What software developing platform one uses to develop Windows 32 program ?

[Shera]

How does one know which Dll and Functions to include in the program ?

[fearless]

Depends on what a program is doing.

Have to break the program down into smaller parts and decide what each part is trying to accomplish. Is it displaying information to a user? and what is the best way to convey that information?

In win32 programming (assuming you are going to link with microsoft win32 api functions) there are many controls that are available, and each control has different functions, messages and notifications that can be used.

If your setting some text of a label, you might use SetWindowText or use the WM_SETTEXT message as an example.

If your displaying a list of items that a user can select, you would need to add the items to a list (LB_ADDSTRING message), then later you might want to do something once a specific value has been selected (LB_GETCURSEL and LB_GETTEXT)

Using modern compilers and development enviroments to build your program, the functions that link to the appropriate dll's will be included automatically in most cases. In other development enviroments (masm32 for example) you might have to specify the include files (.inc) and the library files (.lib) that need to be present when linking your program, for it to successfully include the links to the appropriate dll files.

Other languages might wrap up these libraries and functions in their own particular way.

So could be worth deciding what your program/tool/utility is going to do. If its a small project to start learning, then a small simple idea is better. Then you can research and search and ask questions to help narrow down what functions and controls and libraries and even languages might be required.

If you have a specific example or idea, that might help for others to offer suggestions - as to what to look at and what might be required.

Hope that helps

 

[Shera]

Thanks for the reply , I was trying to learn Assembly language then i tried some disassembly

I got a program from some place and i was mostly wondering about the platform it was programmed , because of the amount of functions in it .

 

 

 

 

Can someone show me an example of including a DLL or function in a program ?

[fearless]

Here is a simple assembler (masm32) example, called stringlength. It is a console mode program, and outputs the length of the text string defined in the assembler file: 'This is a string',0 - which is 16 characters long, so the console will output a '16'. Very basic program.

It only uses a few functions from kernel32.dll: lstrlen (to get the length of a zero terminated string), GetStdHandle and WriteFile (to output the text to the console screen), and exitprocess (to end the program)

Using CFF explorer or other tools you can see it only links to kernel32.dll for those 4 functions

The source code is provided and is simple, it does make use of a few macros from the masm32 sdk to help with a few things (the print macro for example)

But essentially the main focus for the program is the use of lstrlen as shown below:
 

include     \masm32\include\masm32rt.inc

.data
str1        db 'This is a string',0

.code

start:

    invoke lstrlen,ADDR str1
    print str$(eax),13,10
    invoke ExitProcess,0
    
    ret

END start

Hope that helps

stringlength.zip

[Shera]

So these functions , lstrlen (to get the length of a zero terminated string), GetStdHandle and WriteFile (to output the text to the console screen), and exitprocess (to end the program) are provided by kernel32.dll

And to use these functions , one  has to include \masm32\include\masm32rt.in  right ?

So the  Dll and functions resides in the \masm32\include\masm32rt.in

Is this the case in the C programs too ?

I mean if we need to call the Dll and the functions in a C program , which path do we try to include ?

[evlncrn8]

in the c code you include a .h file, to force a lib to be used you can use the pragma directive, but in most cases this isnt required

to use the functions, the h file (c/c++) or the .inc file (asm) need to be included in the code

the linker also needs to know which lib to use..

so in asm you'll typically see something like includelib blahblah.lib

 

Edited May 18, 2018 by evlncrn8

[Shera]

Thanks evlncrn8  ,

I am a bit lost in some technical terms ,

Dynamic link library files are the windows 32 API files with functions ?

 

[evlncrn8]

they're just dll's (essentially compiled libraries) that contain functions (exported in their export table) that you can use, forget the "32", as there's 64 bit too and it'll just get confusing, 64 bit has the same exports, so the same api names carry over mostly.

eg : user32.dll exports (among other things) MessageBoxA which is used to display messageboxes

 

Edited May 18, 2018 by evlncrn8

[fearless]

7 hours ago, Shera said:

So these functions , lstrlen (to get the length of a zero terminated string), GetStdHandle and WriteFile (to output the text to the console screen), and exitprocess (to end the program) are provided by kernel32.dll

Yes, these functions reside in the kernel32.dll

7 hours ago, Shera said:

And to use these functions , one  has to include \masm32\include\masm32rt.inc  right ?

So the  Dll and functions resides in the \masm32\include\masm32rt.inc

the masm32rt.inc is just a handy include file that contains the following:
 

      ; include files
      ; ~~~~~~~~~~~~~
      include \masm32\include\windows.inc       ; main windows include file
      include \masm32\include\masm32.inc        ; masm32 library include

      ; -------------------------
      ; Windows API include files
      ; -------------------------
      include \masm32\include\gdi32.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc
      include \masm32\include\Comctl32.inc
      include \masm32\include\comdlg32.inc
      include \masm32\include\shell32.inc
      include \masm32\include\oleaut32.inc
      include \masm32\include\ole32.inc
      include \masm32\include\msvcrt.inc

      include \masm32\include\dialogs.inc       ; macro file for dialogs
      include \masm32\macros\macros.asm         ; masm32 macro file

      ; libraries
      ; ~~~~~~~~~
      includelib \masm32\lib\masm32.lib         ; masm32 static library

      ; ------------------------------------------
      ; import libraries for Windows API functions
      ; ------------------------------------------
      includelib \masm32\lib\gdi32.lib
      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib
      includelib \masm32\lib\Comctl32.lib
      includelib \masm32\lib\comdlg32.lib
      includelib \masm32\lib\shell32.lib
      includelib \masm32\lib\oleaut32.lib
      includelib \masm32\lib\ole32.lib
      includelib \masm32\lib\msvcrt.lib

That masm runtime file (masm32rt.inc) with all those includes and includelibs covers the most commonly used libraries likely to be used. The include files are header files that contain definitions for the functions that might be used and constants/enumerations used with the appropriate functions. The linker with look for functions in those lib files and if found will link them into the program when compiling. The functions that are used, will redirect to the appropriate dll's and its functions when the program is executed.

Think of the dll's as a big storage of possible functions a program may use, grouped together for ease of use and usually related. So functions related to drawing and graphics are found in the gdi32 library, common dialogs (save as, open, browse) functions are stored in the comdlg32 library etc.

The lib files are just a collection of function pointers, that point to the real function stored in the dll. A placeholder for the real functions.

At link time, the linker sees a function, finds the reference in the lib files (searching all the specified lib files to find it) then knows that the function is actually stored in the dll file and marks it as such. When the program loads up, the operating system will see the functions and dlls to be used and will load those dll's for the program, so it can succesfully call those functions.

7 hours ago, Shera said:

Is this the case in the C programs too ?

I mean if we need to call the Dll and the functions in a C program , which path do we try to include ?

Using Visual studio for example, will already have the paths to include already set, usually pointing to the directory where the sdk files (headers *.h and libraries *.lib) are stored. So in that case you dont have to worry about it as its all taken care of automatically. Of course you can override and specify additional libraries to look for (say if you downloaded a third party sdk, like openssl or zlib or whatever) to look for new additional functions provided by the additional libraries.

 

 

[Shera]

Thanks a lot for all the detailed explanations

I was mostly wondering about the console based program i was trying to disassemble , It had lots of functions in it .

Could this be developed in Visual studio or something else ?

 

 

??

[evlncrn8]

well it has 'simplecppcrackme.exe' so possibly, and uses the msvcrt.dll to do things, but thats not a 100% guarantee it was written in c/c++..  

[Shera]

Thanks for the reply evlncrn8 ,

I have been slowly learning Assembly and Disassembly for some time now

I am getting used to the terms in it ,

I learned a lot about

Subroutines ,

Opcode 

Operand 

Data 

Functions

One thing now,  i am trying to figure out is about the interconnected Subroutines

[evlncrn8]

inter connected sub routines ? you mean classes or ?

[Shera]

I mean these in red circles ,

Is there any easy way to make sense of those 1427 of it in this particular program ?

 

[evlncrn8]

they're just functions that arent named in exports / identifable, you'll probably find the function they're calling at the end is chkstk (check stack) or similarto check for buffer overruns or the like.. or code to undo setting a seh handler, a lot of c code wraps other functions, so i wouldnt worry about it too much

Edited May 19, 2018 by evlncrn8

[Shera]

Thanks for the reply evlncrn8 ,

 

Let me try to put it in some pictures for the sake of clarity ,

 

Should i try to research more on those black colored functions in the wingraph32 ?

 

 

[VirtualPuppet]

To be fair, at this point, everybody's just confusing you with their somewhat incorrect statements here and there.

It is pretty obvious that a call in start to 0x401000 (as opposed to what @evlncrn8 said) is not an SEH stack cleanup or stack-check (which only happens in debug builds btw). The fact that the call happens at an address of 0x401000 would (to any experienced reverse engineer) signal that it is user-defined code at the beginning of the .text (code) section of the executable (or library).

In other words, if I write the following C code:

void do_something() 
{
  printf("something's happening!");
}

int main(int argc, char** argv)
{
  do_something();
  printf("end of program");
  return 0;
}

 

It will compile roughly to:

0x401000:		// The address that do_something was compiled to
pushad 			// Would probably be a stack prologue and some register loadings
push offset somethings_happening_string
call printf
popad 			// Would probably be a stack epilogue and some register storages
ret

main:
call 0x401000
push offset end_of_program_string
call printf
xor eax,eax
ret

 

As seen here, start is either the main function defined above or an entry-point defined by the compiler which calls 0x401000 (which is then actually the main function). I don't really have time to go over most of the other comments right now, but there's so much misinformation in this thread, that I'd probably just disregard most of it if I were you.

Edited May 19, 2018 by VirtualPuppet

[evlncrn8]

i was talking in general and not specific to his snippet... i was simply giving information, not entering a pissing contest

[Shera]

Thanks for all the reply VirtualPuppet , evlncrn8

I have been trying to narrow few things down ever since i have been trying to learn C ,  Assembly and Disassembly

I have learned a lot of things from this thread , and thanks to everyone who replied

 

I have managed to learn this much about programming in general

This helps me in relearning C , Assembly and Disassembly