How to assemble text to binary code for MASM?

[LCF-AT]

Hi again,

ok thanks for that info cob.So then I I dont use if / else / end if statements.Its also ok to work without that syntax.

I got a small other question (dont wanna create extra new topic for that) about wsprintf function.So I would like to show the assembled code in dissasembled style with address / opcode / commands etc but also in a same format to show it clean like this...

0041A73D 81EC48020000           sub     esp,248h
0041A743 53                     push    ebx
0041A744 56                     push    esi
0041A745 57                     push    edi
0041A746 8B7D0C                 mov     edi,[ebp+0Ch]
0041A749 33F6                   xor     esi,esi
0041A74B 8A1F                   mov     bl,[edi]
0041A74D 47                     inc     edi
0041A74E 84DB                   test    bl,bl
0041A750 8975F4                 mov     [ebp-0Ch],esi
0041A753 8975EC                 mov     [ebp-14h],esi
0041A756 897D0C                 mov     [ebp+0Ch],edi
0041A759 0F84F4060000           je      loc_0041AE53
0041A75F 8B4DF0                 mov     ecx,[ebp-10h]

....but I dont know which sign I could use for the same distances between opcode lenght which is dynamic and command (mov ? rest of command) you know what I mean right.So how can I do that?('%08lX %s %s) something like that but dont know how to set exact spaces between etc.

greetz

[cob_258]

According to msdn I came up with this "%08lX     %-10s%-10s"

The "%-10" means pad the output with blanks to fill 10 character to the right (the output is aligned to the left), the blanks in the middle can be replaced by one or two tabs.

 

Or you can format address with "%08lX" then format the formatted address / opcode / command with "%-10s%-10s%-10s"

(The number 10 is a random value, after some tests you will find more suitable values)

 

Update

To obtain the values that makes the format shown in your code all I had to do is to measure each case (simply see the column in notepad++) and got this values : 

• 10 for  formatted address (8 numbers + 2 blanks)
• 24 for hex
• 9 for opcode
• no padding for operands

To finally obtain this : "%-10s%-24s%-9s%s" (there is 4 fields not 3)

Edited May 4, 2018 by cob_258
update

[LCF-AT]

Hi again,

seems not to work or I do again something wrong.Can you post a example?I have all as strings already.Address is clear so far using %08lX.Next comes opcode chr$(EB FE).Then command also as string chr$("mov eax,ecx").Sorry this is pretty confusing with that complex format thing.

0030FAB0   0104B4F4  |s = bones.0104B4F4
0030FAB4   010483AA  |Format = "%08lX  %-10s%-24s?%-9s%s"
0030FAB8   00401000  |<%08lX> = 0x401000 <-- address
0030FABC   010483C4  |<%-10s> = "90 90 90" <-- opcode string
0030FAC0   010483D0  |<%-24s> = "mov eax,ecx" <-- command
0030FAC4   010483DC  |<%-9s> = "A8 11"   <--- ? why another field
0030FAC8   01043000  \<%s> = "mov eax,2" <--- ? here too?
                                              
=
                                              
00401000  90 90 90  mov eax,ecx             ?A8 11    mov eax,2                                              

Address 2 free | opcode 2 free | command more free | rest

greetz

[cob_258]

It appears that you skipped some steps (maybe my reply was ambiguous) so this is how it should be done : 

• first format the address (call wsprintf with "%08lX")
• the opcode and operands are separated, i.e different parameters
• you format all the things above with "%-10s%-24s%-9s%s"

see the code below for more information (I added another step to format  "esp,248h")

Spoiler

.486
.model flat,stdcall
option casemap:none

include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib

include c:\masm32\macros\macros.asm

.code
Start proc

	local szAddr[12]:CHAR,szOperands[50]:CHAR,szOut[MAX_PATH]:CHAR

	fn wsprintf,addr szAddr,chr$("%08lX"), 0401000h
	;// szAddr = "401000"
	
	fn wsprintf,addr szOperands,chr$("%s,%lXh"), chr$("esp"),248h
	;// szOperands = "esp,284h"
	 
	fn wsprintf,addr szOut,chr$("%-10s%-24s%-9s%s"),addr szAddr,chr$("81EC48020000"),chr$("sub"),addr szOperands
	;// szOut = "00401000  81EC48020000  sub      esp,248h"

	Ret
Start EndP
	

End Start

 

 

[LCF-AT]

Hi again,

ok I got it working now with that wsprintf formats.Its a little tricky to understand that (in my case only of course). (Hey the smileys are working again via keyboard). Ok I made a small snapshot how my app looks already.

Should be ok so far to get a good quick info overview about the codes the user wrote etc.The rest to build the loader files and on fly run I do write later.

greetz