Microsoft Inline Assembler [Archive] - RCE Messageboard's Regroupment

View Full Version : Microsoft Inline Assembler

OHPen

January 24th, 2010, 13:34

Hi,

atm I'm writing a few functions in microsofts inline assembler using visual studio. probably most of you already did the same. Regarding the ms inline assembler i have a question.
masm for example allows it to use structure definitions which enables you to use something like this:

mov TPos[0].x,1

Its pretty neat to address struct members like that. I would love to do so in microsoft inline assembler as well!

Any idea how to achieve that ?

Thank you ;D

Regards,
OHPen

PS: I just found a solution for my problem. In microsoft inline assembler is obviously rather easy to use structs.
Look like this:

Code:



typedef struct const_data_area

{

	byte teste;

	DWORD a;

	DWORD b;

} const_data_area_t;



__declspec(naked) void __stdcall afunction(void)

{	

	__asm

	{		

		pusha

		pushf

teste:

		mov eax, teste

		push  [eax].b

As you can see there is nothing you have to do. Simply use it. Nice, isn't it ? ;D

OHPen

January 24th, 2010, 16:18

I was wrong, seems not to work ;(

OHPen

January 24th, 2010, 17:04

Finally I got it!
The problem was that one of my structs had the same name like a label i defined. It seems that this somehow mess up with the name resolving.
I renamed the struct and it is working:

Now looks like that:

Code:



typedef struct const_data_area

{

	byte	str_LoadLibraryA[64];

	byte	str_ns_config_dll[64];

	DWORD	original_entry_point;

} const_data_area_t;



__declspec(naked) void __stdcall afunction(void)

{	

	__asm

	{		

		pusha

		pushf		

		jmp		delta

ldseg:

		_emit   'L'    // byte str_LoadLibraryA[64];

		_emit   'o'

		_emit   'a'

		_emit   'd'

		_emit   'L'

		_emit   'i'

		_emit   'b'

		_emit   'r'

		_emit   'a'

		_emit   'r'

		_emit   'y'

		_emit   'A'

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00

		_emit   0x00



		_emit   'n'		//byte str_ns_config_dll[64];

		_emit   's'

		_emit   '_'

		_emit   'c'

		_emit   'o'

                         ......

Thats how i use it:

Code:



mov edi, ldseg

lea edi, [edi].str_LoadLibraryA

Now i can write POS-Code with embedded data segment in microsoft inline assembler! Great ;D

disavowed

January 25th, 2010, 11:45

Wouldn't it be simpler to use "call delta" instead of "jmp delta", and then "pop edi; lea edi, [edi].str_LoadLibraryA" instead of "mov edi, ldseg; lea edi, [edi].str_LoadLibraryA"

This way you wouldn't need to use the ldseg label.

OHPen

January 25th, 2010, 17:01

@disavowed: yeah maybe that would be "simpler" ;D, but on the other hand I would have to fix the stack afterwards calling delta, because i never want to return execution after the call. obviously because there is my data segment located and not code.

regards,
OHPen

disavowed

January 25th, 2010, 17:32

Oops, fixed my comment above