I'm writing a program to get the hashes of certain function-names in ASM.
The function to fetch the string constants is the following:
get_strings:
call get_curr_addr
pop esi
add esi, 9
jmp str_return
db "LoadLibraryA"
db 0x00
This produces the following string constant in the bytecode (xxd output):
...
00000040: 2424 61c3 e8bc ffff ff5e 83c6 09eb 7d4c $$a......^....}L
00000050: 6f61 644c 6962 7261 7279 4100 .... .... oadLibraryA.
OllyDBG interprets this as:
ASCII "dLibraryA",0
When I change the code to the following:
get_strings:
call get_curr_addr
pop esi
add esi, 9
jmp str_return
db "Jibberish"
db 0x00
db "LoadLibraryA"
db 0x00
The compilation is done "right" (the way I expect it to be).
xxd output:
...
00000050: 0000 4a69 6262 6572 6973 6800 4c6f 6164 ..Jibberish.Load
00000060: 4c69 6272 6172 7941 00.. .... .... .... LibraryA.
And there's no
7dbyte anymore in front of the LoadLibraryA string literal.
Ofcourse the debugger now sees the strings as they should be
ASCII "Jibberish",0 ASCII "LoadLibraryA",0
Is this the cygwin NASM compiler that's acting weird or am I slowly growing mad?
As pointed out by Lurker and Michael in the comments:
There is no Problem apart from the fact that my debugger attempts to interpret the "Loa" part of "LoadLibraryA" as an actual instruction because I've put the string literals in the .text (code) section.
In the second example, this does not reproduce as "Jib" in the "Jibberish" string, can't be translated into an instruction.
Issue is resolved by putting the literals in the .data section (where they belong).
In code, the snippet:
get_strings:
call get_curr_addr
pop esi
add esi, 9
jmp str_return
db "LoadLibraryA"
db 0x00
Now becomes:
get_strings:
call get_curr_addr
pop esi
add esi, 9
jmp str_return
[SECTION .data]
db "LoadLibraryA"
db 0x00