NASM - The Netwide Assembler
NASM Forum => Programming with NASM => Topic started by: melviii100 on August 24, 2014, 07:01:39 AM
-
when i try following program to pop up message box in my windows 32 bit system using NASM i get error.
section .myText progbits alloc exec write align=16
global _WinMain@16
_WinMain@16:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
jmp short GetLibrary
LibraryReturn:
pop ecx
mov BYTE [ecx+10], dl
mov ebx, 0x76d62fe4
push ecx
call ebx
jmp short FunctionName
FunctionReturn:
pop ecx
xor edx, edx
mov BYTE [ecx+11], dl
push ecx
push eax ; handle to the module user32.dll
mov ebx, 0x76d616b9 ; GetProcAddress
call ebx
; now eax has the procAddress of 'MessageBoxA'
jmp short Message
MessageReturn:
pop ecx
xor edx, edx
mov BYTE [ecx+16] , dl
push edx
push ecx
push ecx
push edx
call eax ;MessageBoxA(windowhandle,msg,title,type)
ender:
xor edx,edx
push eax
mov eax, 0x76d63176 ;exitprocess(exitcode);
call eax
Message:
call MessageReturn
db 'hello am melvin!'
FunctionName:
call FunctionReturn
db 'MessageBoxAN'
GetLibrary:
call LibraryReturn
db 'user32.dllN'
i compiled
C:\SHELL>nasm -f win32 -o msgbox.o msgbox.asm
C:\SHELL>ld -o msgbox.exe msgbox.o
i doesn't show any error, but when i run this,
"i get windows Debug window- with a message: 'messagebox.exe' has stopped working' "
Now i disabled ASLR. And i found this is the problem.
Unhandled exception at 0x00404003 in Sample.exe: 0xC0000005: Access violation writing location 0x00404019.
00404003 C6 41 05 00 mov byte ptr [ecx+10],0
so how can i get rid of AV. i edited bcdedit.exe. but doesn't work
in linux when i try this,
section .myText progbits alloc exec write align=16
it was working but in windows, doesn't.
-
deleted
EDIT: uups, I hadn't taken a closer look at your code, sorry.
-
You are hard-coding system addresses. You should probably Google for Address Space Layout Randomization.
-
You are hard-coding system addresses. You should probably Google for Address Space Layout Randomization.
Now i disabled ASLR. And i found this is the problem.
Unhandled exception at 0x00404003 in Sample.exe: 0xC0000005: Access violation writing location 0x00404019.
00404003 C6 41 05 00 mov byte ptr [ecx+10],0
so how can i get rid of AV. i edited bcdedit.exe. but doesn't work
in linux when i try this,
section .myText progbits alloc exec write align=16
it was working but in windows, doesn't.
-
Attempting to do injection via shell code is a grey area here and we prefer not to provide guidance.
However, I'll provide two links that may be applicable:
http://en.wikipedia.org/wiki/Data_Execution_Prevention (http://en.wikipedia.org/wiki/Data_Execution_Prevention)
http://en.wikipedia.org/wiki/No_execute_bit (http://en.wikipedia.org/wiki/No_execute_bit)
I suggest that you seek guidance from another site that would be more accommodating to your requests.
-
Attempting to do injection via shell code is a grey area here and we prefer not to provide guidance.
i just wanna learn the things, Thats it. How others does the things, wanna know that. Not for offensive purpose. If you know that just give me suggestion to overcome the problem..please