Only 2 errors from SUCCESS!!!

[ic2]

I modified this code to make things a lot easier to work with.  Thank to the help here i manage to narrow it don't to two error shown in red.  This is all that is causing the problem.  Can someone translate those two line to POASM style coding.


PUSH [ESP] Line No   49
MOV  WORD PTR CX, [EAX] Line No  194

I attached the asm file.

Code Select Expand

;.386
;.model flat,stdcall
;option casemap:none

;INCLUDE    \poasm\include\windows.inc

;INCLUDE    \poasm\include\comdlg32.inc
;INCLUDELIB \poasm\lib\comdlg32.lib


.386
.model flat,stdcall
option casemap:none

INCLUDE    \masm32\include\windows.inc

INCLUDE    \masm32\include\comdlg32.inc
INCLUDELIB \masm32\lib\comdlg32.lib

; ------ EQU'S ------
MIN_KERNEL_SEARCH_BASE    EQU 070000000h
MAX_API_STRING_LENGTH     EQU 150

; ------ CONST ------
.CONST
szLoadLibrary             DB "LoadLibraryA",0
szGetProcAddress          DB "GetProcAddress",0
szExitProcess             DB "ExitProcess",0

szUser32                  DB "user32",0
szMessageBox              DB "MessageBoxA",0
szwsprintf                DB "wsprintfA",0

; ------ DATA ------
.DATA
_LoadLibrary              DD 0
_GetProcAddress           DD 0
_ExitProcess              DD 0
_MessageBox               DD 0
_wsprintf                 DD 0

dwKernelBase              DD 0
dwUserBase                DD 0

; ------ CODE ------
.CODE
main:
;---- GET ImageBase of kernel32.dll ----
[color=Red]PUSH [ESP][/color]
CALL GetKernelBase
OR   EAX, EAX
JZ   QUIT
MOV  dwKernelBase, EAX

;---- GET SOME KERNEL API ADDRESSES ----
;-> LoadLibraryA
PUSH OFFSET szLoadLibrary
PUSH dwKernelBase
CALL GetProcAddr
OR   EAX, EAX
JZ   QUIT
MOV  _LoadLibrary, EAX

;-> GetProcAddress
PUSH OFFSET szGetProcAddress
PUSH dwKernelBase
CALL GetProcAddr
OR   EAX, EAX
JZ   QUIT
MOV  _GetProcAddress, EAX

;-> ExitProcess
PUSH OFFSET szExitProcess
PUSH dwKernelBase
CALL GetProcAddr
OR   EAX, EAX
JZ   QUIT
MOV  _ExitProcess, EAX

;---- LOAD USER32.DLL ----
PUSH OFFSET szUser32
CALL _LoadLibrary
OR   EAX, EAX
JZ   QUIT
MOV  dwUserBase, EAX

;---- GET SOME USER API ADDRESSES ----
;-> MessageBoxA
PUSH OFFSET szMessageBox
PUSH dwUserBase
CALL GetProcAddr
OR   EAX, EAX
JZ   QUIT
MOV  _MessageBox, EAX

PUSH 0
PUSH 0
PUSH OFFSET _MessageBox
PUSH 0
CALL _MessageBox

;-> wsprintfA
PUSH OFFSET szwsprintf
PUSH dwUserBase
CALL GetProcAddr
OR   EAX, EAX
JZ   QUIT
MOV  _wsprintf, EAX

;ADD  ESP, 128

;---- EXIT ----
CALL _ExitProcess      ;)

QUIT:
RET                    ; exit to OS

; ###########################################
; ###########################################
; ################################################################### GET KERNEL BASE
; ################################################################### GET KERNEL BASE

GetKernelBase PROC USES EDI ESI, dwTopStack : DWORD

MOV  EDI, dwTopStack        ; start the search
AND  EDI, 0FFFF0000h        ; wipe the LOWORD !
.WHILE TRUE
   .IF WORD PTR [EDI] == IMAGE_DOS_SIGNATURE
      MOV  ESI, EDI
      ADD  ESI, [ESI+03Ch]
      .IF  DWORD PTR [ESI] == IMAGE_NT_SIGNATURE
.BREAK
      .ENDIF
   .ENDIF
   SUB EDI, 010000h
   .IF EDI < MIN_KERNEL_SEARCH_BASE    ;;;;;;;;;;;;;;;;;;;;;;
      MOV  EDI, 0BFF70000h        ;;;;;;;;;;;;;;;;;;;;;;
   .ENDIF        ;;;;;;;;;;;;;;;;;;;;;;
.ENDW
XCHG EAX, EDI
RET
GetKernelBase ENDP
; ################################################################### GET PROC ADDR
; ################################################################### GET PROC ADDR
GetProcAddr PROC USES ESI EDI ECX EBX EDX, dwDllBase : DWORD, szApi   
MOV  ESI, dwDllBase    ; check PE Signarue
CMP  WORD PTR [ESI], IMAGE_DOS_SIGNATURE
JNZ @@BadExit
ADD  ESI, [ESI+03Ch]
CMP  DWORD PTR [ESI], IMAGE_NT_SIGNATURE
JNZ @@BadExit
;....................................................................................
MOV  EDI, szApi    ; get the string length of the target Api
MOV  ECX, MAX_API_STRING_LENGTH
XOR  AL, AL
REPNZ  SCASB
MOV  ECX, EDI
SUB  ECX, szApi     ; ECX -> Api string length
;....................................................................................
MOV  EDX, [ESI+078h]     ; trace the export table ; EDX -> Export table
ADD  EDX, dwDllBase

mov ebx,IMAGE_EXPORT_DIRECTORY.AddressOfNames[edx]
ADD  EBX, dwDllBase
XOR  EAX, EAX ; EAX AddressOfNames Index
.REPEAT
   MOV EDI, [EBX]
   ADD EDI, dwDllBase
   MOV ESI, szApi
   PUSH ECX ; save the api string length
   REPZ CMPSB
   .IF ZERO?
      .BREAK
   .ENDIF
   POP ECX
   ADD EBX, 4
   INC EAX
.UNTIL EAX == IMAGE_EXPORT_DIRECTORY.AddressOfNames[edx]
;....................................................................................
.IF EAX == IMAGE_EXPORT_DIRECTORY.NumberOfNames[edx] ; did we found sth ?

   JMP @@BadExit
.ENDIF
;....................................................................................
MOV  ESI, IMAGE_EXPORT_DIRECTORY.AddressOfNameOrdinals[edx]
ADD  ESI, dwDllBase
PUSH EDX    ; save the export table pointer
MOV  EBX, 2
XOR  EDX, EDX
MUL  EBX
POP  EDX
ADD  EAX, ESI
XOR  ECX, ECX
[color=Red]MOV  WORD PTR CX, [EAX][/color]   ; ECX -> Api Ordinal
;....................................................................................
MOV  EDI, IMAGE_EXPORT_DIRECTORY.AddressOfFunctions[edx]    ; get address of api

XOR  EDX, EDX
MOV  EBX, 4
MOV  EAX, ECX
MUL  EBX
ADD  EAX, dwDllBase
ADD  EAX, EDI
MOV  EAX, [EAX]
ADD  EAX, dwDllBase
JMP  @@ExitProc
   @@BadExit:
XOR  EAX, EAX
   @@ExitProc:
RET
GetProcAddr ENDP

end main


Also Vortex how do you translate this type of ASSUME to POASM.

Code Select Expand

SehHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
MOV  EAX, pContext
[color=Red]ASSUME EAX : PTR CONTEXT[/color]
PUSH SEH.SaveEip
POP  [EAX].regEip
PUSH SEH.OrgEsp
POP  [EAX].regEsp
PUSH SEH.OrgEbp
POP  [EAX].regEbp
MOV  EAX, ExceptionContinueExecution
RET
SehHandler ENDP

[ic2]

Heres the POASM zip file.

[attachment deleted by admin]

[ic2]

When using the FIRST kernel.zip with i uploaded with MASM32...

If you assemble with POASM version 1.0.12.0 this file will use the masm made object file and create the executionable.  Not exactly what should be done but it works.  It will spit out the Please tell Microsoft about this problem dialog. Click don't send and it will assemble the file anyway.

If you use the new POASM version 1.0.30.0 with the masm made object file it will only spit out more errors and The contact Microsoft about this problem dialog will not display and the file will not assemble.

OK

For beginner i thing there got to be a bug in both POASM because if you think about it why would you get an error at the very beginning of the code with such a simple push?

.CODE
main:

   PUSH [ESP]

[ic2]

I been at it all night.  There is a lot of information about ASSUME here at this forum when you read everything you see instead of just scanning through it.  But sometime you have to be told because we all think there may be a hole somewhere.  Serious coders have founded them for years.

Anyway, my final few questions about this goes out to Pelle.  Hopefully he do still moderate here from time to time.

I got to use FS register at the very lease so will you someday be including a Segment override or something so that we can use it or is it just to difficult to include i POASM at this time?  Is there a work around?  If so where can I find that information?

Thank you

[hutch--]

Pelle may be on holidays as its the tail end of summer. What has me tossed is what is all the hassle over, I know you have had two (2) viable methods of doing this task sugested to you and you already know that ASSUME is not supported in POASM. You can also directly code the structure from the known address by putting the address into a register and then dereferencing it with variable offsets. Something like this.

Code Select Expand


mov edx, pStruct  ; the structure address
mov eax, [edx]    ; copy 1st member into register
mov ecx, [edx+4]  ; edx plus the offset to the next struct member etc ...


This is all that an assembler does when it uses a structure from an address.

[japheth]

For beginner i thing there got to be a bug in both POASM because if you think about it why would you get an error at the very beginning of the code with such a simple push?

.CODE
main:

   PUSH [ESP]

It's not a simple push, because you don't supply a size qualifier. What about

Code Select Expand


PUSH dword ptr [ESP]


instead?

and this code

Code Select Expand


MOV  WORD PTR CX, [EAX]


may be better coded as

Code Select Expand


mov cx, word ptr [eax]


[ic2]

Don't think for a minute that all your responses are not appreciated.  I'm working too many hours daily and too tired to move.

I'm definitely have made the switch to POASM because of these suggestion.

I am happy that there is an assembler that is capable of assembling masm code without too much hassle.  It's the greatest thing since slice bread.

Before taking the plunge, i had to be sure that it work with some complicated code like y0da kernel and such.  Im not that good of a coder, but it prove to be the perfect example at lease for me anyway.

I and maybe many others can live with-out accessing segment registers like (FS:) .  But Still, we need to know how to replace difference standard masm ways of ASSUMING in as many ways as she do it, as possible.

Here another example suggested by Synfire that works as an replacement code for this type masm code.

MOV  EAX, pContext
ASSUME EAX : PTR CONTEXT

Code Select Expand

;SehHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
; MOV  EAX, pContext
; ASSUME EAX : PTR CONTEXT
; PUSH SEH.SaveEip
; POP  [EAX].regEip
; PUSH SEH.OrgEsp
; POP  [EAX].regEsp
; PUSH SEH.OrgEbp
; POP  [EAX].regEbp
; MOV  EAX, ExceptionContinueExecution
; RET
;SehHandler ENDP



TRANSLATED TO:

SehHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
MOV EAX, pContext
PUSH SEH.SaveEip
POP [EAX].CONTEXT.regEip
PUSH SEH.OrgEsp
POP [EAX].CONTEXT.regEsp
PUSH SEH.OrgEbp
POP [EAX].CONTEXT.regEbp
MOV EAX, ExceptionContinueExecution
RET
SehHandler ENDP

Isn't it nice to know for a newbee or casual coders like myself has founded
faith in masm and POASM just because of this and that.

Now to put icing on the cake... We all been shown that certain masm style coding can be replace with more long awaited common since type coding to work for both masm and poasm when poasm will not assemble some standard masm code that many here know of, raised on, or played with.  But sonme of us never knew what we were really doing.  And to think that i, including a few others, once believed a simple masm32  macros, include file or something would be the only something to make things work.  Have i made myself clear here.

Thanks a lot japheth.  That's what i'm talking about. 

I included, evaluated and tested all of these suggesting and listed them in a work around sheet for referencing.  I will post it to serve as an How-To.  Hopefully someone of caliber do it first.  It's not like i have a modern way of setting it up for real users.

One thing for sure everything work in kernel as long as you don't use (FS:)... So now i can move on.

I hope we see more of this someday soon.  Don't let POASM become a thing of the pass for raw asm programmers.  I'm will not.

I know Pelle is dedicated to c and may be awhile before any changes to his assembler or any pure poasm asm help files.

hutch–
What has me tossed is what is all the hassle over...

A Dream my friend that you started years ago...

I was hoping to get a little response around here from others experience user also.  I already know that you and Vortex works too hard to help us all and i pray it will never stop.. .  I did not want to end up giving up just because of my own lack of knowledge.  I would have tried a million things that would never worked on my own.

So i apology if i came across as mean (and I did tried HARD), sorry.  No way would i miss a beat about this subject, even at all cost where I may end up the loser for life trying to row up the river without a paddle and God forbid that i feel the sting of the ALL Might Paw.... as for my line below no on say it like you do.

That's all that was about... you can loosen OR un-tie your nuts as of.......!@@#$%&^%....*^%$......... NOW   :)

Thank everybody

We stay close no matter what...

[PBrennick]

iC2,
Wow! I made it to the end.  What was that all about anyway?  Maybe you should write a blog.

Paul

[ic2]

Hello Pbrennick

I will keep it short and say read it again and if don't make no since to you don't worry about it... Just be delighted that a fellow programmer is satisfied with what he think he see in this new creation. 

Sure, POASM got a ways to go (simple tighten of nuts and bolts above all) other than that it's doing a dame good job for what i use it for after all the help i recently received in those posts you finally made it to the end of.

What was that all about anyway?

I guest i finally founded my choice of assembler and we all know that is one of the biggest worries (question) ever.

Btw: what are you doing up here when the latest concern is way down there...

Have a great day

[PBrennick]

What is 'up' and what is 'down,' this reference is confusing to me.  As far as you finding an assembler that you enjoy working with, I am glad for you.  I hope he continues to improve it but there is no guarantee.  He deleted most of the posts in the assembly section of his forum and has gone on record as saying he is losing interest in the assembler and wants to concentrate on the C++ stuff.  That is straight from the horses mouth, as the saying goes so be warned.

Paul

[DarkWolf]

If he does decide to not continue work in assembler I hope he releases POASM to the community or to Hutch.
It be a shame to lose an alternative to MASM and one that shown so much promise.

[hutch--]

As I understand, Pelle wrote POASM to be part of the Pelle's C suite and it does that very effectively. It is already a very good assembler but it never claimed to be identical to MASM, even though it is very similar in syntax. Pelle primarily writes a C compiler and if I understand his views on code design, he prefers to do the higher level stuff in C where MASM has the capacity to do reasonably complex stuff as macros.

From a designers point of view, POASM is already a developed tool that delivers assembler code in a competent manner and it can be used in conjunction with his C compiler with no problems at all, its just that it was not designed to be a MASM clone but a tool in its own right. If the interest is there over time, I have no doubt that Pelle will do more things with POASM but in terms of a C compiler suite of tools, apparently Pelle has more pressing things to do to ensure his C compiler keeps up with the changes in design for later OS versions and the like and I know that he has already put a large amount of time into POASM.

[Vortex]

DarkWolf,

I coded some of my tools with POASM and I can tell you that this assembler is a very good tool. It has a powerfull macro engine.With a little effort, you can translate MASM code to POASM.

[DarkWolf]

I wasn't trying to imply that POASM was any sort of clone.
Only that since it can compile MASM code that means a large code base (here in this forum and elsewhere) that has already been written can be used by POASM users. And when I read that he is losing 'interest' in assembler, well that sounded like a death knell to me for the POASM app. I was only trying to voice some support.

[PBrennick]

DarkWolf,
I thought that your comment was a good one and was positive in nature. Could you just imagine how much fun it would be if an open source assembler project was hosted right here!

Paul