News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Some low level questions

Started by G`HOST, January 03, 2006, 07:49:02 PM

Previous topic - Next topic

G`HOST

Hi
1. Is there a way to hide string reference in the prog. so that when     debuged, string references cant be seen?
2.Why every prog i debug, the offset of the first .data reference is at [00403000]?
So taking the clue from here I did this :

.data
     Txt  db "Pure ASM",0
     Cap  db "Pure ASM",0
.code
     push 0
     push DS:[00403000]
     push DS:[00403009]
     push 0
     call MessageBox

and it worked fine.when debugged with Olly the string references cant be seen.Is this the only way?
3.while debugging different apps.I once saw an app which didnt have any string references or any Api calls. :dazzled:
so i debugged user32.dll and tried to follow simple "MessageBoxA" function but couldnt get anywhere.and i dont even know what to google for :toothy In a thread here in the forum it was mentioned that asm programming can be done in  hex editor.can somebody tell me how can it be done.and do we need different compiler to assemble these kind of scripts?

MusicalMike

First of all, not using labels accomplishes nothing other than making things harder. When you assemble your program all the labels will be removed, and the corosponding memory locations put in their place. Labels simple "label" that memory location, hense the term labels. Even if you do use labels, you still won't see any string refferences in the way you might think. You must also realize that there are people out there who are ok at interpreting binary data. For instance, if I disassembled the code you listed, and looked at the binary data in the text section, and I knew the starting address of the data section, I could easily track down and interpret every refference to a string in the program, and I never once need to look for a label (because the labels aren't there). As for that other file you disassembled and didn't find any api calls, I would need to inspect that file before I could tell you what they did. Its posible that the file was encrypted and the disassembly you got from the debugger was garbage. If you would give me this information, I would be more than happy to help you.

Ps. If you really are so sensitive about your programs being disassembled, encrypt your exes. (I can't help you with that because I have never done it). And if you don't mind me asking, what are you writing that requires such security?

P1

Besides making it hard on yourself.  It never stops a determined person who knows what their doing.

Stop a few snoopers, then it challenges the others to figure it out.

Regards,  P1  :8)

G`HOST

Well, I got the Hex part, it just takes a hex editor to convert the script to executable.I copy pasted the hex dump(if thats the right word) from one executable to a new project and made few changes then saved as .exe and it worked fine.But i am still confused how to build the script from the scratch, I will figure that out soon.

Yes the file can be packed with any commercial protector.But i thought there was more to it then using tools.

MusicalMike:
<< And if you don't mind me asking, what are you writing that requires such security?>>
Well i was just curious,I think i am trying to learn too much in too little time.

<<and I knew the starting address of the data section>>
How to know the starting address of the data section ?

MusicalMike

QuoteHow to know the starting address of the data section ?
By looking at the PE Section Headers, which requires special software.

QuoteYes the file can be packed with any commercial protector.But i thought there was more to it then using tools.
For exe encryption? Nope, not really, unless you wish to write the packer program.

QuoteWell i was just curious,I think i am trying to learn too much in too little time.
Nope. You are doing just fine. You seem to have a good grasp on data segments and indexing into them. If you were able to inject code into the exe simply by copying a hex dump, and get it to work, you are definitely ready for the wonderful world if working with pure binary data.

QuoteBut i am still confused how to build the script from the scratch, I will figure that out soon.
Just look up the details on the PE file format and go to town. Just a bit of advice, once you have gotten a few hello world programs writen from scratch to run properly, don't do all your programing in pure hex, because it is not hecessary. Programming hex is nothing more than programming in assembly "the hard way". There is no advantage (appart from being able to show off) to exe files writen in pure "0s and 1s".

Good luck, and have fun... yeh right, well good luck anyway.

NPNW

MusicalMike,

QuoteGood luck, and have fun... yeh right, well good luck anyway.

Couldn't help but LOL  :U When I saw your post. I got this image of a recruiter (you) for Assembly Programmers Inc, sitting across the desk trying to tell some newbie programer how wonderful life is working for Assembly Programmers Inc. Then after they sign the enlistment papers you shaking their hand and say with a straight deadpan face
QuoteGood luck, and have fun... yeh right, well... good luck anyway.

How old are you to be this cynical? It took me at least 6 months of working for a major corporation before I felt this way :bg You gotta laugh or you'll go crazy! Go read some Dilbert comics.



MusicalMike

Believe it or not, I am only 17, and I have only been programming for around 2 years. However in those 2 years, I must have spent over $1000 on programming books. As for my cinical attitude, well, thats just how I am.

NPNW

MusicalMike,

I think that you are doing fantastic. Its great to see that you are doing something so challenging. As far as the cynical attitude I tend to be that way myself so nothing personal about it. Keep up the good work.  :U