16 replies to this topic

[plb]

Hello. I am new in Assembly and as usually I wrote Hello world program, I have easily generated executable file using MinGW, but it doesn't run. Here's my code:

section .text

	global _start

_start:

	mov eax,4

	mov ebx,1

	mov ecx,ms

        mov edx,len

	int 80h


	mov eax,0

	mov ebx,1

	int 80h

section .data

	ms: db "hello world", 10

	len: equ 13

I have no idea, what's wrong here. Oh, and I try to run it using Windows.

[Alexander]

It appears you are trying to use a Unix-like interrupt (i.e. for FreeBSD) in a Windows program. You may need to avoid interrupts and use the standard libraries available to you, such as printf.

[RhetoricalRuvim]

Let me get this clear. So you are assembling with NASM and linking with MinGW to produce a .exe file?

If so, .exe files aren't allowed to use input/output instructions like IN, OUT, or INT. The interrupts you're using will only work under Linux or UNIX or similar operating system; Windows, however, prefers its programs to use its own API functions.

Let's say this is a program.
- the .exe header
- the symbol import table

- MessageBoxA from user32.dll (tell the PE Loader to load the address of the function MessageBoxA (ANSI version of MessageBox; unicode version would be MessageBoxW), which is located inside the user32.dll DLL file, to this location.)

- ExitProcess from kernel32.dll (tell the PE Loader to load the address of the function ExitProcess (doesn't have ANSI or Unicode versions - no need for that), which is inside the kernel32.dll DLL, to this location.)

(Then we can call those functions, loaded above, from our code.)

- the code

the program's code...

push dword 0 

push dword the_title 

push dword the_message 

push dword 0 

call [MessageBoxA]     ;; Call the code at the address that is loaded to the symbol 'MessageBoxA' in the symbol import table. 


push dword 0 

call [ExitProcess]     ;; Same idea. 

- the data

the initialized data goes here...

the_title db "This is the message itself.", 0 

the_message db "This is the title of the message box.", 0 

- the bss (initialized to 0; not part of the .exe file, added later by the Windows PE loader)

.....

As you can see, Windows programs have to be structured in a way that tells the Windows PE Loader to save the addresses of the functions that are needed inside "variables" , as opposed to UNIX, where a lot has to be done using those system call interrupts (different operating systems like different approaches).

If you're using the "-fobj" or "-f obj" option in NASM, you can use this syntax to import just about any Win32 (Windows, 32-bit) API (Application Programming Interface) function (/s):

extern MessageBoxA 

extern ExitProcess 


import MessageBoxA user32.dll 

import ExitProcess kernel32.dll 


;; This is the code section now; use 32-bit code: 

section .text use32 

;; Start the program's execution here: 

..start: 


...some code...  


push dword ...whatever the program's exit code should be...  

call [ExitProcess] 


section .data 

msg db "hello world", 0 

...etc...  


section .bss 

just_an_array resd 8 

some_string resb 512 

an_integer resd 1 

...etc...  

If you want to program for Linux or UNIX (or ...), then you could probably still test the programs from a Windows computer if you have some sort of Linux or UNIX (or ...) emulator or run the operating system in a virtual machine; though I don't know any Linux/UNIX/... emulators.

[plb]

Thank you very much.

[mebob]

Actually, you CAN use INT in EXEs. It just won't normally work, because you most likely won't be using it correctly. INT 0x2e is Windows's system call interrupt, but they don't document the functions of it, because they want to be able to change it without causing incompatibilities. Instead, programs go through Windows's DLLs and stuff to use the functions.

PS, here is my source, mostly: A List Of Windows Interrupts - Forums

[untitled_1]

Is it the case that you cant use system calls in Win7 though?

[Gunner]

Yes and no. You cannot use interrupts like you did for DOS /16bit apps. Just about anything you want to do with interrupts can be done with the Windows API. If you want to use interrupts, you will need to write a driver.

[RhetoricalRuvim]

@Gunner: When you say 'driver' , are you talking about Structured Exception Handling (SEH)?

[Gunner]

No, a driver, system driver is the only way to get RING0 access in Win7 + and it has to be signed. That is the only way I know of to use ints, IN/OUT etc...

[untitled_1]

How do i go about writting a driver, can you send me a link to a tutorial or something

[mebob]

I'm pretty sure you can obtain the WDK (you need that for driver programming in Windows) here: How to Get the WDK. I'm sure you'll find tutorial links there too, as it is MSDN.

[Gunner]

To add to mebob, the WDK is the way to go. Has plenty of samples to look through and header files. On 64bit Windows (I think 32bit vista and Win7) the drivers have to be signed AFAIK