Jack's first Win32 Assembler helloworld

This article has been updated. Please refer to the new article
Basic Win32 Assembly knowledge compiled by Jack
Http://blog.csdn.net/magus_yang/archive/2007/04/05/1552930.aspx

Title: Jack's first Win32 Assembler helloworld

Operator: Jack Yang time: link: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>; part 1: schema and source program format definition statement. 386; instruction set. model flat, stdcall; working mode option Casemap: none; format >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>; include File definition >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Include windows. incinclude user32.incincludelib user32.libinclude kernel32.incincludelib kernel32.lib; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>; data Segment >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>. dataszcaption dB 'a MessageBox! ', 0 sztext db' Hello, world! ', 0; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>; code snippet >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>. codestart: invoke MessageBox, null, offset sztext, offset szcaption, mb_ OK invoke exitprocess, null >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> end start; specifies the entry of the program. 1. Part 1 Definition Statement of the mode and source program formatThe first line specifies the instruction set used (used by the compiler). The Win32 environment works on 80386 and later processors, so it must be defined as. 386. If Privileged commands are required in a program (drivers such as VxD), 386 P must be defined. The second line defines the program working mode (including memory mode, language mode, and other mode). For Win32 programs, there is only one memory mode, namely the flat mode. Win32 API calls use the stdcall format. Therefore, the stdcall parameter must be added to. Model in Win32 assembly. The third row of the Option statement is case sensitive because the API name in Win32 API is case sensitive. Therefore, you must define option Casemap: none to indicate that the variables and subroutine names in the program are case sensitive. 2. Source program structure that contains all segments:. 386. Model flat, stdcalloption Casemap: None <some include statements>. Stack [size of stack segments]. Data <some initialized variable definitions>. Data? <Some variable definitions that have not been initialized>. Const <some constant definitions>. Code <code> <start tag> <other statements> end start tag 3. Segment DefinitionData Segment. data has initialized data segments and readable and writable Defined variables. When the program is loaded, these values are already in the memory. The data is defined in. the size of the executable file is increased in the data segment ;. data segments are generally stored in the _ data section of the executable file ;. data? Uninitialized data segments and readable and writable undefined variables do not occupy space in the executable files. These variables are generally used as a buffer or only after the program is executed. Data is defined in. Data? The size of the executable file is not increased in the data segment;. Data? Segments are generally stored in the _ BSS section of the executable file ;. const constant, readable and unwritable variable; code segment. all Code commands must be written in the code segment. In Win32, data segments are not executable, and only code segments have executable attributes. For applications running in privileged level 3 ,. the code segment cannot be written. Except that the attribute bit in the PE Header of the executable file is changed to writable. For programs running at the privileged level 0, all segments have read and write permissions, including code segments ;. code segments are generally stored in the _ text section of the executable file; stack segments. unlike dos assembly, Win32 assembly does not have to consider stacks. The system automatically allocates the stack space. The Memory attribute of the stack segment is read/write and executable. The anti-tracking module that dynamically modifies the code can copy it to the stack and modify and execute it; this feature is also used by the buffer overflow technology; 4. How to call the operating system function:The functions of the operating system in DOS are achieved through various soft interruptions. The application calls the operating system function through the following three processes: Put the corresponding parameters in each register and then call the corresponding interrupt; the program control is transferred to the interrupt for execution; after completion, the returned command is interrupted through iret and returned to the application. disadvantages of calling the system function method in DOS: All function numbers are hard to remember; the 80x86 series Processors can handle up to 256 interruptions. parameters are transferred through registers, which is inconvenient for functions with many parameters; the system function module of Win32 is placed in Windows dynamic link library (DLL) as the three DLL of Win32 API core: kernel32.dll system service function. Gdi32.dll graphical device interface. User32.dll user interface service. For details about the parameters and function declaration of common APIs, see Microsoft Win32 programmer's reference. 5. Win32 API Function prototype DeclarationThe Assembly format of the function prototype declaration is as follows: function name proto [distance] [language] [parameter 1]: data type, [parameter 2]: data type ,...... proto is the pseudo-instruction distance of function declaration. It can be set to near, far, near16, near32, far16, or far32. Since Win32 has only one flat segment, there is no distance between them, therefore, the distance can be ignored during definition. The language type is the default value defined by. model. Take the message dialog box function MessageBox as an example. The C format is as follows: int MessageBox (hwnd, // handle to owner window lpctstr lptext, // text in message box lpctstr lpcaption, // message box title uint utype // message box style); Assembly format: MessageBox proto hwnd: DWORD, lptext: DWORD, lpcaption: DWORD, utype: DWORD can be written as MessageBox proto: DWORD,: DWORD compiler only interested in the number and type of parameters. The parameter name only increases readability, so it can be omitted. For the assembly language, the parameter in the Win32 environment actually only has one type, namely a 32-bit integer (DWORD, double word), double word, and four bytes. 6. Call Win32 APIThere are two ways to call an API: 1) The pseudocommands provided by invoke MASM can improve code readability and reduce errors. Invoke does the following: during compilation, the compiler expands the invoke pseudocommand into the corresponding push and call commands, and checks the number of parameters. If the number of included parameters does not match the actual number, the compiler reports an error. 2) The invoke MessageBox, null, offset sztext, offset szcaption, and mb_ OK commands of the 80386 processor combined push and call can also be written as push nullpush offset sztextpush offset szcaptionpush mb_okcall MessageBox 7. Win32 API Processing of function return valuesFor assembly languages, Win32 API functions return only one type of DWORD, which is always placed in eax. If the content to be returned cannot be stored in an eax, Win32 API uses the following method: a) Generally, eax returns a pointer to the returned data; B) provide a buffer address in the call parameters, and the data is directly returned to the buffer. Similar to the concept of variable parameters; 8. String-related Win32 API CategoryIn the Win32 environment, string-related APIs can be divided into two types based on two different character sets (ANSI character set and Unicode Character Set):) the name of the Win32 API function that processes the ANSI character set contains a "A" character at the end of the function name. The ANSI string is an array of characters ending with null. Each ANSI character occupies the width of one byte; messageboxa proto hwnd: DWORD, lptext: DWORD, lpcaption: DWORD, utype: dwordb) The end of the Win32 API function name for processing the Unicode Character Set contains a "W" character; each Unicode Character occupies the width of two bytes, so 65536 different characters can be defined at the same time; messageboxw proto hwnd: DWORD, lptext: DWORD, lpcaption: DWORD, utype: DWORD Windows 9x series does not support Unicode APIs, and most APS I only has the ANSI version. Only the Windows NT Series Fully support Unicode APIs. In order to write programs that can be used in multiple platforms, generally, applications use the ansi api function set. One way to improve program Portability: Generally, the Unicode or ANSI version is not directly specified in the source program, but the conditional assembly function in macro assembly is used for unified replacement. For example, define the following definition in the header file: If Unicode MessageBox equ <messageboxw> else MessageBox equ <messageboxa> endif, then specify Unicode = 1 or Unicode = 0 in the header of the source program, different versions can be generated after recompilation. Not complete, To be continued... References: Chapter 3 of "32-bit assembly language programming in Windows" (version 2) by Luo yunbin