Hi guys,
do you know where I can find Windows Low Level Assembly examples programs?
I have some exemples using macros (NASM, MASM) but I want pure assembly, in order I can build a shellcode later.
Thanks a lot guys!
+1
A:
Doing Windows GUI stuff in assembly language is a lot of work. This is why the examples you've found use macros - it takes away some of the pain.
If you really want pure assembly language, a great way is to ask your compiler. Write some C code to call CreateWindow or whatever, and then generate an assembly listing from the compiler (or step through it with a debugger).
Greg Hewgill
2010-09-28 03:52:09
I've tried to do so... but the compiler does some crazy stuffs... it's difficult to follow... there too many Windows API calls. I'm trying to do so using ollydbg, but even so I'm not been able to do it...
Skidgirl
2010-09-28 03:58:11
It's best first to see other's code. But instead of ollydbg or any debugger, a static code analysis with IDA is much better. (There is free version available).
ruslik
2010-09-28 07:48:03
+1
A:
If by "pure assembly" you mean "not done as a macro or library" then this is what you have to do:
- download the masm32 package
- check through the copius amount of samples, there will be many using
CreateWindoworCreateWindowEx - start your own program
- link in
windows.h - use the
invokemacro to callCreateWindoworCreateWindowEx - if you don't want to use
invokethen justpushthe parameters onto the stack andcallthe functions directly - as this is what invoke does for you anyway
You can also get lots of help using the MASM package from the masm forum.
slugster
2010-09-28 03:56:32
The poster wants "pure assembly", yet you suggest the most macro-heavy assembly package out there? :P - btw, you should fix "MASM package" to "MASM32 package", there's a big difference between the two.
snemarch
2010-09-28 12:26:52
@snemarch, the macros are there, but you don't have to use them. For instance, i told the OP how to avoid the *invoke* macro. FYI, the MASM32 package is Steve Hutchesson's packaging up of the MASM compiler with a bunch of other tools, libraries and tutorials. I am well aware of the differences - i used to be a mod on that forum. So stop nit-picking.
slugster
2010-09-28 21:02:46
Calling it "the MASM package" is incorrect, though, and makes it sound like it's a Microsoft-supplied/supported package... which it isn't.
snemarch
2010-09-29 06:03:36
@snemarch, we are still splitting hairs with this, but let's be even more exact: redistribution rights for the MASM assembler were granted to Steve by MS. So it isn't **supported** by MS, but redistribution rights were **gifted** by MS. Steve also makes it totally clear in the doco that MS do not actively support the versions he distributes, and that they have absolutely no commitment for the package as a whole - hence my comment that the people on the forum offer the help/support. I think we've beaten this dead horse enough now...
slugster
2010-09-29 06:30:14
All I'm objecting to is not calling things by their right name; I always found it misrepresentative to choose the name "MASM32" for the package anyway, but let's leave it at that.
snemarch
2010-09-29 06:48:39
+1
A:
The best way to really (and quickly) learn win32 assembly is to decompile simple win32 programs. You could download lena's reversing tutorials from tutsforyou.com. Alternative you could tryout the reverse me's from osix.net - they have some pretty straight forward programs for you to reverse, and the best part is you get to see the masm32 sourcecode after completing the level.
tools: ollydbg, masm32 etc.
books: win32 assembler coding by Goppit, the arteam's PE compendium, intel developers handbook
hxxp://osix.net
hxxp://tuts4you.com/download.php?list.17
hxxp://www.intel.com/products/processor/manuals/
kny8mare
2010-09-28 10:02:50
+1
A:
This tutorial might be usefull for you: winamtut
Also this topic in MASM forum is great too.
If your architeture is x64 so try this link too.
And finally if you're interested in some theory, maybe this link could be nice.
jyzuz
2010-09-28 12:16:34