Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Konstantin Malyarov2016-05-04 15:49:51
C++ / C#
Konstantin Malyarov, 2016-05-04 15:49:51

WinAPI + ASM + CreateFile but no file?

format PE console 5.0

include 'win32ax.inc'

        invoke CreateFile,hello,0,GENERIC_WRITE,TRUE,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,0
        invoke ExitProcess,0

hello db 'C:\\helloworld.txt',0

data import
 
 library kernel32,'KERNEL32.DLL'
 
 import kernel32,\
    ExitProcess,'ExitProcess',\
    CreateFile,'CreateFileA'
end data

Everything seems to be correct.
Log data
Address   Message
          OllyDbg v2.00.01

          Console file 'C:\Users\Free\Desktop\fasm\Exem\test6.EXE'
          New process (ID 00001BB0) created
00401000  Main thread (ID 00000240) created
00100000  Unload module 00100000
76710000  Unload module 76710000
00100000  Unload module 00100000
00410000  Unload module 00410000
00400000  Module C:\Users\Free\Desktop\fasm\Exem\test6.EXE
            Code size in header is too large
764F0000  Module C:\WINDOWS\SYSTEM32\KERNELBASE.dll
            Different PE headers in file and in memory
            (System update is pending?)
76710000  Module C:\WINDOWS\SYSTEM32\KERNEL32.DLL
            Different PE headers in file and in memory
            (System update is pending?)
77E20000  Module C:\WINDOWS\SYSTEM32\ntdll.dll
            Different PE headers in file and in memory
            (System update is pending?)
00401000  Entry point of main module
7659DD84  Access violation when reading [00000005] - Shift+Run/Step to pass exception to the program

This is the debugger log.
What's wrong again?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily, 2016-05-04
@Foolleren

Of course, I'm not a specialist in assembler, especially since there are a lot of varieties of them with some syntax differences.
but is it generally normal that you first close the process, and then make the file?
and the debugger says almost in Russian that the headers in the file are different from those in the RAM (is the library old?)

Similar questions
I
Igor Nistakov2015-06-11 12:25:50
What does this sign ≡ mean in computer science? 1Reply
D
Danil Kumarov2017-06-23 20:11:32
How can you get other font-weight fonts from one regular? 2Reply
L
lavezzi12015-07-26 08:54:34
What is the best way to implement authorization for only one user? 3Reply
W
westakof2019-12-12 15:45:07
How to remap f8 key to option+M on Macbook? 1Reply
N
netwbit2017-07-23 18:12:45
How to make a fixed left menu? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question