
POP ESI
pop EDI
pop EBX
RET



end

added code blocks - donkey

[Magnum]

you have to put ASSUME FS:NOTHING right after START: in your MASM version. Since MASM always assumes the FS register to ERROR, you have to remove that assumption before you execute any code requiring that segment register. GoAsm does not have an equivalent to the assume directive (a useless obfuscation anyway) so you will not find it in GoAsm code.


Edgar

I got the source to compile.

When I ran it through the debugger,
it stops at the div instruction.

Ollydbg won't let me "step into" or "step over."

I don't know what to try next.


;*********************** and now lets cause the exception ..

XOR ECX,ECX             ;set ecx to zero
DIV ECX                 ;divide by zero, causing exception

[jj2007]

XOR ECX,ECX             ;set ecx to zero
DIV ECX                 ;divide by zero, causing exception

Olly allows you to temporarily change the div ecx to e.g. nop. Click on div ecx, hit Space, type nop and hit Enter. Then F7 to proceed...

[Magnum]

XOR ECX,ECX             ;set ecx to zero
DIV ECX                 ;divide by zero, causing exception

Olly allows you to temporarily change the div ecx to e.g. nop. Click on div ecx, hit Space, type nop and hit Enter. Then F7 to proceed...

I tried it. It jumps around and ends up closing, but no message boxes appear.

I even tried replacing the Divide by Zero with cli, and the same thing happens.

I guess I will study seh.asm since it does show exception handlers.

I just don't understand.

No matter what assembler is used, it all has to end up as the same machine code.

How can I get the machine code of a program?

If it's necessary to solve this mystery, I will go thru every line and compare it with the .exe that works.

Andy

[Magnum]

I opened up the except1.exe(compiled using Goasm) in a hex editor.

I found some text including the web page for goasm.
Interesting thing is, it doesn't show up in a debugger. ??

Maybe code obfuscation or pecularities of the compiler.
I love assembly because it's "like a box of chocolates..."

Andy

[BlackVortex]

I opened up the except1.exe(compiled using Goasm) in a hex editor.

I found some text including the web page for goasm.
Interesting thing is, it doesn't show up in a debugger. ??

Maybe code obfuscation or pecularities of the compiler.
I love assembly because it's "like a box of chocolates..."

Andy

Added by the linker at the DOS header   :toothy

I was bored and made a patcher to untag my exes/dlls (not sharing it)

Maybe there should be a switch to keep the header cleaner. I don't like my exes to look like graffiti walls under a hex editor  :green2