modifying an asciiz string

[engpro]

hello i am new here
i am trying to make a .com program in nasm that finds a file and then renames it
my question is this, how do i change the last character in the asciiz string
i think i can use lodsb, butt i dont think i really understand lodsb
i have read about lodsb and what i think i understand is.
putt the asciiz in si
then lodsb will copy a char in to al register

[Frank Kotler]

Hi engpro - welcome aboard!

You are correct (at least mostly)... "lodsb" is equvalent to:

Code: [Select]

mov si, mystring
; lodsb
mov al, [si]
inc si

That's IF the "direction flag" (one of the bits in the "flags register" (or "status register") is pointed "up". It is a reasonable assumption the it's pointed "up" unless you've changed it, but "assumption is the mother of foulup" (I don't want to use the real word here), so to be safe, use "cld" before any of the "string instructions". If the direction flag points "down" ("std" to make this true) si is decremented instead of incremented...

You may not really want to use "lodsb", though. You say you want to change "the last character in the asciiz string". Maybe you mean the last character before the zero, but I suspect what you need to do is change the last character in an "ascii string" to zero to make it an "asciiz string". If you've got "newname" in your code, you can just put a zero there. If you're getting it from the command line, or from user input, it is probably not zero-terminated and you need to make it zero-terminated before using it. (same would apply to "oldname", I guess).

If you have trouble getting your "rename" program to work, post what you're trying, and we can try to help find the "problem(s)". (don't want to "do it for you") You seem to be on the right track, so you can probably get it.

For help with what the instructions do, I've "rescued" the instruction set reference from the "old" Nasm manual:

http://home.myfairpoint.net/fbkotler/nasmdocr.html

This is not the most recent or most complete instruction set reference, but it's in "Nasm syntax" (and I'm used to it ).

For help with dos (and other) interrupts:

http://www.ctyme.com/rbrown.htm

Best,
Frank

[engpro]

thanks for all your help
i have one problem
i wrote this program which is inspired from the giant black book of computer viruses
this program search for files, then it renames the files format from .com to .con
when i assemble the program i get this error

"16 bit ms-dos subsystem
c:\
the NTVDM CPU has encountered an illegal instruction
CS:0538 IP:001d OP:ff ff ff ff ff ff choose close to erminate the applciation"

Code: [Select]

;source name : rename.asm
;executable name : rename.com

[BITS 16] ;set 16 bit code generation
[ORG 100h] ;set code start address to 100h

[section .text]

cld ;clear direction flag
mov ah,1ah ;set our dta area
mov dx,DTA ;and buffer to store dta
int 21H

mov ah,4Eh ; searches DTA for files
mov cx,0fh
mov dx,file ;what files to search for, use [] as offset
int 21h
call RENAME
mov ah,4FH ;search next
int 21H

RENAME:
jc terminate ;if carier end
mov si,DTA + 1EH ;DTA name address to dx
push si
mov di,[REAL_NAME]

STEP:
lodsb ;load char from si to al
stosb ;store char from al to di
or al,al ;if char is null
jnz STEP ;jump if not null
mov word [si-2],'N'
pop di
mov dx,[REAL_NAME]
mov ah,56h ;rename file
int 21H
jc eprint
retn
jmp terminate
eprint:
mov ah,9h
mov dx,emsg
int 21h
terminate:

mov ax, 0x4C
int 21h

[section .data] ;section containing initialized data
file db '*.com',0x00
REAL_NAME times 13 db 0
DTA times 80h db 0 ;address to DTA
emsg db 'cannot rename file$'
thank you again for all the help

[Frank Kotler]

We don't discuss malware here, so we don't need to know where it's "inspired" from. This program - rename .com to .con - is kind of a stupid thing to do, but not actually "malicious"... I guess...

Code: [Select]

mov dx,file ;what files to search for, use [] as offset

This code is right, but the last part of the comment appears misleading...

Code: [Select]

mov di,[REAL_NAME]

This is wrong. You don't want the "[]".      

Code: [Select]

mov dx,[REAL_NAME]

Likewise here. Translated from Masm/Tasm perhaps? When Masm/Tasm says "offset", we don't want the "[]". When Masm/Tasm doesn't say offset (possibly "byte ptr"), we want the "[]". There are exceptions to that, but it's the "general rule". Easy to make an error with this!

I can't test your code at the moment (probably wouldn't anyway - although it would be easy enough to modify this to change it back). I assembled it - came to 238 bytes. So when NTDVM hits an error at cs:0538, we know we're "off in the weeds" not executing intended code. The errors where you use "[contents]" where you wanted address/offset probably account for it.

I guess this is the part you were asking about...

Code: [Select]

mov si,DTA + 1EH ;DTA name address to dx
; comment does not match code

push si
mov di, REAL_NAME ; <- corrected

STEP:
lodsb ;load char from si to al
stosb ;store char from al to di
or al,al ;if char is null
jnz STEP ;jump if not null
mov byte [si-2],'N' ; <- byte, not word!
pop di

You want to move a byte 'N' into position, not a word. That (word) should just overwrite the zero terminator with another zero, so probably won't hurt. Fix loading dx, and I guess it should work.

Please don't post anything more "malicious" than this, okay?

Best,
Frank

[engpro]

thank you so much frank for your help.
i would never do anything harmful
i am just programming for fun in a closed vmware enviorment, where i come from this is legal
butt i understand that using words like malware and virus could be taboo, so i will not use this words as respect to the forum
i just started learning asm, my primary method to learn is to find a program written in tasm or masm
the try to understand it, look up the new memoniccs, and then write it to nasm.
and by doing this in the book i talk about, i learn how to program in asm, and learn how my system work at the smallest level.
i dont se any wrong with this, do you?
thank you again for all your help