Ensamblador Foro | | | | |  | ¡Hola...
Stehe veces otra vez en el Schlauch.
En folgendem ASM Ver código fuente (Windows2000/XP) va me ZwOpenKey en el Hose. Was mache Yo falso?
KompilierenMarcaSeparación.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I N C L U D E F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
include masm32includew2k
tstatus.inc
include masm32includew2k
tdll.inc
includelib masm32libw2k
tdll.lib
;für Test
include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc
include masm32includedebug.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
includelib masm32libdebug.lib
.data
COUNTED_ANSI_STRING dw 0,0,0,0
ANSI db "RegistryMachineSoftwareMister Root",0
Object_Attrib dd 24,0,0,64,0,0
LSA_Unicode dw 0,518,0,0
Unicode db 0 dup(518)
ACCESS_RIGHTS dd 1
KeyHandle dd 0
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
start:
invoke RtlInitAnsiString,addr COUNTED_ANSI_STRING,addr ANSI
PrintDec eax," Rückgabe von RtlInitAnsiString "
lea ebx,COUNTED_ANSI_STRING
mov ax,[ebx+0]
PrintDec ax," Länge des Strings "
mov ax,[ebx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ebx+4]
PrintStringByAddr eax
lea ebx,LSA_Unicode
mov ax,518
mov [ebx+2],ax
lea eax,Unicode
mov [ebx+4],eax
invoke RtlAnsiStringToUnicodeString,addr LSA_Unicode,addr COUNTED_ANSI_STRING,NULL
PrintDec eax," Rückgabe von RtlAnsiStringToUnicodeString "
lea ebx,LSA_Unicode
mov ax,[ebx+0]
PrintDec ax," Länge des Strings "
mov ax,[ebx+2]
PrintDec ax," Länge des Bereichs "
lea ebx,Object_Attrib
PrintDec ebx," Adresse der Object_Attributes Struktur"
Lea eax,LSA_Unicode
PrintDec eax," Adresse der LSA_Unicode Struktur "
mov [ebx+8],eax
invoke ZwOpenKey,addr KeyHandle,ACCESS_RIGHTS,addr Object_Attrib
PrintDec eax," Rückgabe von ZwOpenKey "
PrintDec KeyHandle,"Handle des Schlüssels "
invoke ZwClose,KeyHandle
PrintDec eax," Rückgabe von ZwClose"
invoke ExitProcess,0
end href='./../../funktionsreferenzen/XProfan/start/'>start
Hier el funktionierende Profano-Ver código fuente dazu:
KompilierenMarcaSeparaciónDef @RtlInitUnicodeString(2) !"NTDLL","RtlInitAnsiString"
Def @RtlInitUnicodeString(2) !"NTDLL","RtlInitUnicodeString"
Def @RtlAnsiStringToUnicodeString(3) !"NTDLL","RtlAnsiStringToUnicodeString"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
DEF @FormatMessage(7) !"KERNEL32","FormatMessageA"
Def @RtlInitAnsiString(2) !"NTDLL","RtlInitAnsiString"
Def @ZwOpenKey(3) !"NTDLL","ZwOpenKey"
Def @ZwClose(1) !"NTDLL","ZwClose"
Def @ZwQueryValueKey(6) !"NTDLL","ZwQueryValueKey"
Declarar LSA_Unicode#,ANSI$,Unicode#,Fehler&,Ansi#
Declarar AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declarar KeyHandle&,Status_Block&,Object_Attributes#,Key_Infos#,Needed&
Windowstyle 31
Título de la ventana "Registryschlüssel auslesen con Kernelmode APIs"
Ventana 0,0-640,440
LET ANSI$="\Registry\Machine\Software\Mister Root"
Dim Ansi#,8
DIM Unicode#,514
DIM LSA_Unicode#,8
WORD LSA_Unicode#,0=0
WORD LSA_Unicode#,2=512
LONG LSA_Unicode#,4=UNICODE#
@RtlInitAnsiString(Ansi#,@ADDR(ANSI$))
LET Fehler&=@RtlAnsiStringToUnicodeString(LSA_Unicode#,Ansi#,0)
Imprimir @Char$(UNICODE#,0,@LEN(ANSI$)*2)
DIM Object_Attributes#,24
Claro Object_Attributes#
Largo Object_Attributes#,0=24
Largo Object_Attributes#,4=0
Largo Object_Attributes#,8=LSA_Unicode#
Largo Object_Attributes#,12=$40
LET FEHLER&=@ZwOpenKey(@ADDR(KeyHandle&),$30019,Object_Attributes#)
Let Fehler&=-2147483646
LET AHRÜCKGABE&=@LsaNtStatusToWinError(Fehler&)
Fehlercode_bestimmen
PRINT "ZwOpenKey: "+AHGETERROR_Buffer$
PRINT "ZwClose: "+AHGETERROR_Buffer$
Disponer Unicode#
Disponer LSA_Unicode#
Disponer Key_Infos#
Mientras que 0=0
Waitinput
wend
End
Proc Fehlercode_bestimmen
DIM AHGETERROR_Buffer#,32000
@FormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode en Landesspezifische Message en.
Let AHGETERROR_Buffer$=@trim$(@STRING$(AHGETERROR_Buffer#,0))
Disponer AHGETERROR_Buffer#
ENDPROC
|
| | | | | | |
| |
Frank
Abbing | | Meldet en me -2147483646. Was genau passt porque no. Yo möchte No el ganzen APIs reinzuziehen necesario. Mister Root tener Yo auch no installiert, schlimm? |
| | | | | | |
| |
Frank
Abbing | mov ax,518
Müsste el no 512 heissen? |
| | | | | | |
| | | Aua, stimmt sí! Der Registrykey, el como geöffnet voluntad se, muß disponible ser. Normalerweise muß como 0 posición - en el Profanversion haut el auch así hin.
Das Problema liegt wohl en ZwOpenKey. Yo mehme veces a, Yo de Profano irgenwas falso übertragen.... |
| | | | | | |
| |
Frank
Abbing | DIM Object_Attributes#,24
Claro Object_Attributes#
Largo Object_Attributes#,0=24
Largo Object_Attributes#,4=0
Largo Object_Attributes#,8=LSA_Unicode#
Largo Object_Attributes#,12=$40
Dieser Teil fehlt. Sieht me wichtig de. |
| | | | | | |
| | | | Yo unos pocos Bytes dazugegeben - a el 518 liegts probablemente no. |
| | | | | | |
| |
Frank
Abbing | | Na, zumindest que aquí: Largo Object_Attributes#,8=LSA_Unicode# |
| | | | | | |
| | | [quote:621fb5c12d=Frank Abbing]DIM Object_Attributes#,24
Claro Object_Attributes#
Largo Object_Attributes#,0=24
Largo Object_Attributes#,4=0
Largo Object_Attributes#,8=LSA_Unicode#
Largo Object_Attributes#,12=$40
Dieser Teil fehlt. Sieht me wichtig de.[/quote:621fb5c12d]
Diese Struktur tener Yo Object_Attrib genannt. Yo nehme auch a, el Yo como irgendwo Mist gebaut habe. |
| | | | | | |
| | | [quote:d53730bdc1=Frank Abbing]Na, zumindest que aquí: Largo Object_Attributes#,8=LSA_Unicode#[/quote:d53730bdc1]
Posesiones Yo así intenta:
KompilierenMarcaSeparación |
| | | | | | |
| | | Irgendwie stehe I el Schlau... 
Wahrscheinlich mache Yo en Declaration el Variables irgeneinen blöden Anfängerfehler, el Yo no erkenne. Wer kann me helfen (hier una vez más qué, qué no va... )
KompilierenMarcaSeparación.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I N C L U D E F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;für Test
include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc
include masm32includedebug.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
includelib masm32libdebug.lib
;include masm32includew2k
tdef.inc
include masm32includew2k
tstatus.inc
include masm32includew2k
tdll.inc
includelib masm32libw2k
tdll.lib
IFNDEF UNICODE_STRING
UNICODE_STRING STRUCT
_Length WORD ? ; len of string in bytes (not chars)
MaximumLength WORD ? ; len of Buffer in bytes (not chars)
Buffer PWSTR ? ; pointer to string
UNICODE_STRING ENDS
PUNICODE_STRING typedef PTR UNICODE_STRING
ENDIF
UNICODE_NULL equ 0
OBJECT_ATTRIBUTES STRUCT ; sizeof = 18h
dwLength DWORD ? ; original name Length
RootDirectory HANDLE ?
ObjectName PUNICODE_STRING ?
Attributes DWORD ?
SecurityDescriptor PVOID ? ; Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService PVOID ? ; Points to type SECURITY_QUALITY_OF_SERVICE
OBJECT_ATTRIBUTES ENDS
.data
MsgCaption db "Iczelions tutorial no.2",0
MsgBoxText db "Win32 Assembly is Great!",0
KeyHandle dd 0
Disposition dd 0
LSA_Unicode dw 512,514,0,0
COUNTED_ANSI_STRING dw 0,0,0,0
ANSI db "RegistryMachineSoftwareMister Root",0
ACCESS_RIGHTS dd 196633
Unicode db 518 dup(?)
.data?
POBJECT_ATTRIBUTES OBJECT_ATTRIBUTES <>
;::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
start:
invoke RtlInitAnsiString,addr COUNTED_ANSI_STRING,addr ANSI
PrintDec eax," Rückgabe von RtlInitAnsiString "
lea ecx,COUNTED_ANSI_STRING
mov ax,[ecx+0]
PrintDec ax," Länge des Strings "
mov ax,[ecx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ecx+4]
PrintStringByAddr eax
lea ecx,LSA_Unicode
lea eax,Unicode
mov [ecx+4],eax
invoke RtlAnsiStringToUnicodeString,addr LSA_Unicode,addr COUNTED_ANSI_STRING,0
PrintDec eax," Rückgabe von RtlAnsiStringToUnicodeString "
lea ecx,LSA_Unicode
mov ax,[ecx+0]
PrintDec ax," Länge des Strings "
mov ax,[ecx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ecx+4]
PrintDec eax," Adresse des Unicode-Strings "
mov POBJECT_ATTRIBUTES.dwLength,24
mov POBJECT_ATTRIBUTES.RootDirectory,NULL
lea ecx,LSA_Unicode
mov POBJECT_ATTRIBUTES.ObjectName,ecx
mov POBJECT_ATTRIBUTES.Attributes,64
mov POBJECT_ATTRIBUTES.SecurityDescriptor,NULL
mov POBJECT_ATTRIBUTES.SecurityQualityOfService,NULL
lea ecx,POBJECT_ATTRIBUTES
PrintDec ecx," Adresse der Object_Attributes Struktur"
lea eax,LSA_Unicode
PrintDec eax," Adresse der LSA_Unicode Struktur "
mov [ecx+8],eax
invoke ZwOpenKey,addr KeyHandle,ACCESS_RIGHTS,addr POBJECT_ATTRIBUTES
;invoke ZwCreateKey,addr KeyHandle,ACCESS_RIGHTS,addr POBJECT_ATTRIBUTES,0,0,0,addr Disposition
PrintDec eax," Rückgabe von ZwOpenKey "
PrintDec KeyHandle,"Handle des Schlüssels "
invoke ZwClose,KeyHandle
PrintDec eax," Rückgabe von ZwClose"
invoke MessageBox, NULL,addr MsgBoxText, addr MsgCaption, MB_OK
invoke ExitProcess,=s2>0
end start
|
| | | | | | |
| | | Bitte greift una blöden MASM Principiante, el sólo una Tag con la lengua umgeht, algo bajo el Arme - sí?  |
| | | | | | |
| | | | Wer me morgen el OBJECT_ATTRIBUTES Struktur una vez más vornehmen. Wäre sí gelacht, si yo el no en el Reihe bekomme. |
| | | | | | |
|
RespuestaThemeninformationenDieses Thema ha 3 subscriber: |
(899)
Deutsch
English
Français
Español
Italia