Post by JGCASEYI am still keen to spend time learning some Windows
assembler as it can only make it easier to understand
how the Win32 APIs are used.
Forget about all the second level documentation. For
the processor use the processor manuals from Intel or
AMD and for the Win32 API use the documentation at msdn.com.
If you really want to know what happens within an exe file,
select a small exe file (I used write.exe which comes with
Windows) and the exe file format specification and try
to identify any byte within the exe. Remove anything which
isn't necessary for a minimal executable. Then step by step
add additional API calls and save the documentation for this
API functions so you get your own API handbook for all the
API calls you used. But I very fast lost interest in Win32
assembly programming, because it mostly is a sequence of
API calls and nothing I would call "assembly programming".
It is much more fun to directly access the hardware in a
DOS program (even if only emulated by Windows in V86 mode).
Here the source of such a miniumal Win32 console program:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; STDINOUT.mac: copy stdin to stdout and convert all upper case ;;
;; letter to lower case ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
UseIdatSection=0 ; 0 if no idat section is used
UseUdatSection=0 ; 0 if no udat section is used
;#==================================================================#
;# Start of Headers #
;#==================================================================#
; +--------------------------------------------+
; | Start of DOS Header |
; +--------------------------------------------+
; DOS .EXE header
dc.b 'MZ' ; Magic number
dc.w dosfilesize\512 ; Bytes on last page of file (0->512)
dc.w (dosfilesize-1)/512+1
; Pages in file (Page=512 byte)
dc.w 0 ; Relocations (nr of entries)
dc.w doshead_end/16 ; Size of header size in paragraphs (16 byte)
dc.w 0 ; Minimum extra paragraphs needed
dc.w $ffff ; Maximum extra paragraphs needed
dc.w 0 ; Initial (relative) SS value (ss=load_adr+nr)
dc.w dosstack ; Initial SP value
dc.w 0 ; Checksum
dc.w dosmain ; Initial IP value
dc.w 0 ; Initial (relative) CS value (cs=load_adr+nr)
dc.w reloc ; File address of relocation table
dc.w 0 ; Overlay number
dc.w 0,0,0,0 ; Reserved words
dc.w 0 ; OEM identifier (for e_oeminfo)
dc.w 0 ; OEM information; e_oemid specific
dc.l 0,0,0,0,0 ; Reserved words
dc.l WinHeader ; File address of new exe header
reloc:
doshead_end:
@=$0
dosmain:move.w s6,-(sp)
move.w (sp)+,s0
move.w #_text,r1
move.b #$09,m0
trap #$21
move.w #$4c01,r0
trap #$21
_text: dc.b 'Nice to meet somebody who is still using DOS,',13,10
dc.b 'but his program requires Win32.',13,10,'$'
even 16
dosstack=@+256 ; 256 Byte stack
dosfilesize=@+256
; +--------------------------------------------+
; | End of DOS Header |
; +--------------------------------------------+
; +--------------------------------------------+
; | Start of Windows Header |
; +--------------------------------------------+
ImageBase== $00400000
SectionAlignment== 4096
FileAlignment== 512
WinHeader=@@
@=ImageBase
; see WINNT.H for information
dc.b 'PE',0,0 ; magic word
; _IMAGE_FILE_HEADER:
dc.w $014c ; Machine ($014c=Intel x86 processor)
dc.w NumberOfSections ; NumberOfSections
dc.l $36a57950 ; TimeDateStamp (seconds since 31.12.69 16:00)
dc.l 0 ; PointerToSymbolTable
dc.l 0 ; NumberOfSymbols
dc.w SizeOfOptionalHeader ; SizeOfOptionalHeader
dc.w $010f ; Charcteristics
; 0x0001 Relocation info stripped from file.
; 0x0002 File is executable (i.e. no unresolved externel references).
; 0x0004 Line nunbers stripped from file.
; 0x0008 Local symbols stripped from file.
; 0x0010 Agressively trim working set
; 0x0080 Bytes of machine word are reversed.
; 0x0100 32 bit word machine.
; 0x0200 Debugging info stripped from file in .DBG file
; 0x0400 If Image is on removable media, copy and run from the swap file.
; 0x0800 If Image is on Net, copy and run from the swap file.
; 0x1000 System File.
; 0x2000 File is a DLL.
; 0x4000 File should only be run on a UP machine
; 0x8000 Bytes of machine word are reversed.
@a=@ ; _IMAGE_OPTIONAL_HEADER
dc.w $010b ; Magic
dc.b 5 ; MajorLinkerVersion
dc.b 12 ; MinorLinkerVersion
dc.l SizeOfCode ; SizeOfCode
dc.l SizeOfInitializedData ; SizeOfInitializedData
dc.l SizeOfUninitializedData ; SizeOfUninitializedData
dc.l winmain-ImageBase ; AddressOfEntryPoint
dc.l BaseOfCode ; BaseOfCode
dc.l BaseOfData ; BaseOfData
dc.l ImageBase ; ImageBase
dc.l SectionAlignment ; SectionAlignment
dc.l FileAlignment ; FileAlignment
dc.w 4 ; MajorOperatingSystemVersion
dc.w 0 ; MinorOperatingSystemVersion
dc.w 0 ; MajorImageVersion
dc.w 0 ; MinorImageVersion
dc.w 4 ; MajorSubsystemVersion
dc.w 0 ; MinorSubsystemVersion
dc.l 0 ; Win32VersionValue
dc.l SizeOfImage ; SizeOfImage
dc.l SizeOfHeaders ; SizeOfHeaders
dc.l 0 ; CheckSum
dc.w 3 ; Subsystem
; 0: Unknown subsystem.
; 1: Image doesn't require a subsystem.
; 2: Image runs in the Windows GUI subsystem.
; 3: Image runs in the Windows character subsystem.
; 5: image runs in the OS/2 character subsystem.
; 7: image run in the Posix character subsystem.
; 8: image run in the 8 subsystem.
dc.w $0000 ; DllCharacteristics
dc.l $00100000 ; SizeOfStackReserve
dc.l $00001000 ; SizeOfStackCommit
dc.l $00100000 ; SizeOfHeapReserve
dc.l $00001000 ; SizeOfHeapCommit
dc.l $00000000 ; LoaderFlags
dc.l NumberOfRvaAndSize ; NumberOfRvaAndSize (entries
; in the data dir)
; ..............................................
; : Start of Image Data Directory :
; ..............................................
; virtual address, size
@b=@
dc.l 0,0 ; Export Directory
dc.l imp_start,imp_size ; Import Directory
dc.l 0,0 ; Resource Directory
dc.l 0,0 ; Exception Directory
dc.l 0,0 ; Security Directory
dc.l 0,0 ; Base Relocation Table
dc.l 0,0 ; Debug Directory
dc.l 0,0 ; Description String
dc.l 0,0 ; Machine Value (MIPS GP)
dc.l 0,0 ; TLS Directory
dc.l 0,0 ; Load Configuration Directory
dc.l 0,0 ; Bound Import Directory in headers
dc.l iat_start,iat_size ; Import Address Table
dc.l 0,0 ; 14
dc.l 0,0 ; 15
dc.l 0,0 ; 16
NumberOfRvaAndSize = (@-@b)/8
SizeOfOptionalHeader = @-@a
; ..............................................
; : End of Image Data Directory :
; ..............................................
; ..............................................
; : Start of Image Sections Header :
; ..............................................
@a=@
dc.b '.text',0,0,0 ; name
dc.l VSizeOf_text ; virtual size
dc.l VBaseOf_text ; virtual address
dc.l FSizeOf_text ; size of raw data
dc.l FBaseOf_text ; pointer to raw data
dc.l 0 ; pointer to relocatins
dc.l 0 ; pointer to line numbers
dc.w 0 ; number of relocations
dc.w 0 ; number of line numbers
dc.l $e0000020 ; characteristics
IF UseIdatSection
dc.b '.idat',0,0,0 ; name
dc.l VSizeOf_idat ; virtual size
dc.l VBaseOf_idat ; virtual address
dc.l FSizeOf_idat ; size of raw data
dc.l FBaseOf_idat ; pointer to raw data
dc.l 0 ; pointer to relocatins
dc.l 0 ; pointer to line numbers
dc.w 0 ; number of relocations
dc.w 0 ; number of line numbers
dc.l $e0000040 ; characteristics
ENDIF
IF UseUdatSection
dc.b '.udat',0,0 ; name
dc.l VSizeOf_udat ; virtual size
dc.l VBaseOf_udat ; virtual address
dc.l FSizeOf_udat ; size of raw data
dc.l FBaseOf_udat ; pointer to raw data
dc.l 0 ; pointer to relocatins
dc.l 0 ; pointer to line numbers
dc.w 0 ; number of relocations
dc.w 0 ; number of line numbers
dc.l $e0000080 ; characteristics
ENDIF
NumberOfSections=(@-@a)/40
; ..............................................
; : End of Image Sections Header :
; ..............................................
; characteristics
; 0x00000020 // Section contains code.
; 0x00000040 // Section contains initialized data.
; 0x00000080 // Section contains uninitialized data.
; 0x00000200 // Section contains comments or some other type of information.
; 0x00000800 // Section contents will not become part of image.
; 0x00001000 // Section contents comdat.
; 0x01000000 // Section contains extended relocations.
; 0x02000000 // Section can be discarded.
; 0x04000000 // Section is not cachable.
; 0x08000000 // Section is not pageable.
; 0x10000000 // Section is shareable.
; 0x20000000 // Section is executable.
; 0x40000000 // Section is readable.
; 0x80000000 // Section is writeable.
; +--------------------------------------------+
; | End of Windows Header |
; +--------------------------------------------+
evencom FileAlignment
SizeOfHeaders==@@
;#==================================================================#
;# End of Headers #
;#==================================================================#
;#==================================================================#
;# Start of Sections #
;#==================================================================#
; +--------------------------------------------+
; | Start of .text Section |
; +--------------------------------------------+
FBaseOf_text==@@
VBaseOf_text==(@-ImageBase+SectionAlignment-1)/SectionAlignment*SectionAlignment
BaseOfCode==VBaseOf_text
@=ImageBase+VBaseOf_text
; ..............................................
; : Start of Thunk Table :
; ..............................................
iat_start=@-ImageBase
USER32_thunk:
MessageBoxA:: dc.l USER32_MessageBoxA -ImageBase
dc.l 0
KERNEL32_thunk:
ExitProcess:: dc.l KERNEL32_ExitProcess -ImageBase
GetStdHandle:: dc.l KERNEL32_GetStdHandle -ImageBase
ReadFile:: dc.l KERNEL32_ReadFile -ImageBase
WriteFile:: dc.l KERNEL32_WriteFile -ImageBase
dc.l 0
iat_size=@-ImageBase-iat_start
; ..............................................
; : End of Thunk Table :
; ..............................................
; ..............................................
; : Start of Import Directory :
; ..............................................
imp_start==@-ImageBase
imp:
dc.l USER32_import -ImageBase
dc.l 0
dc.l 0
dc.l USER32_name -ImageBase
dc.l USER32_thunk -ImageBase
dc.l KERNEL32_import -ImageBase
dc.l 0
dc.l 0
dc.l KERNEL32_name -ImageBase
dc.l KERNEL32_thunk -ImageBase
dc.l 0
dc.l 0
dc.l 0
dc.l 0
dc.l 0
imp_size==@-imp
; ..............................................
; : End of Import Directory :
; ..............................................
USER32_name:
dc.b 'USER32.dll',0
even
USER32_import:
dc.l USER32_MessageBoxA -ImageBase
dc.l 0
even
USER32_MessageBoxA:
dc.w 0
dc.b 'MessageBoxA',0
even
KERNEL32_name:
dc.b 'KERNEL32.dll',0
even
KERNEL32_import:
dc.l KERNEL32_ExitProcess -ImageBase
dc.l KERNEL32_GetStdHandle -ImageBase
dc.l KERNEL32_ReadFile -ImageBase
dc.l KERNEL32_WriteFile -ImageBase
dc.l 0
even
KERNEL32_ExitProcess:
dc.w 0
dc.b 'ExitProcess',0
even
KERNEL32_GetStdHandle:
dc.w 0
dc.b 'GetStdHandle',0
even
KERNEL32_ReadFile:
dc.w 0
dc.b 'ReadFile',0
even
KERNEL32_WriteFile:
dc.w 0
dc.b 'WriteFile',0
even
; ..............................................
; : Start of Code :
; ..............................................
label_block
seg32
winmain::
loop: bsr.l getc ; get char from stdin
cmp.l #-1,r0 ; EOF
bne.b _10 ; branch if not
moveq.l #0,-(sp)
jsr.l (ExitProcess) ; exit program
_10: cmp.b #'A',r0
blo.b _20
cmp.b #'Z',r0
bhi.b _20
add.b #'a'-'A',r0
_20: bsr.l putc ; write char to stdout
br.b loop ; go on
putc: move.l r0,-(sp)
move.b r0,_buf
eor.l r0,r0
add.l _handle,r0
bne.b _10
moveq.l #-11,-(sp)
jsr.l (GetStdHandle)
move.l r0,_handle
_10: moveq.l #0,-(sp)
move.l #_count,-(sp)
moveq.l #1,-(sp)
move.l #_buf,-(sp)
move.l r0,-(sp)
jsr.l (WriteFile)
or.l r0,r0
bne.b _20
_30: moveq.l #0,-(sp)
move.l #_text,-(sp)
move.l #_text,-(sp)
moveq.l #0,-(sp)
jsr.l (MessageBoxA)
moveq.l #0,-(sp)
jsr.l (ExitProcess)
_20: cmp.l #1,_count
bne.b _30
move.l (sp)+,r0
rts.l
_buf: dc.b 0
_text: dc.b 'write error',0
even4
_handle:dc.l 0
_count: dc.l 0
getc: eor.l r0,r0
add.l _handle,r0
bne.b _10
moveq.l #-10,-(sp)
jsr.l (GetStdHandle)
move.l r0,_handle
_10: moveq.l #0,-(sp)
move.l #_count,-(sp)
moveq.l #1,-(sp)
move.l #_buf,-(sp)
move.l r0,-(sp)
jsr.l (ReadFile)
or.l r0,r0
bne.b _20
moveq.l #0,-(sp)
move.l #_text,-(sp)
move.l #_text,-(sp)
moveq.l #0,-(sp)
jsr.l (MessageBoxA)
moveq.l #0,-(sp)
jsr.l (ExitProcess)
_20: movu.bl _buf,r0
cmp.l #1,_count
beq.b _30
move.l #-1,r0
_30: rts.l
_buf: dc.b 0
_text: dc.b 'read error',0
even4
_handle:dc.l 0
_count: dc.l 0
; ..............................................
; : End of Code :
; ..............................................
VSizeOf_text==@-Imagebase-VBaseOf_text
@a=@
evencom FileAlignment
@=@a
FSizeOf_text==@@-FBaseOf_text
SizeOfCode==FSizeOf_text
; +--------------------------------------------+
; | End of .text Section |
; +--------------------------------------------+
; +--------------------------------------------+
; | Start of .idat Section |
; +--------------------------------------------+
FBaseOf_idat==@@
VBaseOf_idat==(@-ImageBase+SectionAlignment-1)/SectionAlignment*SectionAlignment
BaseOfData==VBaseOf_idat
@=ImageBase+VBaseOf_idat
; Insert initialized variables here (and set UseIdatSection=1
; at the top of this file). Because the code section is set
; r/w-able, you can put initialized variables also into the
; code section.
; var1: dc.l 0
; var2: dc.l $12345678
VSizeOf_idat==@-Imagebase-VBaseOf_idat
@a=@
evencom FileAlignment
@=@a
FSizeOf_idat==@@-FBaseOf_idat
; +--------------------------------------------+
; | End of .idat Section |
; +--------------------------------------------+
SizeOfInitializedData==FSizeOf_idat
; +--------------------------------------------+
; | Start of .udat Section |
; +--------------------------------------------+
FBaseOf_udat==@@
VBaseOf_udat==(@-ImageBase+SectionAlignment-1)/SectionAlignment*SectionAlignment
@=ImageBase+VBaseOf_udat
; Insert uninitialized variables here (and set UseUdatSection=1
; at the top of this file). Because the code section is set
; r/w-able, you can put uninitialized variables also at the END
; of the code section.
; buf1: blk.l 10
; buf2: blk.l 200
VSizeOf_udat==@-Imagebase-VBaseOf_udat
@a=@
evencom FileAlignment
@=@a
FSizeOf_udat==@@-FBaseOf_udat
; +--------------------------------------------+
; | End of .udat Section |
; +--------------------------------------------+
SizeOfUninitializedData==VSizeOf_udat
SizeOfImage==(@-ImageBase+SectionAlignment-1)/SectionAlignment*SectionAlignment
;#==================================================================#
;# End of Sections #
;#==================================================================#