MessageBoxA Assembled Windows AT & T

Question

MessageBoxA Assembled Windows AT & T

I am trying to call MessageBoxA () directly in the assembly using gcc inline. However, I need to do this in two ways: first use dynamic addressing, with LoadLibrary () and GetProcAddress () - I found a tutorial about this, trying to follow it. But I'm also interested in directly accessing the MessageBoxA address, which is 0x7e4507ea on my Windows SP3 in English.

I am trying to execute this code:

/* * eax holds return value * ebx will hold function addresses * ecx will hold string pointers * edx will hold NULL * */ int main(int argc, char **argv) { asm(" xor %eax, %eax \t\n\ xor %ebx, %ebx \t\n\ xor %ecx, %ecx \t\n\ xor %edx, %edx \t\n\ push $0x0 \t\n\ push $0x44444444 \t\n\ push $0x44444444 \t\n\ pop %ecx \t\n\ mov %dl,0x3(%ecx) \t\n\ mov $0x7e4507ea, %ebx \t\n\ push %edx \t\n\ push %ecx \t\n\ push %ecx \t\n\ push %edx \t\n\ mov $0x8, %ax \t\n\ call *%ebx \t\n\ "); }

I'm not sure if this is possible in Windows, directly call the address without specifying a library (in this case user32.dll). I know that on Linux it's just called write () syscall, but on Windows I am not familiar yet.

I expect to see a window with the message "DDDDDDDD". Can someone help me with this please? Appreciate any help using the links to textbooks.

thanks a lot

+4

c assembly inline-assembly messagebox dev-c ++

jyz Sep 08 '10 at 19:07

source share

4 answers

James · Answer 1 · 2010-09-08T19:13:13+0000

First write it in C, compile and view the list of assemblies to see what the compiler generates. This is the easiest way to find out. If you see instructions that you don’t understand, look for them in the Intel instruction set help files.

jyz · Answer 2 · 2010-10-18T11:55:14+0000

I did it as follows:

 int main () { asm("xorl %eax, %eax \n" "xorl %ebx, %ebx \n" "xorl %ecx, %ecx \n" "xorl %edx, %edx \n" "pushl %ecx \n" "pushl $0x20206c6c \n" "pushl $0x642e3233 \n" "pushl $0x72657375 \n" "movl %esp, %ecx \n" "movl $0x7c801d7b, %ebx \n" "pushl %ecx \n" "call *%ebx \n" "movl $0xef30675e, %ecx \n" "addl $0x11111111, %ecx \n" "pushl %ecx \n" "pushl $0x42656761 \n" "pushl $0x7373654d \n" "movl %esp, %ecx \n" "pushl %ecx \n" "pushl %eax \n" "movl $0x7c80ae40, %ebx \n" "call *%ebx \n" "movl %esp, %ecx \n" "xorl %edx, %edx \n" "pushl %edx \n" "pushl %ecx \n" "pushl %ecx \n" "pushl %edx \n" "call *%eax \n" "xorl %eax, %eax \n" "pushl %eax \n" "movl $0x7c81cb12, %eax \n" "call *%eax \n" ); }

Even it’s hard to hardcode the addresses of functions hard, I prefer to load dynamically (although I hardcode the kernel32 address), so it works on any Windows XP (SP1, 2, 3)

Jens björnhager · Answer 3 · 2010-09-09T13:14:31+0000

directly call the address

It seems like a big no no. API calls do not have a fixed address. It depends on where in memory it is loaded. Although I am sure that User32.dll loads when the OS starts, I would not expect it to ever occupy the same space.

To call an API procedure, you must import it so that the OS can provide you with the correct address to call.

Msalters · Answer 4 · 2010-09-09T15:09:16+0000

"Directly" calling MessageBoxA is actually not possible. Yes, you can add a call to 0x7e4507ea , but that doesn't really matter. You should add an entry to your import address table that says that you are calling MessageBoxA from user32.dll and from where. When Windows loads your executable file, it will see that you are calling MessageBoxA , load user32.dll for you, and correct the actual address where MessageBoxA ends.

MessageBoxA Assembled Windows AT & T

More articles: