Develop Reference

when writing 64bit reverse shell in assembly got stuck at createrprocessA api

hello i am writing windows 64bit reverse shell in assembly and after gett connected to the targetmachine ip, i want to create process to spwan a shell, fistly i try to write startinfo struct for createprocess api, but after then i pass all the parameters to the function but it doesn't work, and here is full code https://pastebin.com/6Ft2jCMX
;STARTUPINFOA+PROCESS_INFORMATION
;----------------------------------
push byte 0x12 ; We want to place (18 * 4) = 72 null bytes onto the stack
pop rcx ; Set ECX for the loop
xor r11,r11
push_loop:
push r11 ; push a null dword
loop push_loop ; keep looping untill we have pushed enough nulls
lea r12,[rsp]
mov dl,104
xor rcx,rcx
mov [r12],dword edx
mov [r12+4],rcx
mov [r12+12],rcx
mov [r12+20],rcx
mov [r12+24],rcx
xor rdx,rdx
mov dl,255
inc rdx
mov [r12+0x3c],edx
mov [r12+0x50],r14 ; HANDLE hStdInput;
mov [r12+0x58],r14 ; HANDLE hStdOutput;
mov [r12+0x60],r14 ;HANDLE hStdError;
;createprocessA_calling
sub rsp, 0x70
push 'cmdA'
mov [rsp+3],byte dl
lea rdx,[rsp]
inc rcx
mov [rsp+32],rcx
xor rcx,rcx
xor r8,r8
mov [rsp+40],r8
mov [rsp+48],r8
mov [rsp+56],r8
lea r9,[r12]
mov [rsp+64],r9
lea r9,[r12+104]
mov [rsp+72],r9
xor r9,r9
call rbx ;createprocessA
so at last when i call the createprocessA it got stuck

assembler x86 16bit - masm windows: running my program via the debugger (cv) bring different result that without debuging

I have got a project to do as a student and i was about to finish him when i occured a strange thing - when i running my program via the cv debugger i get diffrent result than by running it simply....
Here is my code, he suppose to do this thing :
.model small
.stack 100h
.data
.code
time proc
mov ah, 02ch
int 21h
mov bl, ch
call printit
ret
time endp
printit proc
mov al, bl
aam ; divide by 10: quotient in ah, remainder in al (opposite of DIV)
add ax, "00"
xchg al, ah
mov dx, ax
mov ah, 02h
int 21h
mov dl, dh
int 21h
ret
printit endp
print4register proc
mov cx, 0
LOOP1:
inc cx
cmp cx, 5
jge ENDLOOP
mov dx, 0
mov bx, 16
div bx
cmp dx, 9
jg ABCDE
add dl, '0'
push dx
jmp LOOP1
ABCDE:
sub dl, 10
add dl, 'A'
push dx
jmp LOOP1
ENDLOOP:
pop dx
mov ah, 02h
int 21h
pop dx
int 21h
pop dx
int 21h
pop dx
int 21h
ret
print4register endp
date proc
mov ah, 02ah
int 21h
mov bl, dl
call printit
ret
date endp
start:
mov cl, byte ptr ds:[80h]
mov bx, 82h
mov ax, ds:[bx]
cmp al, 'T'
je TIMET
cmp al, 'D'
je DATED
cmp al, 'I'
je INTI
jmp FINISH
TIMET:
inc bx
mov ax, ds:[bx]
cmp al, 'I'
je TIMEI
jmp FINISH
TIMEI:
inc bx
mov ax, ds:[bx]
cmp al, 'M'
je TIMEM
jmp FINISH
TIMEM:
inc bx
mov ax, ds:[bx]
cmp al, 'E'
je TIMEE
jmp FINISH
TIMEE:
call time
DATED:
inc bx
mov ax, ds:[bx]
cmp al, 'A'
je DATEA
jmp FINISH
DATEA:
inc bx
mov ax, ds:[bx]
cmp al, 'T'
je DATET
jmp FINISH
DATET:
inc bx
mov ax, ds:[bx]
cmp al, 'E'
je DATEE
jmp FINISH
DATEE:
call date
INTI:
inc bx
mov ax, ds:[bx]
cmp al, 'N'
je INTN
jmp FINISH
INTN:
inc bx
mov ax, ds:[bx]
cmp al, 'T'
je INTT
jmp FINISH
INTT:
inc bx
mov ax, ds:[bx]
sub al, '0'
add al, al
add al, al ; mul al, 4
mov di, 0
mov ah, 0
add di, ax
mov ax, 0h
mov es, ax
mov ax, es
mov si, es:[di]
mov di, es:[di + 2]
mov ax, di
call print4register
mov dl, ':'
mov ah, 02h
int 21h
mov ax, si
call print4register
FINISH:
mov ah, 4ch
int 21h
end start
The task:
Write the program "DO_ALL" that accepts a single parameter from the
MS-DOS command line.
i.e. type in the dosbox:
C:> DO_ALL DATE
or
C:> DO_ALL TIME
to run your program with the command "DATE" or "TIME" respectively.
The DO_ALL program should figure out the appropriate command and
perform as
follows:
DATE – present the date (use int21/2A) – present only the day
TIME – present the time (use int21/2C) – present only the hour
INTx (here x is 1 digit, for example INT4 or INT0) – print the CS:IP
of the ISR
of interrupt number x.
Hint: use the information in the PSP to figure out the command (The
last 2
fields)
Unfortuently, as I said, when i run it like that - cv DO_ALL INT4 i get this result - 043F:038E ( after running the program in the debugger ) .
And when I run it like that - DO_ALL INT4 i get this result - 0070:0008
Someone know what to do :((
My dos running results

assembly code to scroll the screen one line down clearing the first line in the screen and then scrolls one line up if a key is pressed

I'm trying to scroll 1 line down then up but
a) I don't know how to test this code
b) I'm not sure which interrupt to use for "when a key is pressed"
I'd be much grateful for your help
Here's my code :
Data_segment_name segment para
firstline db 160 dup(0)
Data_segment_name ends
Stack_segment_name segment para stack
Stack_segment_name ends
Code_segment_name segment
Main_prog proc far
assume SS:Stack_segment_name,CS:Code_segment_name,DS:Data_segment_name
mov AX,Data_segment_name ; load the starting address of the data
mov DS,AX ; segment into DS reg.
;code scroll down (clear first line) then scroll back up(restore cleared line)
mov es,ax ;save first line
lea di,firstline
mov ax,0b800h
mov ds,ax
mov ax,0
mov si,ax
cld
mov cx,80
rep movsw ;save ends
;now let's scroll down :)
mov ax,0b800h
mov es,ax
mov ax,0
mov di,ax
mov ax,160
mov si,ax
cld
mov cx,24*80
rep movsw
;now let's scroll up :)
int 21h ;check
mov ax,160*24
mov si,ax
mov ax,160*25
mov di,ax
std
mov cx,24*80
rep movsw
;restore first line
mov AX,Data_segment_name ; load the starting address of the data
mov DS,AX ; segment into DS reg.
lea si,firstline
mov ax,0
mov di,ax
cld
mov cx,80
rep movsw
mov ax,4c00h ; exit program
int 21h
Main_prog endp
Code_segment_name ends
end Main_prog

Ad a):
The test tool is called "debugger". I recommend Turbo Debugger (google for it).
Ad b):
Ralf Brown's interrupt list and TechHelp are good references. At a glance: Int 10h is for video, Int 16h is for keyboard, Int 21h is for MS-DOS.
You should switch to the simplified segment directives .CODE, .DATA, .STACK and to procedural programming PROC, ENDP. When your project grows, it will help to keep track of it.
Example:
.MODEL small
.STACK 1000h
.DATA
firstline db 160 dup(0)
.CODE
save_firstline PROC
push ds
mov ax, ds
mov es, ax
lea di, firstline
mov ax, 0b800h
mov ds, ax
mov ax, 0
mov si, ax
mov cx, 80
rep movsw
pop ds
ret
save_firstline ENDP
restore_firstline PROC
lea si, firstline
mov ax, 0b800h
mov es, ax
mov ax, 0
mov di, ax
mov cx, 80
rep movsw
ret
restore_firstline ENDP
scroll_up PROC
call save_firstline
mov ah, 6 ; http://www.ctyme.com/intr/rb-0096.htm
mov al, 1 ; number of lines to scroll
mov bh, 0 ; attribute
mov ch, 0 ; row top
mov cl, 0 ; col left
mov dh, 25 ; row bottom
mov dl, 80 ; col right
int 10h
ret
scroll_up ENDP
scroll_down PROC
mov ah, 7 ; http://www.ctyme.com/intr/rb-0097.htm
mov al, 1 ; number of lines to scroll
mov bh, 0 ; attribute
mov ch, 0 ; row top
mov cl, 0 ; col left
mov dh, 25 ; row bottom
mov dl, 80 ; col right
int 10h
call restore_firstline
ret
scroll_down ENDP
main PROC
mov ax, #data
mov ds, ax
waitForKey: ; http://webpages.charter.net/danrollins/techhelp/0229.HTM
mov ah, 1
int 16h
jnz gotKey ; jmp if key is ready
jmp waitForKey ; loop back and check for a key
gotKey:
mov ah, 0 ; key is ready, get it
int 16h ; now process the key
cmp ah, 48h ; <UP>
jne #F
call scroll_up
jmp waitforKey
##:
cmp ah, 50h ; <DOWN>
jne #F
call scroll_down
jmp waitForKey
##:
cmp al, 1Bh ; <ESC>
jne waitForKey
mov ax, 4C00h
int 21h
main ENDP
END main

sorting 32 bit numbers in 8086

i wrote this code and think for it about 5 hours;
However i stuck in sorting part:
its begin to loop and never stop !
where did i wrong ???
IT SEEMS that the array didnt get the numbers correctly.
can any one help please ?
page 110,100
Title 'decimal sorting'
Data_here segment
A DD Dup 20(?)
msg1 DB 'Enter a maximum 6 digits number : ',0DH,0AH,'$'
msg2 DB 0DH,0AH,'The sorted results are : ',0DH,0AH,'$'
Data_here Ends
Stack_here segment
DW 10 DUP(?)
Stack_here Ends
Code_here segment
Assume CS:code_here , DS:Data_here ,SS:Stack_here
Main Proc near
mov AX,Data_here
mov DS,AX
mov AX,Stack_here
mov SS,AX
Call decimal_input
call sorting
call decimal_output
mov AH,4CH
int 21H
main Endp
decimal_input proc near
PUSH A
mov AH,09H
Lea DX,msg1
int 21H
mov CH,20
next_number:
mov BH,6
mov DX,0
mov si,4
next_digit:
mov AH,07H
int 21H
CMP AL,0DH
JNE check_digit
CMP BH,6
JE next_digit
DEC CH
JZ end
mov DX,0DH
mov AH,02H
int 21H
mov DX,0AH
Int 21H
jmp next_number
check_digit:
cmp AL,30H
JB next_digit
cmp AL,39H
JA next_digit
mov AH,02H
mov DL,AL
int 21H
SUB AL,30H
SHL DX,4
ADD DL,AL
DEC SI
JZ save
DEC BH
JNZ next_digit
jmp remain
save:
mov A[DI],DX
SHL A[DI],8
add si,4
DEC BH
jmp next_digit
remain:
ADD byte ptr A[DI],DL
mov DX,0DH
mov AH,02H
int 21H
mov DX,0AH
INT 21H
INC DI
DEC CH
JNZ next_number
end:
pop A
RET
decimal_input ENDp
sorting proc near
Push A
mov SI,DI
check:
mov AX,word ptr A[SI]
mov BX,word ptr A[DI+2]
CMP AX,BX
JA change
JE extra_check
add SI,2
continue:
add DI,2
CMP DI,38
JA finish
JB check
extra_check:
mov CX,word ptr A[DI+1]
mov DX,word ptr A[DI+3]
cmp CX,DX
JNA continue
mov word ptr A[DI+1],DX
mov word ptr A[DI+3],CX
jmp continue
change:
xchg AX,BX
mov CX,word ptr A[DI+1]
mov DX,word ptr A[DI+3]
xchg CX,DX
mov word ptr A[DI],AX
mov word ptr A[DI+1],CX
mov word ptr A[DI+2],BX
mov word ptr A[DI+3],DX
jmp continue
finish:
Add sp,2
cmp Sp,40
JE ending
mov DI,SP
jmp check
ending:
POP A
RET
sorting ENDP
decimal_output proc near
PUSH A
mov AH,09H
lea DX,msg2
INT 21H
next_no:
mov DL,0
mov AL,0
mov AH,0
next:
CMP AL,0
JE next1
mov DL,byte ptr A[DI]
ADD DL,30H
mov AL,1
int 21H
next1:
inc DI
inc AH
cmp AH,8
JB next
CMP DI,80
JA THE_END
mov DX,0DH
mov AH,02H
int 21H
mov DX,0AH
int 21H
jmp next_no
THE_END:
pop A
RET
decimal_output ENDp
code_here Ends
END MAIN

I think your problem might be here
Add sp,2
cmp Sp,40
You are using sp as a loop counter, but you never initialize it. Additionaly I also don't understand why you are using sp in the first place. Of course it is theoretically possible, but then you would have to restore it before you return. When your proc returns it will screw up, because the stack pointer is corrupted. So you shouild use some other register or a memory variable (bp is not used in your code).
And I would strongly recommend to reformat your code, to make it more readable (when I looked at it I formatted it like this which makes it better readable):
sorting proc near
Push A
mov SI,DI
check:
mov AX,word ptr A[SI]
mov BX,word ptr A[DI+2]
CMP AX,BX
JA change
JE extra_check
add SI,2
continue:
add DI,2
CMP DI,38
JA finish
JB check
...

I can't figure out how to delete a row in my tasm assembly homework

I have a compiled assembly program and I'm asked to modify it by removing the last row seen in the cmd prompt. I'm new at assembly so I can't find a solution.
When you run it 5 rows appear, and I'm trying to delete the row below;
Press [q]uit [e]xecute [c]lear:
;Serhad Ali Turhan 040060390
.8086
.MODEL small
.STACK 256
.DATA
;~~~~~~ Declarations ~~~~~~~~
CR equ 13d
LF equ 10d
cPrompt DB 'Press [q]uit [e]xecute [c]lear: $'
cName DB 'SERHAD ALI TURHAN',CR,LF,'$'
cNum DB 'Electronical Engineering',CR,LF,'$'
cSch DB 'ITU Ayazaga Kampusu 34469 Maslak-ISTANBUL',CR,LF,'$'
vDW DB 0 ;Day of the Week
vMon DB 0 ;Month
vDM DB 0 ;Day of the month
cDW0 DB 'SUNDAY$ ' ;All days are 10 bytes
cDW1 DB 'MONDAY$ '
cDW2 DB 'TUESDAY$ '
cDW3 DB 'WEDNESDAY$'
cDW4 DB 'THURSDAY$ '
cDW5 DB 'FRIDAY$ '
cDW6 DB 'SATURDAY$ '
vI2S_I DW 0 ;2 bytes
vI2S_S DB ?,?,?,?,'$' ;4 bytes
cExcode DB 0
;~~~~~~~~ Main Program ~~~~~~~~
.CODE
MAIN PROC
mov ax,#data ; Initialize DS to address
mov ds,ax ; of data segment
call pClr
jmp pExecute
jmp pMenu ;
;~~~~~ Menu ~~~~~
pMenu:
lea dx,cPrompt ;
call puts ;
call getc ;AL has user selection
push ax ;Store it
call pNL ;
pop ax ;
cmp al,'q' ;al?=q
je lQuit ;Quit
cmp al,'c' ;al?=c
je lClr ;Clear screen
cmp al,'e' ;
je pExecute ;
jmp pMenu ;
lClr:
call pClr
jmp pMenu ;
lQuit:
call pQuit
;~~~~~~~~
pExecute:
call pInfo
call pClock
call pDate
call pNL
jmp pMenu ;
pInfo:
lea dx,cName ;
call puts ;Display Name
lea dx,cNum
call puts ;Display Department
lea dx,cSch
call puts ;Display School Address
ret
pClock:
mov ah,2ch ;get time
int 21h
push dx
push cx
mov al,ch ;ch->hour
call pDisp
mov dl,':'
call putc
pop ax ;cl->minute
call pDisp
mov dl,':'
call putc
pop ax ;dh->seconds
mov al,ah
call pDisp
call pNL
ret
pDate:
mov ah,2ah ;get date
int 21h
mov vDW,al ;Store day of week
mov vMon,dh ;Store month
mov vDM,dl ;Store day of month
mov vI2S_I,cx ;Year will be stored in
call pI2S ;vI2S_s as ASCII
mov al,vDM ;Print day of month
call pDisp
mov dl,'.'
call putc
mov al,vMon ;Print month
call pDisp
mov dl,'.'
call putc
lea dx,vI2S_S ;Print year
call puts
mov dl,'-'
call putc
call pDW ;Print day of week
ret
pDW:
mov al,vDW
mov bl,10 ;All days are 10 bytes
mul bl
mov ah,0
mov bx,ax
lea dx,cDW0[bx]
call puts
ret
pDisp:
xor ah,0 ;
aam
add ax,3030h ;
push ax
mov dl,ah ;
call putc
pop dx
call putc
ret
;vI2S_I=1000*vI2S_S[0]+100*vI2S_S[1]+10*vI2S_S[2]+vI2S_S[3]
pI2S: ;intToStr
mov cx,1000 ;
mov ax,vI2S_I ;
mov dx,0
div cx ;
add al,'0'
mov vI2S_S,al ;
mov cx,100 ;
mov ax,dx
mov dx,0
div cx
add al,'0'
mov vI2S_s[1],al
mov cx,10 ;
mov ax,dx
mov dx,0
div cx
add al,'0'
mov vI2S_s[2],al
add dl,'0'
mov vI2S_s[3],dl ;
ret
;~~~~~~~~ Screen I/O Functions ~~~~~~~~
getc:
mov ah,1h ;read character from keyboard
int 21h ;to al
ret ;
putc:
mov ah,2h ;display character
int 21h ;at dl
ret ;
puts:
mov ah,9h ;display string terminated by '$'
int 21h ;at the adress dx
ret ;
;~~ Clear screen ~~~~
pClr:
mov ax,03h ;
int 10h ;
ret ;
;~~ New Line ~~~~~~~
pNL:
mov dl,CR ;
call putc ;
mov dl,LF ;
call putc ;
ret
;~~~~~~~~~ Exit ~~~~~~~~~~~~~~~
;return to DOS
pQuit:
mov ah,4Ch ; DOS function: Exit program
mov al,cExcode ; Return exit code value
int 21h ; Call DOS. Terminate program
MAIN ENDP
END MAIN ; End of program / entry point

I'll offer some guiding questions:
Does the text that you're looking to prevent appear in the code?
Is it identified in some way?
Does that identifier exist elsewhere in the code?
Where does that usage take you?
There are only a handfull of instructions that you care about. These questions will help you find them, and hopefully understand which one to delete.