[DONE] [Tailbite PR 1.878][PB 4.30 x64] Unclear FAsm error

TailBite specific forum

Moderators: gnozal, ABBKlaus, lexvictory

lexvictory
Addict
Addict
Posts: 1027
Joined: Sun May 15, 2005 5:15 am
Location: Australia
Contact:

[DONE] [Tailbite PR 1.878][PB 4.30 x64] Unclear FAsm error

Post by lexvictory »

Compiling droopy's lib (using the same code used on the 4.30 x86 version) after commenting out a beep_() call, I get this error
FAsm: Shared\ImpersonateUserRunasHidden.asm

flat assembler version 1.67.26 (xxxx kilobytes memory)
Functions\Shared\ImpersonateUserRunasHidden.asm [14]:
assuming the 14 is a line number, the line reads
Extrn qword [rsp+296]
whole asm file:

Code: Select all

format MS64 COFF

Public Droopy_ImpersonateUserRunasHidden


Extrn SYS_FastAllocateString4
Extrn PB_Left
Extrn SYS_StringEqual
Extrn SYS_CopyString
Extrn SYS_AllocateString4
Extrn PB_OpenLibrary
Extrn PB_GetFunction
Extrn SYS_ToUnicode
Extrn qword [rsp+296]
Extrn PB_CloseLibrary
Extrn SYS_FreeString
Extrn PB_StringBasePosition
Extrn Droopy__S1
Extrn PB_StringBase
Extrn Droopy__S2
Extrn Droopy__S3
Extrn Droopy_v_PasswordG
Extrn Droopy_v_DomainG
Extrn Droopy_v_UsernameG
Extrn Droopy_v_ImpersonateUserRunAsHandle
Extrn Droopy_v_ImpersonateUserRunAsId


section '.text' code readable executable

Droopy_ImpersonateUserRunasHidden:
MOV    qword [rsp+8],rcx
MOV    qword [rsp+16],rdx
PUSH   rbp
PUSH   r15
PS40=240
MOV    rdx,22
.ClearLoop:
SUB    rsp,8
MOV    qword [rsp],0
DEC    rdx
JNZ   .ClearLoop
SUB    rsp,40
MOV    rdx,[rsp+PS40+0]
LEA    rcx,[rsp+40]
SUB    rsp,16
CALL   SYS_FastAllocateString4
ADD    rsp,16
MOV    rdx,[rsp+PS40+8]
LEA    rcx,[rsp+48]
SUB    rsp,16
CALL   SYS_FastAllocateString4
ADD    rsp,16
;
; Wichtel modifié par Droopy ( n'exécutait pas d'argument de l'exe )
; 16/02/05 /  ; PB 3.92
; Execute Runas avec paramètre
; renvoie 0 si : commande inexistante / username ou Password incorrect
; Renvoie 1 si tout s'est bien passé
; 17/04/05 : Modif via L() -> plus simple / Ajout dans la Lib ImpersonateUser
; Runas ne peut être lancé en mode Impersonate actif ( on désactive avant !! )
; 1.31.2: added compilerif's to try and make better with unicode
; 1.31.3 (10/11/06): was giving invalid memory access errors, declared prototype to make it work in unicode and ascii modes
; 1.31.3 - (PB4.01 version) moved globals out of procedure (also done on some other functions)
;1.31.4 - may need full path to exe
;
;
; lpProcessInfo.PROCESS_INFORMATION
LEA    rax,[rsp+56]
; lpStartUpInfo.STARTUPINFO
LEA    rax,[rsp+80]
;
; Ajoute un espace au début de l'argument
; If Left(Argument,1)<>" "
PUSH   qword [PB_StringBasePosition]
ADD    rsp,-8
PUSH   qword [PB_StringBasePosition]
PUSH   qword 1
PUSH   qword [rsp+80]
POP    rcx
POP    rdx
POP    r8
ADD    rsp,-32
CALL   PB_Left
ADD    rsp,40
INC    qword [PB_StringBasePosition]
MOV    rcx,Droopy__S1
POP    rdx
MOV    qword [PB_StringBasePosition],rdx
ADD    rdx,[PB_StringBase]
SUB    rsp,16
CALL   SYS_StringEqual
ADD    rsp,16
OR     rax,rax
JNE   _EndIf5
; Argument=" "+Argument
PUSH   qword [PB_StringBasePosition]
MOV    rcx,Droopy__S1
ADD    rsp,-40
CALL   SYS_CopyString
ADD    rsp,40
MOV    rcx,qword [rsp+56]
ADD    rsp,-40
CALL   SYS_CopyString
ADD    rsp,40
LEA    rcx,[rsp+56]
POP    rdx
CALL   SYS_AllocateString4
; EndIf
_EndIf5:
;
; retour=0
MOV    qword [rsp+184],0
;
; advapi = OpenLibrary(#PB_Any, "ADVAPI32.DLL")
MOV    rax,Droopy__S2
PUSH   rax
PUSH   qword -1
POP    rcx
POP    rdx
ADD    rsp,-32
CALL   PB_OpenLibrary
ADD    rsp,32
MOV    qword [rsp+192],rax
; If advapi
CMP    qword [rsp+192],0
JE    _EndIf7
; CreateProcessWithLogon.CreateProcessWithLogonW = GetFunction(advapi, "CreateProcessWithLogonW")
MOV    rax,Droopy__S3
PUSH   rax
PUSH   qword [rsp+200]
POP    rcx
POP    rdx
ADD    rsp,-32
CALL   PB_GetFunction
ADD    rsp,32
MOV    qword [rsp+200],rax
; If CreateProcessWithLogon(UsernameG, DomainG, PasswordG, 0,CommandLine,Argument,0,0,#Null,@lpStartUpInfo,@lpProcessInfo) <> 0
ADD    rsp,-8
LEA    rax,[rsp+64]
MOV    rax,rax
PUSH   rax
LEA    rax,[rsp+96]
MOV    rax,rax
PUSH   rax
PUSH   qword 0
PUSH   qword 0
PUSH   qword 0
MOV    rcx,qword [rsp+96]
SUB    rsp,32
CALL   SYS_ToUnicode
ADD    rsp,32
PUSH   rax
MOV    rcx,qword [rsp+96]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
PUSH   qword 0
MOV    rcx,qword [Droopy_v_PasswordG]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
MOV    rcx,qword [Droopy_v_DomainG]
SUB    rsp,32
CALL   SYS_ToUnicode
ADD    rsp,32
PUSH   rax
MOV    rcx,qword [Droopy_v_UsernameG]
SUB    rsp,40
CALL   SYS_ToUnicode
ADD    rsp,40
PUSH   rax
POP    rcx
POP    rdx
POP    r8
POP    r9
ADD    rsp,-32
CALL   qword [rsp+296]
ADD    rsp,96
MOV    r15,rax
AND    r15,r15
JE    _EndIf9
; retour=1
MOV    qword [rsp+184],1
; EndIf
_EndIf9:
; CloseLibrary(advapi)
PUSH   qword [rsp+192]
POP    rcx
ADD    rsp,-32
CALL   PB_CloseLibrary
ADD    rsp,32
; EndIf
_EndIf7:
;
;/ Set the Process Handle of the Run Program in ImpersonateUserRunAsHandle (Global)
; ImpersonateUserRunAsHandle= lpProcessInfo\hProcess
LEA    rbp,[rsp+56]
PUSH   qword [rbp]
POP    rax
MOV    dword [Droopy_v_ImpersonateUserRunAsHandle],eax
;/ Set the Process id of the Run Program in ImpersonateUserRunAsHandle (Global)
; ImpersonateUserRunAsId.l= lpProcessInfo\dwProcessId
MOVSXD rax,dword [rbp+16]
PUSH   rax
POP    rax
MOV    dword [Droopy_v_ImpersonateUserRunAsId],eax
;
; ProcedureReturn retour
MOV    rax,qword [rsp+184]
JMP   _EndProcedure41
;
; EndProcedure
XOR    rax,rax
_EndProcedure41:
PUSH   rax
MOV    rcx,qword [rsp+48]
SUB    rsp,32
CALL   SYS_FreeString
ADD    rsp,32
MOV    rcx,qword [rsp+56]
SUB    rsp,32
CALL   SYS_FreeString
ADD    rsp,32
POP    rax
ADD    rsp,216
POP    r15
POP    rbp
RET
The function uses prototypes if that's any help
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!
lexvictory
Addict
Addict
Posts: 1027
Joined: Sun May 15, 2005 5:15 am
Location: Australia
Contact:

Post by lexvictory »

No error when import is used (needs polib to generate a complete advapi32.lib)
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!
ABBKlaus
Addict
Addict
Posts: 1143
Joined: Sat Apr 10, 2004 1:20 pm
Location: Germany

Post by ABBKlaus »

do you have a snippet, please :wink:
lexvictory
Addict
Addict
Posts: 1027
Joined: Sun May 15, 2005 5:15 am
Location: Australia
Contact:

Post by lexvictory »

oops.

Code: Select all

Prototype.l CreateProcessWithLogonW(lpUsername.p-unicode, lpDomain.p-unicode, lpPassword.p-unicode, dwLogonFlags,lpApplicationName.p-unicode, lpCommandLine.p-unicode,dwCreationFlags, lpEnvironment, lpCurrentDirectory,  *lpStartupInfo.STARTUPINFO,*lpProcessInfo.PROCESS_INFORMATION)

Procedure ImpersonateUserRunasHidden(CommandLine.s,Argument.s)
  lpProcessInfo.PROCESS_INFORMATION
  lpStartUpInfo.STARTUPINFO
  
  ; Ajoute un espace au début de l'argument
  If Left(Argument,1)<>" " 
    Argument=" "+Argument
  EndIf
  
  retour=0
  
  advapi = OpenLibrary(#PB_Any, "ADVAPI32.DLL")
  If advapi
    CreateProcessWithLogon.CreateProcessWithLogonW = GetFunction(advapi, "CreateProcessWithLogonW")    
    If CreateProcessWithLogon(UsernameG, DomainG, PasswordG, 0,CommandLine,Argument,0,0,#Null,@lpStartUpInfo,@lpProcessInfo) <> 0
      retour=1
    EndIf
    CloseLibrary(advapi)
  EndIf
  
  ;/ Set the Process Handle of the Run Program in ImpersonateUserRunAsHandle (Global)
  ImpersonateUserRunAsHandle= lpProcessInfo\hProcess
  ;/ Set the Process id of the Run Program in ImpersonateUserRunAsHandle (Global)
  ImpersonateUserRunAsId.l= lpProcessInfo\dwProcessId
  
  ProcedureReturn retour
  
EndProcedure
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!
ABBKlaus
Addict
Addict
Posts: 1143
Joined: Sat Apr 10, 2004 1:20 pm
Location: Germany

Post by ABBKlaus »

should be fixed with this version : http://www.tailbite.com/downloads/TailB ... R1.879.zip
lexvictory
Addict
Addict
Posts: 1027
Joined: Sun May 15, 2005 5:15 am
Location: Australia
Contact:

Post by lexvictory »

Confirmed (to compile), thank you
Demonio Ardente

Currently managing Linux & OS X Tailbite
OS X TailBite now up to date with Windows!
Post Reply