/-----------------------------\ | Xine - issue #2 - Phile 010 | \-----------------------------/ Coding in 32 bit assembly for win95 by jhb Most information for coding in Windows is done in C++ or other high level languages. This leaves the virii writer, traditionally someone who codes in Assembly, at a loss. To make matters worse even VxD's are being written in C++ or worse Visual C. MS is making Assembly information harder to get and less needed for the average programmer. Well with some digging into the DDK's information and SDK it is possible to remedy this and translate the C information into usable Assembly format. With the advent of tasm5 and masm6 would be 32 bit assembly coders are blessed with the ability to "easily" use Win32 Api with a minimum of work. Here is a small do nothing win32 code which beleive it or not will compile to 4096 bytes... yeesh talk about "Fatware" .386 .model flat extrn ExitProcess:PROC .data ;the data area dummy db 0 .code ;executable code starts here HOST: push LARGE -1 ;equ to int 20 com dos file call call ExitProcess ;ends the program end HOST Now if we check the Docs for a C program to call ExitProcess ExitProcess( UINT uExitCode) Simply put this means the the return exit code is place on the stack and then the API is called. Ok lets try one that returns info and needs more then one item push on the stack. int MessageBox(HWND hwndOwner, LPCTSTR lpszText, LPCTSTR lpszTitle, UINT ustyle) lpszText simple means some text ending in a 00h (oops the A at the end of the MessageBox means Ascii, if W it means unicode, all the routines that could deal with text have a A or W at the end just to confuse us) lpszTitle some text to be used as the title and ending in 00h int in front means that something will be returned to us in the EAX reg * important thing to know here is we push the items from last to first* * so the style flags will be first then the title ... * Ok but the book now says possible choices are MB_OK and a list of others well dig abit into the SDK winuser.h and this pops up * MessageBox() Flags */ #define MB_OK 0x00000000L #define MB_OKCANCEL 0x00000001L #define MB_ABORTRETRYIGNORE 0x00000002L #define MB_YESNOCANCEL 0x00000003L #define MB_YESNO 0x00000004L #define MB_RETRYCANCEL 0x00000005L ok so we push 0000000 for a style flag and we get the ok button so that should make the Assembly call look like below Now this is simple a call to creata a pop up message box its in user32.dll but all we need to do in tasm5.0 is define this extrn MessageBoxA:PROC then mov eax, 0 ;this is the style push eax ; mov eax, offset title ; points to a zero ended string push eax ; mov eax,offset mess ; points to a zero ended string push eax ; mov eax,0 ; this should be the handle push eax ;of the owner window Iam telling ;win95 there is no owner call MessageBoxA ; ok call away As for the return int it will be in EAX in this case you could check eax and you should get IDOK or 1 which says the ok button was hit again this was found in winuser.h * Dialog Box Command IDs */ #define IDOK 1 #define IDCANCEL 2 #define IDABORT 3 #define IDRETRY 4 #define IDIGNORE 5 #define IDYES 6 #define IDNO 7 Well I admit there is much more to this Win32 assembly stuff but this basic info should allow anyone with some time to write 32Assembly code with a minimal of problems. It is alot like finding a empty house to explore, I know as a kid I love to explore and play with things. This exploring of Win32 assembly is just as fun . ;) Read Vlad for more info on assembly for windows sadly thats the only other place I have seen this topic expored in reasonable language. I suspect that if MS could a law requiring people to be tested and registered before Assmblers were sold to them, they would. Assembly coders have to much power over their code for MS to feel safe besides only in Assembly can you see what they at MS do not want you to see. ;) Have fun and if you find anything interesting while your exploring drop me some e-mail.