It is currently Fri Apr 03, 2020 4:32 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: [DONE] [Tailbite PR 1.878][PB 4.30 x64] Unclear FAsm error
PostPosted: Thu Dec 25, 2008 8:22 am 
Offline
Addict
Addict

Joined: Sun May 15, 2005 5:15 am
Posts: 1027
Location: Australia
Compiling droopy's lib (using the same code used on the 4.30 x86 version) after commenting out a beep_() call, I get this error

Quote:
FAsm: Shared\ImpersonateUserRunasHidden.asm

flat assembler version 1.67.26 (xxxx kilobytes memory)
Functions\Shared\ImpersonateUserRunasHidden.asm [14]:


assuming the 14 is a line number, the line reads
Quote:
Extrn qword [rsp+296]


whole asm file:
Code:
format MS64 COFF

Public Droopy_ImpersonateUserRunasHidden


Extrn SYS_FastAllocateString4
Extrn PB_Left
Extrn SYS_StringEqual
Extrn SYS_CopyString
Extrn SYS_AllocateString4
Extrn PB_OpenLibrary
Extrn PB_GetFunction
Extrn SYS_ToUnicode
Extrn qword [rsp+296]
Extrn PB_CloseLibrary
Extrn SYS_FreeString
Extrn PB_StringBasePosition
Extrn Droopy__S1
Extrn PB_StringBase
Extrn Droopy__S2
Extrn Droopy__S3
Extrn Droopy_v_PasswordG
Extrn Droopy_v_DomainG
Extrn Droopy_v_UsernameG
Extrn Droopy_v_ImpersonateUserRunAsHandle
Extrn Droopy_v_ImpersonateUserRunAsId


section '.text' code readable executable

Droopy_ImpersonateUserRunasHidden:
MOV    qword [rsp+8],rcx
MOV    qword [rsp+16],rdx
PUSH   rbp
PUSH   r15
PS40=240
MOV    rdx,22
.ClearLoop:
SUB    rsp,8
MOV    qword [rsp],0
DEC    rdx
JNZ   .ClearLoop
SUB    rsp,40
MOV    rdx,[rsp+PS40+0]
LEA    rcx,[rsp+40]
SUB    rsp,16
CALL   SYS_FastAllocateString4
ADD    rsp,16
MOV    rdx,[rsp+PS40+8]
LEA    rcx,[rsp+48]
SUB    rsp,16
CALL   SYS_FastAllocateString4
ADD    rsp,16
;
; Wichtel modifié par Droopy ( n'exécutait pas d'argument de l'exe )
; 16/02/05 /  ; PB 3.92
; Execute Runas avec paramètre
; renvoie 0 si : commande inexistante / username ou Password incorrect
; Renvoie 1 si tout s'est bien passé
; 17/04/05 : Modif via L() -> plus simple / Ajout dans la Lib ImpersonateUser
; Runas ne peut être lancé en mode Impersonate actif ( on désactive avant !! )
; 1.31.2: added compilerif's to try and make better with unicode
; 1.31.3 (10/11/06): was giving invalid memory access errors, declared prototype to make it work in unicode and ascii modes
; 1.31.3 - (PB4.01 version) moved globals out of procedure (also done on some other functions)
;1.31.4 - may need full path to exe
;
;
; lpProcessInfo.PROCESS_INFORMATION
LEA    rax,[rsp+56]
; lpStartUpInfo.STARTUPINFO
LEA    rax,[rsp+80]
;
; Ajoute un espace au début de l'argument
; If Left(Argument,1)<>" "
PUSH   qword [PB_StringBasePosition]
ADD    rsp,-8
PUSH   qword [PB_StringBasePosition]
PUSH   qword 1
PUSH   qword [rsp+80]
POP    rcx
POP    rdx
POP    r8
ADD    rsp,-32
CALL   PB_Left
ADD    rsp,40
INC    qword [PB_StringBasePosition]
MOV    rcx,Droopy__S1
POP    rdx
MOV    qword [PB_StringBasePosition],rdx
ADD    rdx,[PB_StringBase]
SUB    rsp,16
CALL   SYS_StringEqual
ADD    rsp,16
OR     rax,rax
JNE   _EndIf5
; Argument=" "+Argument
PUSH   qword [PB_StringBasePosition]
MOV    rcx,Droopy__S1
ADD    rsp,-40
CALL   SYS_CopyString
ADD    rsp,40
MOV    rcx,qword [rsp+56]
ADD    rsp,-40
CALL   SYS_CopyString
ADD    rsp,40
LEA    rcx,[rsp+56]
POP    rdx
CALL   SYS_AllocateString4
; EndIf
_EndIf5:
;
; retour=0
MOV    qword [rsp+184],0
;
; advapi = OpenLibrary(#PB_Any, "ADVAPI32.DLL")
MOV    rax,Droopy__S2
PUSH   rax
PUSH   qword -1
POP    rcx
POP    rdx
ADD    rsp,-32
CALL   PB_OpenLibrary
ADD    rsp,32
MOV    qword [rsp+192],rax
; If advapi
CMP    qword [rsp+192],0
JE    _EndIf7
; CreateProcessWithLogon.CreateProcessWithLogonW = GetFunction(advapi, "CreateProcessWithLogonW")
MOV    rax,Droopy__S3
PUSH   rax
PUSH   qword [rsp+200]
POP    rcx
POP    rdx
ADD    rsp,-32
CALL   PB_GetFunction
ADD    rsp,32
MOV    qword [rsp+200],rax
; If CreateProcessWithLogon(UsernameG, DomainG, PasswordG, 0,CommandLine,Argument,0,0,#Null,@lpStartUpInfo,@lpProcessInfo) <> 0
ADD    rsp,-8
LEA    rax,[rsp+64]
MOV    rax,rax
PUSH   rax
LEA    rax,[rsp+96]
MOV    rax,rax
PUSH   rax
PUSH   qword 0
PUSH   qword 0
PUSH   qword 0
MOV    rcx,qword [rsp+96]
SUB    rsp,32
CALL   SYS_ToUnicode
ADD    rsp,32
PUSH   rax
MOV    rcx,qword [rsp+96]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
PUSH   qword 0
MOV    rcx,qword [Droopy_v_PasswordG]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
MOV    rcx,qword [Droopy_v_DomainG]
SUB    rsp,32
CALL   SYS_ToUnicode
ADD    rsp,32
PUSH   rax
MOV    rcx,qword [Droopy_v_UsernameG]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
POP    rcx
POP    rdx
POP    r8
POP    r9
ADD    rsp,-32
CALL   qword [rsp+296]
ADD    rsp,96
MOV    r15,rax
AND    r15,r15
JE    _EndIf9
; retour=1
MOV    qword [rsp+184],1
; EndIf
_EndIf9:
; CloseLibrary(advapi)
PUSH   qword [rsp+192]
POP    rcx
ADD    rsp,-32
CALL   PB_CloseLibrary
ADD    rsp,32
; EndIf
_EndIf7:
;
;/ Set the Process Handle of the Run Program in ImpersonateUserRunAsHandle (Global)
; ImpersonateUserRunAsHandle= lpProcessInfo\hProcess
LEA    rbp,[rsp+56]
PUSH   qword [rbp]
POP    rax
MOV    dword [Droopy_v_ImpersonateUserRunAsHandle],eax
;/ Set the Process id of the Run Program in ImpersonateUserRunAsHandle (Global)
; ImpersonateUserRunAsId.l= lpProcessInfo\dwProcessId
MOVSXD rax,dword [rbp+16]
PUSH   rax
POP    rax
MOV    dword [Droopy_v_ImpersonateUserRunAsId],eax
;
; ProcedureReturn retour
MOV    rax,qword [rsp+184]
JMP   _EndProcedure41
;
; EndProcedure
XOR    rax,rax
_EndProcedure41:
PUSH   rax
MOV    rcx,qword [rsp+48]
SUB    rsp,32
CALL   SYS_FreeString
ADD    rsp,32
MOV    rcx,qword [rsp+56]
SUB    rsp,32
CALL   SYS_FreeString
ADD    rsp,32
POP    rax
ADD    rsp,216
POP    r15
POP    rbp
RET


The function uses prototypes if that's any help

_________________
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 25, 2008 9:02 am 
Offline
Addict
Addict

Joined: Sun May 15, 2005 5:15 am
Posts: 1027
Location: Australia
No error when import is used (needs polib to generate a complete advapi32.lib)

_________________
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jan 05, 2009 7:09 pm 
Offline
Addict
Addict

Joined: Sat Apr 10, 2004 1:20 pm
Posts: 1143
Location: Germany
do you have a snippet, please :wink:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jan 06, 2009 4:23 am 
Offline
Addict
Addict

Joined: Sun May 15, 2005 5:15 am
Posts: 1027
Location: Australia
oops.
Code:
Prototype.l CreateProcessWithLogonW(lpUsername.p-unicode, lpDomain.p-unicode, lpPassword.p-unicode, dwLogonFlags,lpApplicationName.p-unicode, lpCommandLine.p-unicode,dwCreationFlags, lpEnvironment, lpCurrentDirectory,  *lpStartupInfo.STARTUPINFO,*lpProcessInfo.PROCESS_INFORMATION)

Procedure ImpersonateUserRunasHidden(CommandLine.s,Argument.s)
  lpProcessInfo.PROCESS_INFORMATION
  lpStartUpInfo.STARTUPINFO
 
  ; Ajoute un espace au début de l'argument
  If Left(Argument,1)<>" "
    Argument=" "+Argument
  EndIf
 
  retour=0
 
  advapi = OpenLibrary(#PB_Any, "ADVAPI32.DLL")
  If advapi
    CreateProcessWithLogon.CreateProcessWithLogonW = GetFunction(advapi, "CreateProcessWithLogonW")   
    If CreateProcessWithLogon(UsernameG, DomainG, PasswordG, 0,CommandLine,Argument,0,0,#Null,@lpStartUpInfo,@lpProcessInfo) <> 0
      retour=1
    EndIf
    CloseLibrary(advapi)
  EndIf
 
  ;/ Set the Process Handle of the Run Program in ImpersonateUserRunAsHandle (Global)
  ImpersonateUserRunAsHandle= lpProcessInfo\hProcess
  ;/ Set the Process id of the Run Program in ImpersonateUserRunAsHandle (Global)
  ImpersonateUserRunAsId.l= lpProcessInfo\dwProcessId
 
  ProcedureReturn retour
 
EndProcedure

_________________
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jan 06, 2009 8:10 pm 
Offline
Addict
Addict

Joined: Sat Apr 10, 2004 1:20 pm
Posts: 1143
Location: Germany
should be fixed with this version : http://www.tailbite.com/downloads/TailBiteV1.3PR1.879.zip


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Jan 11, 2009 4:42 am 
Offline
Addict
Addict

Joined: Sun May 15, 2005 5:15 am
Posts: 1027
Location: Australia
Confirmed (to compile), thank you

_________________
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye