Answer the question
In order to leave comments, you need to log in
K
K
Konstantin Malyarov2016-05-04 15:49:51
Konstantin Malyarov, 2016-05-04 15:49:51
WinAPI + ASM + CreateFile but no file?
format PE console 5.0
include 'win32ax.inc'
invoke CreateFile,hello,0,GENERIC_WRITE,TRUE,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,0
invoke ExitProcess,0
hello db 'C:\\helloworld.txt',0
data import
library kernel32,'KERNEL32.DLL'
import kernel32,\
ExitProcess,'ExitProcess',\
CreateFile,'CreateFileA'
end dataEverything seems to be correct.
Log data
Address Message
OllyDbg v2.00.01
Console file 'C:\Users\Free\Desktop\fasm\Exem\test6.EXE'
New process (ID 00001BB0) created
00401000 Main thread (ID 00000240) created
00100000 Unload module 00100000
76710000 Unload module 76710000
00100000 Unload module 00100000
00410000 Unload module 00410000
00400000 Module C:\Users\Free\Desktop\fasm\Exem\test6.EXE
Code size in header is too large
764F0000 Module C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Different PE headers in file and in memory
(System update is pending?)
76710000 Module C:\WINDOWS\SYSTEM32\KERNEL32.DLL
Different PE headers in file and in memory
(System update is pending?)
77E20000 Module C:\WINDOWS\SYSTEM32\ntdll.dll
Different PE headers in file and in memory
(System update is pending?)
00401000 Entry point of main module
7659DD84 Access violation when reading [00000005] - Shift+Run/Step to pass exception to the programThis is the debugger log.
What's wrong again?
1 answer(s)
@Foolleren
V
Vasily, 2016-05-04 @Foolleren
Of course, I'm not a specialist in assembler, especially since there are a lot of varieties of them with some syntax differences.
but is it generally normal that you first close the process, and then make the file?
and the debugger says almost in Russian that the headers in the file are different from those in the RAM (is the library old?)
Similar questions
L
M
D
P
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question