Can you Help me with this Program (Assembly)

[pwnium]

i tried to write a small program that run some useful tools that i need , unfortunately the program run only in my computer
how can i fix that problem , another question ... i'm just a beginner so the i've repeated CreateProcess and ResumeThread so many times
i guess am doing this wrong ! please correct me

i called this small Program EX_Runner
the source code ,

.386
.model flat, stdcall  ;32 bit memory model
option casemap :none  ;case sensitive

include EX_Runner.inc
include comdlg32.inc
includelib comdlg32.lib

.const
sla db"\",0
FilterStr db "Executable Files","*.exe",0,0

.data
olly db "C:\RCE\RAMODBG v1.1\OLLYDBG.EXE",0
IDA db "C:\RCE\Tools\IDA Pro\IDA Pro Advanced (32-bit).exe",0
reflector db "C:\Program Files\Red Gate\.NET Reflector\Desktop 8.5\Reflector.exe",0
qu db "C:\RCE\Tools\QUnpack32\Explorer.exe",0
stripper db "C:\RCE\Tools\Unpacking Kit 2012\ARMADILLO\stripper_v213b9\_stripperX.exe",0
dillodie db "C:\RCE\Tools\Unpacking Kit 2012\ARMADILLO\Dillodie\dilloDIE.exe",0
die db "C:\RCE\Tools\DIE_1.01_win\die.exe",0
peid db "C:\RCE\Tools\PEiD-0.95-20081021\PEiD.exe",0
exepeinfo db "C:\RCE\Tools\Exeinfope\exeinfope.exe",0
impREC db "C:\RCE\Tools\ImpREC 1.7e\ImportREC.exe",0
lordpe db "C:\RCE\Tools\lordPE\LordPE.EXE",0
scylla db "C:\RCE\Tools\Scylla v0.9.7c\Scylla_x86.exe",0
.data?
buffer db 512 dup (?)
WFD WIN32_FIND_DATA<>
ofn OPENFILENAME<>

SSI STARTUPINFO<>
PI PROCESS_INFORMATION<>
.code

start:

	invoke GetModuleHandle,NULL
	mov		hInstance,eax

    invoke InitCommonControls
	invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL
	invoke ExitProcess,0

;########################################################################



DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM

	mov		eax,uMsg
	.if eax==WM_INITDIALOG

	.elseif eax==WM_COMMAND
	
 .if wParam==1002 
 invoke CreateProcess,addr olly,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif  wParam==1003 
 invoke CreateProcess,addr IDA,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1004
 invoke CreateProcess,addr reflector,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1005
 invoke CreateProcess,addr reflector,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1006
 invoke CreateProcess,addr exepeinfo,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
	 .elseif wParam==1007
 invoke CreateProcess,addr peid,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
  	.elseif wParam==1008
 invoke CreateProcess,addr die,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 
 	.elseif wParam==1011
 invoke CreateProcess,addr dillodie,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1012
 invoke CreateProcess,addr stripper,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1013
 invoke CreateProcess,addr qu,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1014
 invoke CreateProcess,addr scylla,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1015
 invoke CreateProcess,addr lordpe,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 	.elseif wParam==1016
 invoke CreateProcess,addr impREC,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI
 invoke ResumeThread,PI.hThread
 
 	.endif 
	.elseif eax==WM_CLOSE
		invoke EndDialog,hWin,0
	.else
		mov		eax,FALSE
		ret
	.endif
	mov		eax,TRUE
	ret

DlgProc endp

end start

am using RadASM IDE !
Regards ,

Edited July 17, 2018 by abdelhamid

[Nemo]

The program only runs on your computer because of where your files are located.. i.e. 'C:\RCE\RAMODBG v1.1\OLLYDBG.EXE' you could use '.\RAMODBG v1.1\OLLYDBG.EXE' if program is run from 'C:\RCE directory' or maybe put something in to change the base location of your tools.. make a function for the create process/resume.. then just pass variable to it..

 

[pwnium]

3 hours ago, Nemo said:

The program only runs on your computer because of where your files are located.. i.e. 'C:\RCE\RAMODBG v1.1\OLLYDBG.EXE' you could use '.\RAMODBG v1.1\OLLYDBG.EXE' if program is run from 'C:\RCE directory' or maybe put something in to change the base location of your tools.. make a function for the create process/resume.. then just pass variable to it..

 

hello there , thank you for answering my question ...
am just a beginner can you help to create this function !?

regards ,

[Downpour]

To store all the paths you could use an INI-File with a structure like:
 

[Settings]
Count = Number of paths

[0]
Path = Path to the program to execute
Param = Parameter value

...

You could read the Count and Param value with GetPrivateProfileInt and the path with GetPrivateProfileString.

To store the path and parameter you can create a structure in MASM that holds both values and allocate memory to store the stuff inside. After loading the INI-File you can iterate through your array and compare the Param attribute and execute the program if it's a match.

This may not be the best solution but it should be pretty simple.

[pwnium]

8 hours ago, Downpour said:

To store all the paths you could use an INI-File with a structure like:
 

[Settings]
Count = Number of paths

[0]
Path = Path to the program to execute
Param = Parameter value

...

You could read the Count and Param value with GetPrivateProfileInt and the path with GetPrivateProfileString.

To store the path and parameter you can create a structure in MASM that holds both values and allocate memory to store the stuff inside. After loading the INI-File you can iterate through your array and compare the Param attribute and execute the program if it's a match.

This may not be the best solution but it should be pretty simple.

awesome ! thanks