Author Topic: Help :((  (Read 10207 times)

Offline shellc0de

  • Jr. Member
  • *
  • Posts: 12
Help :((
« on: December 30, 2012, 01:25:14 PM »
hi i have make some simple NASM code that use Beep win function i put in C program like string in hex and i hear beep but when i try to run in in console i  don't hear anything. I think that i can't hear beep because CMD is 16bits :P but what else i can use?

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Help :((
« Reply #1 on: December 30, 2012, 09:34:19 PM »
You'll probably need to show us what you've tried - my crystal ball is still on Christmas break! :)

Best,
Frank


Offline shellc0de

  • Jr. Member
  • *
  • Posts: 12
Re: Help :((
« Reply #2 on: December 31, 2012, 08:51:14 AM »
This is the NASM code
Code: [Select]
[BITS 32]
xor eax,eax
mov ax, 1000
push eax
push eax
mov eax, 0x7c837a7f
call eax
If i try run thic code in console or double click nothing. :P
And this is C code(shellcode)
P.S:Beep is windows function that has addres(at my pc :D) 0x7c837a7f And Beep function have two parametars Beep(1000,1000); 1st. Lantency 2nd.Freqfrency
Code: [Select]
#include <stdio.h>

char shellcode[]="\x31\xc0\x66\xb8\xe8\x03\x50\x50\xb8\x7f\x7a\x83\x7c\xff\xd0";

int main()
{
    int(*func)();
    func=(int (*)()) shellcode;
    (int)(*func)();

}

The C code works fine.I hear a beep,but when i run assembler code i can't hear anything :P char shellcode[] is converted assembler into hex.
« Last Edit: December 31, 2012, 08:53:39 AM by shellc0de »

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Help :((
« Reply #3 on: December 31, 2012, 10:41:55 AM »
Well, I'd be surprised to learn that the "Beep" function is reliably at that address, but if it works, it works.

The only way I can imagine your OS condescending to run your program from console or clickee-clickee is if it's being treated as a .com file - doesn't have the executable header to be anything else. That would mean that, although you've told Nasm "bits 32", the CPU is interpreting it as 16-bit code (as you suspect). Try "ndisasm -b16" vs "ndisasm -b32" to see the difference.

Well... depends on how you assembled and linked it. Perhaps if you linked it into a PE executable... You'd need "global start" and a "start:" label, I think. It would almost certainly crash - unless you know the address where ExitProcess lives, and call it - but you MIGHT hear a beep first...

Best,
Frank