Wednesday, August 24, 2011

Assembly Without the Macros

I've recently gotten back into assembly again. My first discovery was that Windows 7 64-bit no longer supports 16-bit applications. It's a shame, since I really like the one to one aspect of a flat assembly file.

My second discovery was that there was a lot of macros and include files involved in assembly programming for Windows. I'm not really into assembly to not know what's going on. Quite the opposite actually.

One of the WIN32 examples that comes with FASM, is a Hello World:
include 'win32ax.inc'
.code
  start:
    invoke MessageBox,HWND_DESKTOP,"Text","Caption",MB_OK
    invoke ExitProcess,0
.end start

Not that includes and macros aren't very handy, but to see what was really going on, I changed it into this:
format pe gui
section '.code' code readable executable
  start:
  ;invoke  MessageBox,HWND_DESKTOP,"Message","Caption",MB_OK
  push 0              ;MB_OK
  push caption
  push message
  push 0              ;HWND_DESKTOP
  call [MessageBox]
  ;invoke  ExitProcess,0
  push 0
  call [ExitProcess]

section '.data' data readable writeable
  message db 'Text',0
  caption db 'Caption',0

section '.idata' import data readable writeable
  dd 0,0,0,rva kernel_name,rva kernel_table
  dd 0,0,0,rva user32_name,rva user32_table

  kernel_table:
    ExitProcess dd rva _ExitProcess
    dd 0

  user32_table:
    MessageBox dd rva _MessageBox
    dd 0

  kernel_name db 'KERNEL32.DLL',0
  user32_name db 'USER32.DLL',0

  _ExitProcess dw 0
    db 'ExitProcess',0
  _MessageBox dw 0
    db 'MessageBoxA',0
I left the old invokes as comments to show what the invokes are really doing.
You are of course still using the Windows API, but at least now you know what code is actually being assembled.

No comments: