Author Topic: Access Violation error in NASM, when try to write into .myText segment in window  (Read 14505 times)

Offline melviii100

  • Jr. Member
  • *
  • Posts: 8
when i try following program to pop up message box in my windows 32 bit system using NASM i get error.
Code: [Select]
section .myText progbits alloc exec write align=16
global  _WinMain@16
_WinMain@16:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx

jmp short GetLibrary
LibraryReturn:
pop ecx
mov BYTE [ecx+10], dl
mov ebx, 0x76d62fe4
push ecx
call ebx

jmp short FunctionName

FunctionReturn:
pop ecx
xor edx, edx
mov BYTE [ecx+11], dl
push ecx
push eax ; handle to the module user32.dll
mov ebx, 0x76d616b9 ; GetProcAddress
call ebx
; now eax has the procAddress of 'MessageBoxA'
jmp short Message


MessageReturn:

pop ecx
xor edx, edx
mov BYTE [ecx+16] , dl
push edx
push ecx
push ecx
push edx
call eax ;MessageBoxA(windowhandle,msg,title,type)

ender:
xor edx,edx
push eax
mov eax, 0x76d63176 ;exitprocess(exitcode);
call eax

Message:
call MessageReturn
db 'hello am melvin!'

FunctionName:
call FunctionReturn
db 'MessageBoxAN'


GetLibrary:
call LibraryReturn
db 'user32.dllN'


i compiled
Code: [Select]
C:\SHELL>nasm -f win32 -o msgbox.o msgbox.asm

C:\SHELL>ld -o msgbox.exe msgbox.o

i doesn't show any error, but when i run this,
"i get windows Debug window- with a message: 'messagebox.exe' has stopped working' "

Now i disabled ASLR. And i found this is the problem.
Unhandled exception at 0x00404003 in Sample.exe: 0xC0000005: Access violation writing location 0x00404019.
00404003 C6 41 05 00 mov byte ptr [ecx+10],0
so how can i get rid of AV. i edited bcdedit.exe. but doesn't work

in linux when i try this,

section .myText progbits alloc exec write align=16

it was working but in windows, doesn't.
« Last Edit: August 25, 2014, 05:01:16 AM by melviii100 »

Offline gammac

  • Jr. Member
  • *
  • Posts: 71
  • Country: 00
deleted

EDIT: uups, I hadn't taken a closer look at your code, sorry.
« Last Edit: August 24, 2014, 02:03:09 PM by gammac »
Please comment your code! It helps to help you.

Offline Rob Neff

  • Forum Moderator
  • Full Member
  • *****
  • Posts: 429
  • Country: us
You are hard-coding system addresses.  You should probably Google for Address Space Layout Randomization.

Offline melviii100

  • Jr. Member
  • *
  • Posts: 8
You are hard-coding system addresses.  You should probably Google for Address Space Layout Randomization.

Now i disabled ASLR. And i found this is the problem.
Unhandled exception at 0x00404003 in Sample.exe: 0xC0000005: Access violation writing location 0x00404019.
00404003 C6 41 05 00 mov byte ptr [ecx+10],0
so how can i get rid of AV. i edited bcdedit.exe. but doesn't work

in linux when i try this,

section .myText progbits alloc exec write align=16

it was working but in windows, doesn't.
« Last Edit: August 25, 2014, 05:01:28 AM by melviii100 »

Offline Rob Neff

  • Forum Moderator
  • Full Member
  • *****
  • Posts: 429
  • Country: us
Attempting to do injection via shell code is a grey area here and we prefer not to provide guidance.

However, I'll provide two links that may be applicable:

http://en.wikipedia.org/wiki/Data_Execution_Prevention

http://en.wikipedia.org/wiki/No_execute_bit

I suggest that you seek guidance from another site that would be more accommodating to your requests.

Offline melviii100

  • Jr. Member
  • *
  • Posts: 8
Attempting to do injection via shell code is a grey area here and we prefer not to provide guidance.

i just wanna learn the things, Thats it. How others does the things, wanna know that. Not for offensive purpose. If you know that just give me suggestion to overcome the problem..please