Jump to content

Flat assembler "g" UDF with x64

Recommended Posts

I updated this with a couple new functions to make compiling and debugging variables easier.

_fasmg_CompileAu3 will generate the au3 code needed for a standalone function without the library and place it on the clipboard. It will also encode/compress the opcode and generate the required code to decode/decompress, but only if its worth it. If the amount of extra au3 code it takes to decode is more than the number of characters saved from encoding, then I dont see the point. Below is the input/output you would get from the first example where base64 would not be worth it. The base64 saves us about 20 characters in the opcode, but even with a single one liner (with length precalculated when compiled) to decode the string its about 170 character long so for this example it would pick base16. 


_('procf _main, pConsoleWriteCB, parm1, parm2')
_('     mov edx, [parm1]')
_('     add edx, [parm2]')
_('     invoke pConsoleWriteCB, "edx = ", edx') ;
_('     ret')



Local Static $dBinExec = Binary('0x5589E58B550C03551052E807000000656478203D2000FF5508C9C20C00')
Local Static $tBinExec = DllStructCreate('byte[' & BinaryLen($dBinExec) & ']'), $bSet = DllStructSetData($tBinExec, 1, $dBinExec)
Local Static $aProtect = DllCall('kernel32.dll', 'bool', 'VirtualProtect', 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec), 'dword', 0x40, 'dword*', 0)
Local Static $aFlush = DllCall('kernel32.dll', 'bool', 'FlushInstructionCache', 'handle', (DllCall('kernel32.dll', 'handle', 'GetCurrentProcess')[0]), 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec))

Local Static $sBinExec = 'VYnli1UMA1UQUugHAAAAZWR4ID0gAP9VCMnCDAA='
Local Static $aDec = DllCall('Crypt32.dll', 'bool', 'CryptStringToBinary', 'str', $sBinExec, 'dword', Null, 'dword', 1, 'struct*', DllStructCreate('byte[' & 29 & ']'), 'dword*', 29, 'ptr', 0, 'ptr', 0)
Local Static $tBinExec = DllStructCreate('byte[' & $aDec[5] & ']', DllStructGetPtr($aDec[4]))
Local Static $aProtect = DllCall('kernel32.dll', 'bool', 'VirtualProtect', 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec), 'dword', 0x40, 'dword*', 0)
Local Static $aFlush = DllCall('kernel32.dll', 'bool', 'FlushInstructionCache', 'handle', (DllCall('kernel32.dll', 'handle', 'GetCurrentProcess')[0]), 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec))

_fasmg_Debug is the other much needed function that has been added. Ive gotten annoyed with copying callbacks from script to script just to debug and wanted something native that could handle all the basics. The function inserts ptr's to callbacks directly into the code so you cant use it in a compiled function but you wouldnt want to do that anyway. This also makes it so we dont have to pass the callback as a parameter.  I have 4 callbacks setup that I think covers all my bases but let me know if not. The function excepts a comma delimited string of "type:var" parings using ":" operator to pair and will generate asm code to call the correct callback. The function excepts all autoit types allowed for dllcall and actually uses the literal string specifying the type to dynamically register a function for that variable type.  I didn't always know this (never really needed to) but apparently we can register the same autoit function multiple times with DllCallbackRegister specifying different parameter types with each registration. With that functionality Im able to just create a "wildcard" type function and register the types as needed so that one callback covers most situations. The other 3 callbacks cover dll structures, raw quoted strings (no variable specified), and lastly references (ex: int*).  For whatever reason, specifying the parameters in the callback as references doesn't work out right and doesn't deference so to get around that I send it to a function that creates a dllstruct at the pointer address and access it that way. I also added ability to specify hi/low values using the '|' operator. So "int64:eax|edx" would show you the combined 64bit value of eax and edx.  

For dll structures I made a made modified (basically a copy) version of _winapi_displaystruct  that will print the data to the console instead of showing you listview. Despite the length of that function, it was actually real easy to modify by just replacing all the GUICtrlCreateListViewItem statements with _addarray() to turn it into a 2darray. All the statements are already deliminted with '|' so that worked out nice. I then pass that 2darray to _Array2DToFormatedStr() to convert and format the alignment of all the columns based on longest element in that column before printing so we have a nice table. The dashes help out with the colors too. Here is the output from the example in the helpfile:



Debug Example:      

$_dbg = _fasmg_Debug ; (shortcut)
    $sTag = 'byte x;short y;char sNote[13];long odd[3];word w;dword p;char ext[3];word finish'
    _(_fasmg_Au3StructDef('AU3TEST', $sTag))

    _('procf _main, parm1, parm2')
    _('     locals')
    _('         iTestSigned dd -12345')
    _('         iTestUnsigned dd 1234567')
    _('         stest db "This is a local string test",0')
    _('         sBuffer db 128 dup ?')
    _('         tTest AU3TEST x:11,y:22,sNote:"Test Msg",odd:333,odd+4:444,odd+8:555,w:77,p:6666,ext:"exe",finish:1234') ;
    _('     endl')
    _("     xor eax, eax") ; eax = 0
    _('     mov bl, 13') ; bl = 13
    _($_dbg('str:"#########################"')) ;; raw string - no variable specified
    _($_dbg('int:[iTestSigned]')) ; signed test
    _($_dbg('uint:[iTestUnsigned]')) ; unsigned test
    _("     cpuid") ; places cpuid string in ebx:ecx:edx
    _("     lea edi, [sBuffer]") ; Load address (ptr) of sBuffer into edi
    _("     mov [edi], ebx") ; first 4 chars of cpuid
    _("     mov [edi + 4], edx") ;
    _("     mov [edi + 8], ecx")
    _("     mov dword[edi + 12], 0")
    _($_dbg('str:edi')) ; will print cpuid string. Edi is holding ptr to local var "sBuffer"
    _('     mov edx, [parm1]')
    _('     add edx, [parm2]')
    _($_dbg('struct:addr tTest:' & $sTag)) ; printing structure. Only type that expects an extra ':' to specify "$sTag"
    _('     mov ebx, 77')
    _('     rdtsc')
    _($_dbg('uint*:addr iTestUnsigned')) ;testing passing a reference to it
    _($_dbg('uint:[iTestUnsigned]')) ; should be same
    _('     rdtsc') ; this places 64bit timestamp value in eax|edx
    _($_dbg('dword:ebx,uint:[iTestUnsigned],str:addr stest,dword:eax,uint64:eax|edx')); debugging multiple vars. printing 64bit timestamp stored in eax|edx
    _('     rdtsc')
    _('     ret')

Console Output:

[iTestSigned]: -12345
[iTestUnsigned]: 1234567
edi: GenuineIntel
Struct addr tTest:
#    Member    Offset        Type           Size      Value       
-    -         0x005EF118    <struct>       0         -           
1    x         0             BYTE           1         11          
-    -         -             <alignment>    1         -           
2    y         2             short          2         22          
3    sNote     4             CHAR[13]       13        Test Msg    
-    -         -             <alignment>    3         -           
4    odd       20            long[3]        12 (4)    [1] 333     
-    -         24            -              -         [2] 444     
-    -         28            -              -         [3] 555     
5    w         32            WORD           2         77          
-    -         -             <alignment>    2         -           
6    p         36            DWORD          4         6666        
7    ext       40            CHAR[3]        3         exe         
-    -         -             <alignment>    1         -           
8    finish    44            WORD           2         1234        
-    -         -             <alignment>    2         -           
-    -         0x005EF148    <endstruct>    48        -           
iTestUnsigned*: 1234567
[iTestUnsigned]: 1234567
ebx: 77
[iTestUnsigned]: 1234567
stest*: This is a local string test
eax: 3773413439
eax|edx: 3154339424745535
eax|edx: 3154339424841536
[parm1]: 5


Update 9/14/2019:

I added some additional commenting/renaming options for _fasmg_Debug and also added a small example showing a new trick I learned recently used in position independent coding (pic) to establish where you are in memory.

For the debugging portion you can now also optionally change the name/comment of what you are printing by adding a semicolon ";" with new name/comment. Normally the function will just use the variable name. This replaces it with whatever you put after ";". Lets say here some_var = 6

 _fasmg_Debug('dword:[some_var]') ; would print to console -> [some_var]: 6
 _fasmg_Debug('dword:[some_var];value of some_var') ; would print to console -> value of some_var: 6


For the trick I learned, I like this as an alternative to passing the address of the structure to your function if your using any kind of global/static variable like data reservations. Heres a partial snip from original _Ex_GlobalVars example of what Im talking about. pMem is the address of the dllstructure holding are binary code and is passed as a parameter so we can calculate the address of g_Var1:

_('procf _main uses ebx, pMem, pConsoleWriteCB, parm1')
_('     mov ebx, [pMem]') ; This is where are code starts in memory.
_('     mov [ebx + g_Var1], 111')

 The alternative way can be done with these three lines below. Whenever the x86 instruction call is executed, the address of where the function needs to return to when finished (which will be the next line) is always pushed on to the stack. This is normally complemented with the ret instruction which pops that value off the stack and returns you back where you need to go next. Here we never execute ret and pop the address off to eax. delta is then subtracted from that address giving us the original starting point. 

_('call delta')
_('delta: pop eax');  eax now equals address of delta
_('sub eax, delta');  eax now equals start of memory

Heres the full example I added to the zip. This also shows how with fasmg, you get true namespaces and makes any data reservation inside procedures more like static variables. Here both _subfunc1 and _subfunc2 use the same names for label delta and data reservation var. I call the function 3 times just to show the variables holding on to there values between calls. In this example the life of those variables would die when the autoit function exits since I only declared $tbinary as local and not static so keep that it mind. Also notice that I defined those with a 0 and not "?". I dont have a example but without the 0 the data is just empty and there for I think it could cause the dllstructure to not have enough bytes define to hold that extra space for variables. Using 0 will always fill the data out so are BinaryLen() calculation will match up. 

Func _Ex_CurrentPOS()

    $g_sFasm = ''

    _('procf _main')
    _('     stdcall _subfunc1')
    _('     stdcall _subfunc2')
    _('     ret')

    _('proc _subfunc1')
    _('     call delta'); Calling anything places the address of the next instruction on the stack. we just happen to be calling the next line
    _('     delta: pop eax');in this function the label delta is equal to value 18 which is the offset or distance in bytes from _main
    _('     sub eax, delta'); after poping the address of delta (not offset - real address) to eax we subtract delta to give us the address of _main
    _('     add [eax+var], 2')
    _('     add [eax+g_var], 2')
    _(      $_dbg('dword:[eax+var];subfunc1 var'))
    _(      $_dbg('dword:[eax+g_var];subfunc1 g_var'))
    _('     stdcall _subfunc2')
    _('     ret')
    _('     var dd 0')

    _('proc _subfunc2')
    _('     call delta')
    _('     delta: pop eax');  here delta=47
    _('     sub eax, delta')
    _('     add [eax+var], 3')
    _('     add [eax+g_var], 3')
    _(      $_dbg('dword:[eax+var];subfunc2 var'))
    _(      $_dbg('dword:[eax+g_var];subfunc2 g_var'))
    _('     ret')
    _('     var dd 0')

    _('g_var dd 0')

    Local $tBinary = _fasmg_Assemble($g_sFasm,1)
    If @error Then Exit (ConsoleWrite($tBinary & @CRLF))

    DllCallAddress('dword', DllStructGetPtr($tBinary))
    DllCallAddress('dword', DllStructGetPtr($tBinary))
    DllCallAddress('dword', DllStructGetPtr($tBinary))



Edited by Beege
code comments
Link to post
Share on other sites

X64 Support:

The other day @UEZ gave me some motivation to get x64 working in my udf. At this time there is no fasmg.dll that runs in 64bit mode, but much like the original fasm.dll, the 32bit fasmg.dll is perfectly capable of generating x64 bit code since generating code vs executing code are two different things.  So to get x64 working, a simple method I implemented is to just pass the source over to a 32bit script, generate the code and pass it back. I tried the same thing years ago and it did work when it comes to the 64bit code generation. The problems I had were how I lost so much the debugging options I had in place when running in 32bit mode and defeated a lot of the library's purpose of making asm code writing easier. 

This time I am happy to report that I'm able to get it all working and not lose any of the debugging/format options that are all in place for 32bit. All the macros I have been showing in 32bit exist for 64bit just the same and I have added code to make the proper selection.   I've only written the one debugging example for testing purposes so far but covers a decent amount of the functionality plus took me a solid weekend to get there. 

Here are some of the basics you should know about x64 calling conventions and pitfalls that I learned a so far.  

First is fastcall. There is really only one call type and that is fastcall. With fastcall the first 4 parameters are passed in rcx,rdx,r8,r9. Space is still reserved on the stack for the first 4 parms, but they are empty at first and you can choose to transfer the variables to the space once in the function. rax, rcx, rdx, r8-r11 are all volatile registers so if you are going to be calling another function from within your function or using those registers for other purposes, then you should backup the parameter values in that space. For the other registers that are nonvolatile (rbx, rdi, rsi, r12-r15), its important to save those values using the "uses" operator if you are using them ANYWHERE in your function. x64 seems way less forgiving in that aspect then 32bit did. 

_('procf _main uses rbx rdi, parm1, parm2, parm3, parm4')
_('     mov [parm1], rcx')
_('     mov [parm2], rdx')
_('     mov [parm3], r8')
_('     mov [parm4], r9')

 Two items that tripped me up for a little bit. One is calling a function if the ptr is in rcx. I was passing a callback pointer as my first parameter discovering this. Its kinda obvious now that problem is tied in with ecx being a parameter but was not thinking about it at the time. The other issue is trying to persevere any kind of volatile register between a function call via push/pop. For whatever reason any kind of push R#X; call func; pop R#X fails with some kind of stack alignment issue. You can get around this by either backing up the values in a local variable or transfer whatever volatile register to r12-15 if not being used. If you know what the problem is there please let me know. 

;use of push/pop is ok
_(' push rdx') ; 
_(' pop rcx') ; 
_(' fastcall rax') ; call some function
_(' push rax') ; 
_(' pop rcx') ; 

;its calling a function when ever the stack is not balanced that fails
_(' push rdx') ; preserve rdx
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore

First post has been updated.  Reporting issues, questions, comments. Believe it or not these are all allowed ;)


Update - 10/26/2019

I got stack alignment issues figured out. The key is keeping the stack 16 byte aligned and its very easy. Just always push the values you want to preserve in mulitples of 2. In the above code when I only push rdx (1 register) so the alignment is now on 8. We just need to push the value once more or you could also add a 'sub rsp, 8' statement but a little more code.

Here we are pushing 2 registers so this is aligned ok:

_(' push rcx') ; preserve rcx
_(' push rdx') ; preserve rdx
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore
_(' pop rcx') ; restore

Here we would have an odd number of 3 so Ill push the last one twice

_(' push rax') ; preserve rax
_(' push rcx') ; preserve rcx
_(' push rdx') ; preserve rdx
_(' push rdx') ; preserve rdx ; <===========Extra push
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore ; <===========Extra pop
_(' pop rdx') ; restore
_(' pop rcx') ; restore
_(' pop rax') ; restore

With that figured out the _fasm_debug function now properly preserves all the volatile registers so you can see whats in them without wiping other registers. First post updated

Edited by Beege
Link to post
Share on other sites

Thanks for the update @Beege. Meanwhile I've solved my x64 addressing issue and the code seams to run properly for 15/16-bit images.


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to post
Share on other sites
5 hours ago, UEZ said:

Thanks for the update @Beege. Meanwhile I've solved my x64 addressing issue and the code seams to run properly for 15/16-bit images.


You got it. Good job on your x64 code! I wish it was as easy as swapping R's with E's... but that is certainly not the case! :mad2:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Celtic88
      hello ! 
      just for fun 
      simple code to call dll api in new  thread ...
      *update 21/02/2021 
       -add callback for return api call
      -add x64 
      ;by celtic 88 #include <Memory.au3> #include <WinAPISys.au3> #include <WinAPIProc.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <WinAPIEx.au3> #include <WindowsConstants.au3> #include <WinAPIMem.au3> Global $thread_Class = 'thread_Class1' Local $hProc = DllCallbackRegister('thread_WM', 'lresult', 'hwnd;uint;wparam;lparam') Local $tClass = DllStructCreate('wchar[' & StringLen($thread_Class) + 1 & ']') DllStructSetData($tClass, 1, $thread_Class) Local $tWCEX = DllStructCreate($tagWNDCLASSEX) DllStructSetData($tWCEX, 'Size', DllStructGetSize($tWCEX)) DllStructSetData($tWCEX, 'hWndProc', DllCallbackGetPtr($hProc)) DllStructSetData($tWCEX, 'ClassName', DllStructGetPtr($tClass)) _WinAPI_RegisterClassEx($tWCEX) Global $opcode_struct = 'ptr WaitForSingleObject;' & _ 'ptr SendMessage;' & _ 'ptr GetLastError;' & _ 'ptr henvent;' & _ 'ptr hwnd;' & _ 'ptr pproc;' & _ 'ptr isprocessing;' & _ 'ptr lreturn;ptr hreturn;' & _ 'ptr LastError;' & _ 'ptr exitthread;' & _ 'ptr parm[100];ptr rsv[20];WCHAR callback[100]' Local $opcode = '0x668CC83C337449' & _ '8B7C24046AFFFF770CFF1785C07403FF47288B5F2885DB75118D772C8B0E85C97405FF348EE2FBFF571489471C895720FF570889472431C0894718535750FF7710FF570485DB74BCC3' & _ '4881EC480300004889CB4831D248FFCA488B4B18FF134885C0740448FF43504C8B7B504D85FF753A488D735848AD4885C0742C4989C64831C94883C10448AD50E2FB4983EE04493' & _ '9CE7E0E4C89F1488D7C244048AD48ABE2FA415941585A59FF53284889433848895340FF5310488943484831D2488953304D89F94989D8488B4B20FF53084D85FF74804881C448030000C3' Global $pshll = _MemVirtualAlloc(0, BinaryLen($opcode), $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) DllStructSetData(DllStructCreate('byte[' & BinaryLen($opcode) & ']', $pshll), 1, $opcode) Func thread_WM($hWnd, $iMsg, $wParam, $lParam) ;window call back If $iMsg = $WM_NULL Then Local $thi = DllStructCreate($opcode_struct, $wParam) If $lParam <> 0 Then DllStructSetData($thi, 'rsv', -2, 4) DllStructSetData($thi, 'rsv', DllStructGetData($thi, 'rsv', 4) + 1, 4) Call(DllStructGetData($thi, 'callback'), $thi, DllStructGetData($thi, 'rsv', 4)) If $lParam <> 0 Then _WinAPI_DestroyWindow($hWnd) _WinAPI_CloseHandle(DllStructGetData($thi, 'henvent')) _MemGlobalFree($wParam) EndIf EndIf Return _WinAPI_DefWindowProc($hWnd, $iMsg, $wParam, $lParam) EndFunc ;==>thread_WM Func thread_create($scallback) ; create new remote api thread Local $thi = DllStructCreate($opcode_struct, _MemGlobalAlloc(DllStructGetSize(DllStructCreate($opcode_struct)), $GPTR)) DllStructSetData($thi, 'WaitForSingleObject', _WinAPI_GetProcAddress(_WinAPI_LoadLibrary('kernel32'), 'WaitForSingleObject')) DllStructSetData($thi, 'SendMessage', _WinAPI_GetProcAddress(_WinAPI_LoadLibrary('user32'), 'SendMessageW')) DllStructSetData($thi, 'GetLastError', _WinAPI_GetProcAddress(_WinAPI_LoadLibrary('kernel32'), 'GetLastError')) DllStructSetData($thi, 'henvent', _WinAPI_CreateEvent(0, 0, 0, 0)) ; DllStructSetData($thi, 'hwnd', _WinAPI_CreateWindowEx(0, $thread_Class, '', 0, 0, 0, 0, 0, 0)) Local $thid = DllCall('kernel32', 'hwnd', 'CreateThread', 'ptr', 0, 'dword', 0, 'ptr', _ $pshll, 'ptr', DllStructGetPtr($thi), 'long', 0, 'int*', 0) DllStructSetData($thi, 'rsv', $thid[0], 2) DllStructSetData($thi, 'rsv', $thid[6], 3) DllStructSetData($thi, 'callback', $scallback) Call(DllStructGetData($thi, 'callback'), $thi, DllStructGetData($thi, 'rsv', 4)) Return $thi EndFunc ;==>thread_create Func thread_close($thi) ; close remote api thread DllStructSetData($thi, 'exitthread', 1) _WinAPI_SetEvent(DllStructGetData($thi, 'henvent')) EndFunc ;==>thread_close Func thread_isrunning($thi) ; check if remote api thread is closed or no Return (DllStructGetData($thi, 'exitthread') = 0) EndFunc ;==>thread_isrunning Func thread_GetLastError($thi) ; Get Last Error in remote thread Return DllStructGetData($thi, 'LastError') EndFunc ;==>thread_GetLastError Func thread_getreturn($thi) ; get api call return Return DllStructGetData($thi, 'lreturn') EndFunc ;==>thread_getreturn Func thread_call($thi, $pproc) ; dllcall $pproc = address of api DllStructSetData($thi, 'pproc', $pproc) DllStructSetData($thi, 'isprocessing', 1) _WinAPI_SetEvent(DllStructGetData($thi, 'henvent')) DllStructSetData($thi, 'rsv', 0, 1) EndFunc ;==>thread_call Func thread_addcallparameters($thi, $val) ; add dllcall parameters Local $idx = DllStructGetData($thi, 'rsv', 1) + 1 DllStructSetData($thi, 'rsv', $idx, 1) DllStructSetData($thi, 'parm', $idx, 1) DllStructSetData($thi, 'parm', $val, $idx + 1) EndFunc ;==>thread_addcallparameters Func thread_callsimple($thi, $dll, $nproc, $p1 = Default, $p2 = Default, $p3 = Default, _ $p4 = Default, $p5 = Default, $p6 = Default, $p7 = Default, $p8 = Default, _ $p9 = Default, $p10 = Default, $p11 = Default, $p12 = Default, $p13 = Default, _ $p14 = Default, $p15 = Default, $p16 = Default, $p17 = Default, $p18 = Default) ; simple call api ;) Local $cp = 1 While Execute('$p' & $cp & ' <> Default') thread_addcallparameters($thi, Execute('$p' & $cp)) $cp += 1 WEnd thread_call($thi, _WinAPI_GetProcAddress(_WinAPI_LoadLibrary($dll), $nproc)) EndFunc ;==>thread_callsimple Opt("MustDeclareVars", 1) Global $s1, $s2 Func __thread_callback($thi, $phase) Switch $phase Case -1 ;thread is closed MsgBox(0, '', 'thread is closed return ' & thread_getreturn($thi) & ' error ' & thread_GetLastError($thi)) Case 0 ;thread is started $s1 = _WinAPI_CreateString('i love autoit') $s2 = _WinAPI_CreateString('from remote thread') thread_callsimple($thi, 'user32', 'MessageBoxW', 0, $s1, $s2, 0x00000006) ;~ ;DllCall('user32', 'int', 'MessageBoxW', 'hwnd', 0, 'ptr', $s1, 'ptr', $s2, 'uint', 0x00000006) Case 1 ;return first call _WinAPI_FreeMemory($s1) _WinAPI_FreeMemory($s2) MsgBox(0, '', 'callback api return ' & thread_getreturn($thi) & ' error ' & thread_GetLastError($thi)) $s2 = DllStructCreate('dword') DllStructSetData($s2, 1, 1024) $s1 = DllStructCreate('wchar[1024]') thread_callsimple($thi, 'Advapi32', 'GetUserNameW', DllStructGetPtr($s1), DllStructGetPtr($s2)) ;~ ;DllCall('Advapi32', 'BOOL', 'GetUserNameW', 'ptr', DllStructGetPtr($s1), 'ptr', DllStructGetPtr($s2)) Case 2 ;return second call MsgBox(0, '', 'callback api return : ' & thread_getreturn($thi) & _ @CRLF & ' error : ' & thread_GetLastError($thi) & _ @CRLF & ' string len : ' & DllStructGetData($s2, 1) & _ @CRLF & ' user name : ' & DllStructGetData($s1, 1) & _ '') thread_close($thi) ;endif thread Case 3 ; return previous call EndSwitch EndFunc ;==>__thread_callback Local $rth = thread_create('__thread_callback') While thread_isrunning($rth) ConsoleWrite('thread is running' & @CRLF) Sleep(1000) WEnd  
    • By Beege
      Here is an old goodie from ms demonstrating concepts behind multithreading and using mutexes to control sharing the screen. Its unfortunately just a console application so you have to press compile (f7) to run (can get annoying if you want to play with the code) but still pretty cool :). Each little question mark box (could be any character (used to be a smiley face in win 7)) is its own thread keeping track of its own coordinates. Each thread shares the screenmutex by kinda waiting in line for ownership of it. When the thread gains control it updates the screen, then releases the mutex for the next thread. 

      First I wrote it in pure autoit to confirm all working as expected. The Console functions actually threw me for a loop. They actual want the whole value of the coord structs and not a ptr to it so that "struct" without a * was a little uncommon. Below au3 code is just the lonely cell bouncing around.
      Func _BounceAU3() ;set a random starting id. we use this to rotate the colors Local $iMyID = Random(1, 15, 1) Local $tMyCell = DllStructCreate('char mc'), $tOldCell = DllStructCreate('char oc') Local $tMyAttrib = DllStructCreate('word ma'), $tOldAttrib = DllStructCreate('word oa') Local $tCoords = DllStructCreate($tagCOORD), $tOld = DllStructCreate($tagCOORD) Local $tDelta = DllStructCreate($tagCOORD) ;Random start and delta values $tCoords.X = Random(0, 119, 1) $tCoords.Y = Random(0, 29, 1) $tDelta.X = Random(-3, 3, 1) $tDelta.Y = Random(-3, 3, 1) ;set character/cell attributes $tMyCell.mc = $iMyID > 16 ? 0x01 : 0x02 ; doesnt seem to make a differnce in windows 10 $tMyAttrib.ma = BitAND($iMyID, 0x0F) ; Set the character color Do ;check the last position values DllCall('kernel32.dll', "bool", "ReadConsoleOutputCharacter", "handle", $g_hStdHandle, "struct*", $tOldCell, "dword", 1, "struct", $tOld, "dword*", 0) DllCall('kernel32.dll', "bool", "ReadConsoleOutputAttribute", "handle", $g_hStdHandle, "struct*", $tOldAttrib, "dword", 1, "struct", $tOld, "dword*", 0) ;if the last postion was this cell, blank/empty the cell. (Otherwise its been taken over by another thread) If ($tOldCell.oc = $tMyCell.mc) And ($tOldAttrib.oa = $tMyAttrib.ma) Then DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $g_hStdHandle, "byte*", 0x20, "dword", 1, "struct", $tOld, "dword*", 0) EndIf ;write the current cell DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $g_hStdHandle, "struct*", $tMyCell, "dword", 1, "struct", $tCoords, "dword*", 0) DllCall('kernel32.dll', "bool", "WriteConsoleOutputAttribute", "handle", $g_hStdHandle, "struct*", $tMyAttrib, "dword", 1, "struct", $tCoords, "dword*", 0) ;update coords $tOld.X = $tCoords.X $tOld.Y = $tCoords.Y $tCoords.X += $tDelta.X $tCoords.Y += $tDelta.Y ;change directions if we are out of bounds If $tCoords.X < 0 Or $tCoords.X >= 120 Then $tDelta.X *= -1 If $tCoords.Y < 0 Or $tCoords.Y >= 30 Then $tDelta.Y *= -1 Sleep(75) Until GUIGetMsg() = -3 EndFunc ;==>_BounceAU3  
      From there the that function converted into assembly so we can call as a thread. The only real differences are the extra parameters we passing as a structure and I also generate the random starting values in autoit instead, then pass them to the function. Here is what the main assembly function looks like. I added comments for each peice of code from au3 that we are translating:
      _('procf _Bounce uses ebx, pParms') ; ; create the local variables _(' locals') _(' BlankCell db 32') ; this first group covers the variables from the original script _(' MyCell db ?') _(' OldCell db ?') _(' MyAtt dw ?') _(' OldAtt dw ?') _(' tCoords COORD') _(' tDelta COORD') _(' tOld COORD') _(' bytesread dw ?') ; _(' iMyID dw ?') ; this group of local vars cover holding all the other paramerters we are passing in tParms _(' g_hScreenMutex dd ?') _(' g_hRunMutex dd ?') _(' g_hStdHandle dd ?') _(' pfWaitForSingleObject dd ?') _(' pfReleaseMutex dd ?') _(' pfReadChar dd ?') _(' pfReadAttr dd ?') _(' pfWriteChar dd ?') _(' pfWriteAttr dd ?') _(' endl') ; ;all of these push/pops are to transfer the rest of variables from tParms structure to the local variables we created ;first mov the structure address into ebx _(' mov ebx, [pParms]') ; ; now push and pop the values into the variables ; use _winapi_displaystruct() to view all the offsets being used in the [ebx+offset] lines _(' pushw [ebx]') ; _(' popw word[tCoords+COORD.X]') _(' pushw word[ebx+2]') ; _(' popw word[tCoords+COORD.Y]') _(' pushw word[ebx+4]') ; _(' popw word[tDelta+COORD.X]') _(' pushw word[ebx+6]') ; _(' popw word[tDelta+COORD.Y]') _(' pushw word[ebx+8]') ; _(' popw word[iMyID]') _(' push dword[ebx+12]') ; _(' pop dword[g_hScreenMutex]') _(' push dword[ebx+16]') ; _(' pop dword[g_hRunMutex]') _(' push dword[ebx+20]') ; _(' pop dword[g_hStdHandle]') _(' push dword[ebx+24]') ; _(' pop dword[pfWaitForSingleObject]') _(' push dword[ebx+28]') ; _(' pop dword[pfReleaseMutex]') _(' push dword[ebx+32]') ; _(' pop dword[pfReadChar]') _(' push dword[ebx+36]') ; _(' pop dword[pfReadAttr]') _(' push dword[ebx+40]') ; _(' pop dword[pfWriteChar]') _(' push dword[ebx+44]') ; _(' pop dword[pfWriteAttr]') _('.if word[iMyID] > 16') ; $tMyCell.mc = $iMyID > 16 ? 0x01 : 0x02 (no difference in windows 10) _(' mov word[MyCell], 1') _('.else') _(' mov word[MyCell], 2') _('.endif') ; _('pushw word[iMyID]') ; $tMyAttrib.ma = BitAND($iMyID, 0x0F) _('popw word[MyAtt]') _('and word[MyAtt], 15') ; _('.repeat') ; do ; ; Wait infinetly for the screen mutex to be available, then take ownership _(' invoke pfWaitForSingleObject, [g_hScreenMutex], -1') ; ; DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $hStdHandle, "byte*", 0x20, "dword", 1, "struct", $tOld, "dword*", 0) _(' invoke pfReadChar, [g_hStdHandle], addr OldCell, 1, dword[tOld], addr bytesread') ; _(' invoke pfReadAttr, [g_hStdHandle], addr OldAtt, 1, dword[tOld], addr bytesread') ; ; _(' mov al, byte[MyCell]') ;If ($tOldCell.oc = $tMyCell.mc) And ($tOldAttrib.oa = $tMyAttrib.ma) Then _(' mov cl, byte[MyAtt]') _(' .if (byte[OldCell] = al) & (byte[OldAtt] = cl)') _(' invoke pfWriteChar, [g_hStdHandle], addr BlankCell, 1, dword[tOld], addr bytesread') _(' .endif') ; ; DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $hStdHandle, "struct*", $tMyCell, "dword", 1, "struct", $tCoords, "dword*", 0) _(' invoke pfWriteChar, [g_hStdHandle], addr MyCell, 1, dword[tCoords], addr bytesread') _(' invoke pfWriteAttr, [g_hStdHandle], addr MyAtt, 1, dword[tCoords], addr bytesread') ; _(' pushw word[tCoords+COORD.X]') ;$tOld.X = $tCoords.X _(' popw word[tOld+COORD.X]') ; _(' pushw word[tCoords+COORD.Y]') ;$tOld.Y = $tCoords.Y _(' popw word[tOld+COORD.Y]') _(' mov ax, word[tDelta+COORD.X]') ; $tCoords.X += $tDelta.X _(' add word[tCoords+COORD.X], ax') ; _(' mov ax, word[tDelta+COORD.Y]') ; $tCoords.Y += $tDelta.Y _(' add word[tCoords+COORD.Y], ax') ; ; If $tCoords.X < 0 Or $tCoords.X >= 120 Then $tDelta.X *= -1 _(' .if (word[tCoords+COORD.X] < 0 | word[tCoords+COORD.X] >= 120)') _(' neg word[tDelta+COORD.X]') _(' .endif') _(' .if (word[tCoords+COORD.Y] < 0 | word[tCoords+COORD.Y] >= 30)') _(' neg word[tDelta+COORD.Y]') _(' .endif') ; ; release the screen mutex _(' invoke pfReleaseMutex, [g_hScreenMutex]') ; ; wait 100 ms for the Runmutex to be available. _(' invoke pfWaitForSingleObject, [g_hRunMutex], 100') ; ; a return of 258 means it timed out waiting and that the run mutex (owned by the main autoit thread) is still alive. ; when the run mutex handle gets closed this will return a fail or abandonded. _('.until eax <> 258') ; ;exit thread _(' ret') _('endp')  
      And finally how we call that assembled function from autoit to create the theads:
      ;create mutex for sharing the screen thats not owned by main thread Global $g_hScreenMutex = _WinAPI_CreateMutex('', False) ; ;create mutex that tells the threads to exit that is owned by main thread Global $g_hRunMutex = _WinAPI_CreateMutex('', True) ... ... ;assemble function Local $tBinExec = _fasmg_Assemble($g_sFasm, False) ;Local $tBinExec = _fasmg_CompileAu3($g_sFasm) If @error Then Exit (ConsoleWrite($tBinExec & @CRLF)) ;this is struct is for all the values Im passing to the thread. ;this will hold are random start x,y,delta values, handles, and pointers to functions called within the thread $tParms = DllStructCreate('short start[4];word myid;dword hands[3];ptr funcs[6]') $tParms.start(1) = Random(0, 119, 1) $tParms.start(2) = Random(0, 29, 1) $tParms.start(3) = Random(-3, 3, 1) $tParms.start(4) = Random(-3, 3, 1) $tParms.myid = 1 $tParms.hands(1) = $g_hScreenMutex $tParms.hands(2) = $g_hRunMutex $tParms.hands(3) = $g_hStdHandle $tParms.funcs(1) = _GPA('kernel32.dll', 'WaitForSingleObject') $tParms.funcs(2) = _GPA('kernel32.dll', 'ReleaseMutex') $tParms.funcs(3) = _GPA('kernel32.dll', 'ReadConsoleOutputCharacterA') $tParms.funcs(4) = _GPA('kernel32.dll', 'ReadConsoleOutputAttribute') $tParms.funcs(5) = _GPA('kernel32.dll', 'WriteConsoleOutputCharacterA') $tParms.funcs(6) = _GPA('kernel32.dll', 'WriteConsoleOutputAttribute') ;create 128 threads with different start values and colors for each one For $i = 1 To 128 $tParms.myid = $i $tParms.start(1) = Random(0, 119, 1) $tParms.start(2) = Random(0, 29, 1) $tParms.start(3) = Random(-3, 3, 1) $tParms.start(4) = Random(-3, 3, 1) If $tParms.start(3) + $tParms.start(4) = 0 Then $tParms.start(3) = (Mod(@MSEC, 2) ? 1 : -1) ; adjusting non-moving (0,0) delta values.. DllCall("kernel32.dll", "hwnd", "CreateThread", "ptr", 0, "dword", 0, "struct*", $tBinExec, "struct*", $tParms, "dword", 0, "dword*", 0) Sleep(50) Next MsgBox(262144, '', '128 Threads Created') ;Close the run mutex handle. This will cause all the threads to exit _WinAPI_CloseHandle($g_hRunMutex) _WinAPI_CloseHandle($g_hScreenMutex) MsgBox(262144, '', 'Mutex handles closed. All Threads should have exited') Exit The attachment below contains both the compiled and source assembly. To play with the assembly source you need to add the fasmg udf in my sig. The compiled version should not need anything. Let me know if you have any issues.
      Special thanks to @trancexx for teaching me this with her clock example
    • By Beege
      Heres a function for searching for a bitmap within another bitmap. The heart of it is written assembly (source included) and working pretty quick I feel. I have included an example which is pretty basic and should be easily enough for anyone to get the concept. 
      You will be given a small blue window that will take a screencapture of that size:

      It will then take a full screenshot and highlight all locations that it found

      Please let me know if you have any issues or questions. Thanks!
      Update 8/5/2019:
      Rewrote for fasmg. Added full source with everything needed to modify
      GAMERS - Asking for help with ANY kind of game automation is against the forum rules. DON'T DO IT.
    • By Beege
      Years ago I tried to put some functionality together to do some of this here. I started off in the right direction but it ended up getting out of control. Any new thing I learned along the way (as I was creating it), I kept trying to add in and it all became a mess. One of my primary goals with that was to make sure the code could always be pre-compiled and still run. That part did work and I was able create a couple of good projects with it, but still a lot of parts I wouldn't consider correct now and certainly not manageable. 
      Here is a redo of what I was going for there only this time I'm not going to be generating any of the assembly code. That's all going to be done using the built in macro engine already within fasm.dll and the macros written by Tomasz Grysztar (creator of fasm) so this time I don't have to worry about any of the code that gets generated. Im not going to touch the source at all. In fact there is not even going to be _fasmadd or global variables tracking anything. None of that is needed with the added basic and extended headers that you can read more about in the fasm documentation. You can use almost all of whats in the documentation section for basic/extended headers but ignore the parts about import,exports,resources,text encoding. doesn't really apply here.
      Here are examples I came up with that covers a lot of core functionality to write assembly code in a manner that you already know how. If/while using multiple conditional logic statements,  multiple functions, local variables, global variables, structures, COM interfaces, strings as parameters, nesting function calls. These are all things you dont even have to think about when your doing it in autoit and I'm hoping this helps bring some of that same comfort to fasm. 
      These 3 simple callback functions will be used through out the examples  
      Global $gConsoleWriteCB = DllCallbackRegister('_ConsoleWriteCB', 'dword', 'str;dword'), $gpConsoleWriteCB = DllCallbackGetPtr($gConsoleWriteCB) Global $gDisplayStructCB = DllCallbackRegister('_DisplayStructCB', 'dword', 'ptr;str'), $gpDisplayStructCB = DllCallbackGetPtr($gDisplayStructCB) Global $gSleepCB = DllCallbackRegister('_SleepCB', 'dword', 'dword'), $gpSleepCB = DllCallbackGetPtr($gSleepCB) Func _ConsoleWriteCB($sMsg, $iVal) ConsoleWrite($sMsg & $iVal & @CRLF) EndFunc ;==>_ConsoleWriteCB Func _DisplayStructCB($pStruct, $sStr) _WinAPI_DisplayStruct(DllStructCreate($sStr, $pStruct), $sStr, 'def=' & $sStr) EndFunc ;==>_DisplayStructCB Func _SleepCB($iSleep) Sleep($iSleep) EndFunc ;==>_SleepCB  
      proc/endp - like func and endfunc with some extra options. "uses" statement will preserve the registers specified. stdcall is the default call type if not specified. DWORD is the default parameter size if not specified. ret value is also handled for you. You don't have to worry about adjusting a number every time you throw on an extra parameter. In fact you don't ever have to specify/touch ebp/esp at all with these macros. See Basic headers -> procedures for full description.
      force - just a macro I added for creating a anonymous label for the first/primary function to ensure the code gets generated. The problem we are getting around is this: in our example, _main is never actually called anywhere within fasm code and fasm engine detects that and thinks the code is doing nothing. Because of that it wants to skip generating that code and all code that was called by it leaving you with nothing. This is actually a great feature but we obviously want to make an exception for our main/initial/primary function that starts it all off so thats all this does.
      Func _Ex_Proc() $g_sFasm = '' _('force _main') _('proc _main uses ebx, parm1, parm2') ; _('proc _main stdcall uses ebx, parm1:DWORD, parm2:DWORD'); full statement _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' mov eax, ebx') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $iAdd = DllCallAddress('dword', DllStructGetPtr($tBinary), 'dword', 5, 'dword', 5) ConsoleWrite('Parm1+Parm2=' & $iAdd[0] & @CRLF) EndFunc ;==>_Ex_Proc  
          Here Im showing you calling _ConsoleWriteCB autoit function we set up as a callback. Its how you would call any function in autoit from fasm.
          Strings - Notice Im creating and passing "edx = " string to the function on the fly. So helpful!
          invoke - same as a stdcall with brackets []. Use this for when calling autoit functions
      Func _Ex_Callback() $g_sFasm = '' _('force _main') _('proc _main, pConsoleWriteCB, parm1, parm2') _(' mov edx, [parm1]') _(' add edx, [parm2]') _(' invoke pConsoleWriteCB, "edx = ", edx') ; ;~ _(' stdcall [pConsoleWriteCB], "edx = ", edx') ; same as invoke _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB, 'dword', 5, 'dword', 5) EndFunc ;==>_Ex_Callback  
      Showing .while/.endw, .if/.elseif/.else/.endif usage. .repeat .until are also macros you can use. See Extended Headers -> Structuring the source. Ignore .code, .data, .end - Those are gonna be more for a full exe.
      invokepcd/invokepd - these are macros I added that are the same as invoke, just preserve (push/pop) ECX or both ECX and EDX during the call. Below is also a good example of what can happen when you don't preserve registers that are caller saved (us calling the function) vs callie saved (us creating the function). EAX,ECX,EDX are all caller saved so when we call another function like the autoit callback _ConsoleWriteCB, those registers could have very different values then what was in them before the call. This function below should do at least two loops, but it doesn't (at least on my pc) without preserving ECX because ECX is no longer zero when the function returns.
      Keep the same thought in mind for registers EBX,ESI,EDI when you are creating assembly functions (callie saved). If your functions uses those registers, You need to preserve and restore them before your code returns back to autoit or else you could cause a similar effect to autoit. "trashing" registers is a term I've seen used alot when referring to these kind of mistakes
      Func _Ex_IfElseWhile() $g_sFasm = '' _('force _main') _('proc _main uses ebx, pConsoleWriteCB') _(' xor edx, edx') ; edx=0 _(' mov eax, 99') ; _(' mov ebx, 10') _(' xor ecx, ecx') ; ecx=0 _(' .while ecx = 0') _(' .if eax<=100 & ( ecx | edx )') ; not true on first loop _(' inc ebx') _(' invokepcd pConsoleWriteCB, "Something True - ebx=", ebx') _(' ret') _(' .elseif eax < 99') ; Just showing you the elseif statement _(' inc ebx') _(' .else') ;~ _(' invokepcd pConsoleWriteCB, "Nothing True - ebx=", ebx') ; comment this and uncomment the line below _(' invoke pConsoleWriteCB, "Nothing True - ebx=", ebx') _(' inc edx') ; this will make next loop true _(' .endif') _(' .endw') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB) EndFunc ;==>_Ex_IfElseWhile  
          Sub Functions : You already understand this. Not really "sub", its just another function you call. And those functions call other functions and so on.
          fix : syntax sugar - Look how easy it was to replace invoke statement with our actual autoit function name
          ptr : more sugar - same thing as using brackets [parm1]
          Nesting : In subfunc1 we pass the results of two function calls to the same function we are calling
      Func _Ex_SubProc() $g_sFasm = '' ;replace all '_ConsoleWriteCB' statments with 'invoke pConsoleWriteCB' before* assembly _('_ConsoleWriteCB fix invoke pConsoleWriteCB') _('force _main') _('proc _main uses ebx, pConsoleWriteCB, parm1, parm2') _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' _ConsoleWriteCB, "ebx start = ", ebx') _(' stdcall _subfunc1, [pConsoleWriteCB], [parm1], [parm2]') _(' _ConsoleWriteCB, "ebx end = ", ebx') _(' ret') _('endp') ; _('proc _subfunc1 uses ebx, pConsoleWriteCB, parm1, parm2') _(' mov ebx, [parm1]') _(' _ConsoleWriteCB, " subfunc1 ebx start = ", ebx') _(' stdcall _SubfuncAdd, <stdcall _SubfuncAdd, [parm1], [parm2]>, <stdcall _SubfuncAdd, ptr parm1, ptr parm2>') ; Nesting functions _(' _ConsoleWriteCB, " _SubfuncAdd nested <5+5><5+5> = ", eax') _(' _ConsoleWriteCB, " subfunc1 ebx end = ", ebx') _(' ret') _('endp') ; _('proc _SubfuncAdd uses ebx, parm1, parm2') _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' mov eax, ebx') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB, 'dword', 5, 'dword', 5) EndFunc ;==>_Ex_SubProc  
      This demonstrates the struct macro. See basic headers -> Structures for more info
      _FasmAu3StructDef will create an equivalent formated structure definition. All elements already have a sizeof.#name created internally. So in this example sizeof.AUTSTRUCT.x would equal 8. sizeof.AUTSTRUCT.z would equal 16 (2*8). I have added an additional one sot.#name (sizeoftype) for any array that gets created. Below is the source of what gets generate from 'dword x;dword y;short z[8]'. Also dont get confused that in fasm data definitions,  d is for data as in db (data byte) or dw (data word). Not double like it is in autoit's dword (double word). See intro -> assembly syntax -> data definitions
      struct AUTSTRUCT x dd ? y dd ? z dw 8 dup ? ends define sot.AUTSTRUCT.z 2 Func _Ex_AutDllStruct() $g_sFasm = '' Local Const $sTag = 'dword x;dword y;short z[8]' _(_FasmAu3StructDef('AUTSTRUCT', $sTag)) _('force _main') _('proc _main uses ebx, pDisplayStructCB, pAutStruct') _(' mov ebx, [pAutStruct]') ; place address of autoit structure in ebx _(' mov [ebx+AUTSTRUCT.x], 1234') _(' mov [ebx+AUTSTRUCT.y], 4321') _(' xor edx, edx') _(' mov ecx, 5') ; setup ecx for loop instruction _(' Next_Z_Index:') ; set elements 1-6 (0-5 here in fasm) _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*ecx)], cx') ; cx _(' loop Next_Z_Index') _(' invoke pDisplayStructCB, [pAutStruct], "' & $sTag & '"') _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*6)], 666') _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*7)], 777') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $tAutStruct = DllStructCreate($sTag) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB, 'struct*', $tAutStruct) _WinAPI_DisplayStruct($tAutStruct, $sTag) EndFunc ;==>_Ex_AutDllStruct  
      Here shows the locals/endl macros for creating local variables. See basic headers -> procedures. We create a local string and the same dll structure as above. Notice that you can initialize all the values of the structure on creation. There is a catch to this though that I will show you in next example.
      addr macro - This will preform the LEA instruction in EDX and then push the address on to the stack. This is awesome, just remember its using EDX to perform that and does not preserve it. You'll pretty much want to use that for any local variables you are passing around.
      Edit: I shouldn't say things like that so causally.  Use the addr macro as much as you want but remember that it is adding a couple of extra instuctions each time you use it so if your calling invoke within a loop and ultimate performance is one of your goals, you should probably perform the LEA instructions before the loop and save the pointer to a separate variable that your would then use in the loop. 
      Func _Ex_LocalVarsStruct() $g_sFasm = '' Local Const $sTag = 'dword x;dword y;short z[8]' _(_FasmAu3StructDef('POINT', $sTag)) _('force _main') _('proc _main, pDisplayStructCB') _(' locals') _(' sTAG db "' & $sTag & '", 0') ; define local string. the ', 0' at the end is to terminate the string. _(' tPoint POINT 1,2,<0,1,2,3,4,5,6,7>') ; initalize values in struct _(' endl') _(' invoke pDisplayStructCB, addr tPoint, addr sTAG') _(' mov [tPoint+POINT.x], 4321') _(' mov [tPoint+POINT.z+sot.POINT.z*2], 678') _(' invoke pDisplayStructCB, addr tPoint, addr sTAG') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $ret = DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB) EndFunc ;==>_Ex_LocalVarsStruct  
      Back to the catch. Alignment is the problem here but only with the initializes. I'm handling all the alignment ok so you don't have to worry about that for creating structures that need alignment, only if you are using the one liner initialize in locals. The problem comes from extra padding being defined to handle the alignment, but fasm doesn't really know its just padding so without adding extra comma's to the initiator statement, your data ends up in the padding or simply fails. The _FasmFixInit will throw in the extra commas needed to skip the padding.
      Func _Ex_LocalVarStructEx() $g_sFasm = '' $sTag = 'byte x;short y;char sNote[13];long odd[5];word w;dword p;char ext[3];word finish' _(_FasmAu3StructDef('POINT', $sTag)) _('force _main') _('proc _main, pDisplayStructCB') _(' locals') _(' tPoint POINT ' & _FasmFixInit('1,222,<"AutoItFASM",0>,<41,43,43,44,45>,6,7,"au3",12345', $sTag)) _(' endl') _(' invoke pDisplayStructCB, addr tPoint, "' & $sTag & '"') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB) EndFunc ;==>_Ex_LocalVarStructEx  
      I love this one and it is really not even that hard to explain. We got multiple functions and want to be able to call them individually. Here I simply use the primary function to tell me where all the functions are. I load all the offsets (byte distance from start of code) of each each function in to a dllstruct, then once its passed back to autoit, adjust all the offsets by where they are actually located in memory (pointer to dll). From there you can call each individual function as shown previously. full code is in the zip. 
      String functions came from link below. I ended up modifying strcmp to get a value I understand. CRC32 func is all mine. Made it so easy being able to call _strlen and then use while statements like I normally would    https://www.strchr.com/strcmp_and_strlen_using_sse_4.2
      Func _Ex_SSE4_Library() $g_sFasm = '' _('force _main') _('proc _main stdcall, pAdd') _(' mov eax, [pAdd]') _(' mov dword[eax], _crc32') _(' mov dword[eax+4], _strlen') _(' mov dword[eax+8], _strcmp') _(' mov dword[eax+12], _strstr') _(' ret') _('endp') _('proc _crc32 uses ebx ecx esi, pStr') ; _('endp') _('proc _strlen uses ecx edx, pStr') ; _('endp') _('proc _strcmp uses ebx ecx edx, pStr1, pStr2') ; ecx = string1, edx = string2' ; _('endp') _('proc _strstr uses ecx edx edi esi, sStrToSearch, sStrToFind') ; _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $pBinary = DllStructGetPtr($tBinary) Local $sFunction_Offsets = 'dword crc32;dword strlen;dword strcmp;dword strstr' $tSSE42 = DllStructCreate($sFunction_Offsets) $ret = DllCallAddress('ptr', $pBinary, 'struct*', $tSSE42) _WinAPI_DisplayStruct($tSSE42, $sFunction_Offsets, 'Function Offsets') ;Correct all addresses $tSSE42.crc32 += $pBinary $tSSE42.strlen += $pBinary $tSSE42.strcmp += $pBinary $tSSE42.strstr += $pBinary $sTestStr = 'This is a test string!' ConsoleWrite('$sTestStr = ' & $sTestStr & @CRLF) $iCRC = DllCallAddress('int', $tSSE42.crc32, 'str', $sTestStr) ConsoleWrite('CRC32 = ' & Hex($iCRC[0]) & @CRLF) $aLen = DllCallAddress('int', $tSSE42.strlen, 'str', $sTestStr) ConsoleWrite('string len = ' & $aLen[0] & ' :1:' & @CRLF) $aFind = DllCallAddress('int', $tSSE42.strcmp, 'str', $sTestStr, 'str', 'This iXs a test') ConsoleWrite('+strcmp = ' & $aFind[0] & @CRLF) $aStr = DllCallAddress('int', $tSSE42.strstr, 'str', 'This is a test string!', 'str', 'test') ConsoleWrite('Strstr = ' & $aStr[0] & @CRLF) EndFunc ;==>_Ex_SSE4_Library  
      I'm extremely happy I got a com interface example working. I AM. That being said.. I'm pretty fucking annoyed I cant find the original pointer when using using built in ObjCreateInterface I've tired more than just whats commented out. It anyone has any input (I know someone here does!) that would be great. Using the __ptr__ from _autoitobject works below. Example will delete the tab a couple times.
      Edit: Got that part figured out. Thanks again trancexx!
      Func _Ex_ComObjInterface() $g_sFasm = '' ;~ _AutoItObject_StartUp() ;~ Local Const $sTagITaskbarList = "QueryInterface long(ptr;ptr;ptr);AddRef ulong();Release ulong(); HrInit hresult(); AddTab hresult(hwnd); DeleteTab hresult(hwnd); ActivateTab hresult(hwnd); SetActiveAlt hresult(hwnd);" ;~ Local $oList = _AutoItObject_ObjCreate($sCLSID_TaskbarList, $sIID_ITaskbarList, $sTagITaskbarList) Local Const $sCLSID_TaskbarList = "{56FDF344-FD6D-11D0-958A-006097C9A090}", $sIID_ITaskbarList = "{56FDF342-FD6D-11D0-958A-006097C9A090}" Local Const $sTagITaskbarList = "HrInit hresult(); AddTab hresult(hwnd); DeleteTab hresult(hwnd); ActivateTab hresult(hwnd); SetActiveAlt hresult(hwnd);" Local $oList = ObjCreateInterface($sCLSID_TaskbarList, $sIID_ITaskbarList, $sTagITaskbarList) _('interface ITaskBarList,QueryInterface,AddRef,Release,HrInit,AddTab,DeleteTab,ActivateTab,SetActiveAlt') ; _('force _main') _('proc _main uses ebx, pSleepCB, oList, pGUIHwnd') _(' comcall [oList],ITaskBarList,HrInit') _(' xor ebx, ebx') _(' .repeat') _(' invoke pSleepCB, 500') ; wait _(' comcall [oList],ITaskBarList,DeleteTab,[pGUIHwnd]') ; delete _(' invoke pSleepCB, 500') ; wait _(' comcall [oList],ITaskBarList,AddTab,[pGUIHwnd]') ; add back _(' comcall [oList],ITaskBarList,ActivateTab,[pGUIHwnd]') ; actvate _(' inc ebx') _(' .until ebx=4') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $GUI = GUICreate("_Ex_ComObjInterface ------ DeleteTab") GUISetState() ;~ DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpSleepCB, 'ptr', $oList.__ptr__, 'dword', Number($GUI)) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpSleepCB, 'ptr', $oList(), 'dword', Number($GUI)) EndFunc ;==>_Ex_ComObjInterface  
      Lastly here is an example of how to use a global variable. Without using the org statement, this value is just an offset like the functions in the library example. In order for your code to know that location, it needs to know where the real starting address is so we have to pass that to our functions. Once you have it, if you write your code proper and preserve registers correctly, you can just leave in EBX. From what I understand, if all functions are following stdcall rules, that register shouldn't change in less you change it. Something cool and important to remember is these variables will hold whatever values left in them till you wipe the memory (dll structure) holding your code. keep that in mind if you made your dll structure with a static keyword. If thats the case treat them like static variables
      Func _Ex_GlobalVars() $g_sFasm = '' _('_ConsoleWriteCB fix invoke pConsoleWriteCB') ; _('force _main') _('proc _main uses ebx, pMem, pConsoleWriteCB, parm1') _(' mov ebx, [pMem]') ; This is where are code starts in memory. _(' mov [ebx + g_Var1], 111') _(' add [ebx + g_Var1], 222') _(' _ConsoleWriteCB, "g_Var1 = ", [ebx + g_Var1]') _(' stdcall subfunc1, [pMem], [pConsoleWriteCB], [parm1]') _(' mov eax, g_Var1') _(' ret') _('endp') ; _('proc subfunc1 uses ebx, pMem, pConsoleWriteCB, parm1') _(' mov ebx, [pMem]') _(' mov [ebx + g_Var1], 333') _(' _ConsoleWriteCB, "g_Var1 from subfunc1= ", [ebx + g_Var1]') _(' stdcall subfunc2, [pConsoleWriteCB], [parm1]') ; no memory ptr passed. ebx should be callie saved _(' _ConsoleWriteCB, "g_Var1 from subfunc1= ", [ebx + g_Var1]') _(' stdcall subfunc2, [pConsoleWriteCB], [parm1]') _(' ret') _('endp') ; _('proc subfunc2, pConsoleWriteCB, parm1') _(' add [ebx + g_Var1], 321') _(' _ConsoleWriteCB, "g_Var1 from subfunc2= ", [ebx + g_Var1]') _(' ret') _('endp') ; _('g_Var1 dd ?') ; <--------- Global Var Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $iOffset = DllCallAddress('dword', DllStructGetPtr($tBinary), 'struct*', $tBinary, 'ptr', $gpConsoleWriteCB, 'dword', 55)[0] ConsoleWrite('$iOffset = ' & $iOffset & @CRLF) Local $tGVar = DllStructCreate('dword g_Var1', DllStructGetPtr($tBinary) + $iOffset) ConsoleWrite('Directly access g_Var1 -> ' & $tGVar.g_Var1 & @CRLF) ; direct access EndFunc ;==>_Ex_GlobalVars  
    • By Beege
      Special thanks to Ward for his udf and Trancexx for her assembly examples as they have played a huge role in my learning of asm.    UDF Requires  >Beta version or higher. Also Requires >Wards Fasm UDF.  Direct Download Link   FASMEx.zip   FasmEx 9-29-2013.zip   This is dead. See new version here : 
  • Create New...