I'm working on an assembly code using Flat Assembler that would read a value from an .ini file, and, in order to do that, I'm trying to invoke the Kernel 32.dll GetPrivateProfileInt function.
There is only one problem with that: in order to properly read the file, I need to pass the full path of the .ini as a parameter to this function. I have tried to pass '.\config.ini' as a parameter and I have also tried to use MAX_PATH/rb MAX_PATH to get the full working directory (which is sometimes valid in FASM), but that didn't work either...
If anyone could help me, I would be grateful!
Here is my current code:
[...]
invoke GetPrivateProfileInt,.secname,.keyname,-1,.inifile
cmp eax,1
je .start
invoke MessageBoxA,0,.inifile,.secname,MB_ICONERROR
[...]
.inifile: db '.\config.ini',0
.secname: db 'config',0
.keyname: db 'advanced',0
(Note: this messagebox code is just something I included in order to know if that function was actually reading the value from the config.ini)
And the .ini file I'm trying to read:
[config]
advanced=1
Again, if anyone could help me, I would be grateful!
Actually, this behavior is described in MSDN.
lpFileName [in]
The name of the initialization file. If this parameter does not contain a full path to the file, the system searches for the file in the Windows directory.
If you want to use exactly the current working directory (which is not always the one where the executable file resides), use GetCurrentDirectory API to get the current working directory and then append the configuration file after this string.
But usually you want to read the configuration file from the directory where the executable file is placed.
In these cases I use something like the following:
.aminitwindow:
; Create string with the filename of the INI file.
lea ebx, [.str]
invoke GetModuleFileNameA, NULL, ebx, 512
mov ecx, eax
.findloop:
dec eax
js .notfound
cmp byte [ebx+eax], '.'
je .found
jmp .findloop
.notfound:
mov eax, ecx
.found:
mov dword [ebx+eax], '.cfg'
mov byte [ebx+eax+4], 0
lea esi, [eax+16]
Here I construct the name of the configuration file, simply changing the extension of the executable file (from .exe to .cfg). If you want to use different name, simply scan back to the first "\" character and then add the whole filename of your config file.
Related
Below is in the log file.
> [32m??????[00m
> [33m?≪?SDH?梧昭絽檎?????祉???儀??賢?с???[00m
I want a spedific command run. The command send EDI data from application server to EDI base server.
Some sort of error occured so I opened a log file.
How can I know what kind of character code when these texts are written ?
I get zip.exe from http://stahlworks.com/dev/index.php?tool=zipunzip
I have unpacked the files to:
.text
.rdata
.data
How to connect together through a command line using an external program or without?
copy /B .text+.rdata+.data zip.exe
The above code does not work.
You can't just glue together sections of a PE or ELF file and expect to get a working executable because there's more information needed, namely a number of headers that describe those sections and other important things.
At any rate, I'm not sure why you're dealing with this in first place. zip.exe downloads just fine from that page. I see no reason to break it only to be unable to later repair it.
the unzipping feature of winrar is something rather for fun its kinda easter egg i think, that ilustrates the fact that exe has some internal format that contains section, but you shouldnt unzip it really as an user (only someone could do this for some reverse engeenering attempt, like hex viewing a contents of an exe)... so simply dont unzip exe you wouldnt need to pack it together then.. exe is exe dont unzip it
Example: myprog.c:(.text+0x18): undefined reference to 'prog.new'
If .text+0x18 is supposed to reference the line that is in error, how can I interpret the .text and the +0x18.
I understand the 0x18 = 24d, but nothing at that line references the prog.new.
It isn't a line number, nor an offset from the beginning of the line!
What the heck is it?
Thanks, Derick
It's not a location inside the .c file, but in the .o file (even though it says "myprog.c" and not "myprog.o"). .text+0x18 means "the 18th byte after the start of the text section", the text section being the part of the object file that contains the executable code.
If you're getting locations like that, that means that the object file does not contain any debug information, so the linker can't reconstruct the line and column number from the byte number. If you compile with debug symbols (-g), you should get proper line numbers instead.
assume cs :code , ds:data
data segment
aa db 'C:\Program',32,'Files\Internet',32,'Explorer\a',00h
;aa db 'C:\Program Files\Internet Explorer\a',00h
data ends
code segment
main:
mov ax,data
mov ds,ax
mov ah,41h
lea dx,aa
int 21h
mov ah,4ch
int 21h
code ends
end main
as you can see the path of Internet explorer has some spaces in it which make it difficult to delete
can you suggest a way to be able to use a path with spaces ?
i'm trying to delete IE giving the fact it's being used by a virus to send my informations somewhere
For my application I'm testing the longest available file path to be allowed to be moved into the Recycle Bin and I'm getting interesting results.
On Windows XP the maximum size is 259 characters, which is the MAX_PATH constant minus 1.
But on my Windows 8.1 Pro, that maximum allowed file path size somehow seem to be 215 characters.
So I'm curious are there any official guidelines for this?
EDIT: OK, since posters below requested an API, I'm using SHFileOperation with FO_DELETE and FOF_ALLOWUNDO to place a user's file into the Recycle Bin. Since Windows Explorer uses the same exact API for its Delete operation it's easy to test it by making a long path within Windows Explorer and then by trying to delete it. In my experiments I can see the following:
Windows XP, if the total path length is 259 chars (on some editions, it may be 257??), the file/folder will be placed into the Recycle Bin. Otherwise Windows Explorer offers only an option to permanently delete it.
Windows Vista, this limit is 217 chars, inclusively.
Windows 7 and 8, it is 215 chars, inclusively.
So it seems like this maximum limit is shrinking... Thus I was just curious, if this is documented somewhere in MSDN?
Recycle Bin internals:
Windows XP
Every drive has its own drive:\RECYCLER\%USER_SID% directory. This directory contains all deleted files but files have names like DcN.ext where D is fixed part of the name, c is drive letter, N is a index and ext is extension of original file. Besides deleted files there is database file named INFO2.
INFO2 file starts with header. Header structure:
Offset Type Value
0x0000 DWORD Signature ; Always 5
0x0004 DWORD Unknown1
0x0008 DWORD Unknown2
0x000C DWORD RecordSize ; Always 0x00000320
0x0010 DWORD Unknown3
Records are stored successively immediately after header to the end of the INFO2 file. Record structure:
Offset Type Value
0x0000 ANSICHAR[MAX_PATH] OriginalFileNameA ; Ansi string
0x0104 DWORD Index ; Associated with *N* from *DcN.ext*
0x0108 DWORD DriveIndex ; A: = 0; B: = 1; C: = 2; ...
0x010C FILETIME DeleteFileTime
0x0114 DWORD OriginalFileNamePhysicalSize
0x0118 WIDECHAR[MAX_PATH] OriginalFileNameW ; Wide string
Windows Vista and above
Every drive has its own drive:\$Recycle.Bin\%USER_SID% directory. This directory contains all deleted files but now there is no database file. Every deleted file is associated with 2 files inside RB.
First file has name like $INNNNNN.ext where $I is fixed part of the name, NNNNNN consists of 6 random letters or numbers and ext is extension of original file.
$I file structure:
Offset Type Value
0x0000 DWORD Signature ; Always 1
0x0004 DWORD Unknown1
0x0008 DDWORD OriginalFileSize
0x0010 FILETIME DeleteFileTime
0x0018 WIDECHAR[MAX_PATH] OriginalFileNameW ; Wide string
Second file has name like $RNNNNNN.ext where $R is fixed part of the name, NNNNNN is the same as in $I file and ext is extension of original file. $R file is deleted file itself.
As you see in all cases Windows stores filename in array which has size of MAX_PATH chars. That why the limit of length of filename is MAX_PATH - 1 chars.
Windows 10
Windows 10 has a new version of $I file structure (don`t know what update changed it):
Offset Type Value
0x0000 DWORD Signature ; Always 2
0x0004 DWORD Unknown1
0x0008 DDWORD OriginalFileSize
0x0010 FILETIME DeleteFileTime
0x0018 DWORD OriginalFileNameLen
0x001C WIDECHAR[OriginalFileNameLen] OriginalFileNameW ; Wide string
And it looks like now Windows can store any files with any paths in the Recycle Bin.
Simple answer. The recycle bin is a (well) hidden folder on disk. All the files in it keep their original names, plus the extra length for the name of the recycled bin folder.
In Windows XP the path looked like this:
C:\RECYCLER\S-1-5-21-1089551744-1120685985-1162132538-1003\
I'm sure it's similar in later versions, but perhaps getting longer. Your filename has to go on on the end of that, and still stay inside the 260 limit.
So how do you find that name for a specific system? Try GetFinalPathnameByHandle, or this blog.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa364962.aspx
http://pdh11.blogspot.com.au/2009/05/pathcanonicalize-versus-what-it-says-on.html
More useful places to look.
IKnownFolder: http://msdn.microsoft.com/en-us/library/windows/desktop/bb776912.aspx
SHGetKnownFolderPath: http://msdn.microsoft.com/en-us/library/windows/desktop/bb762188%28v=vs.85%29.aspx
SHGetFolderPath using CSIDL: http://msdn.microsoft.com/en-us/library/windows/desktop/bb762181%28v=vs.85%29.aspx