As a security university project, I'm supposed to code a PE infector. But I'm a beginner in assembly so I have multiple crash due to my ignorance of how to handle variables.
I know that in a regular program we have a .data section for initialized variables, and a .data? for uninitialized variables.
But in this case, every tutorial seem to agree that variables should be defined in the .code section.
Which leads to something like that:
.386
.model flat, stdcall
option casemap:none
include \masm32\include\masm32rt.inc
.code
start:
mov stuff, 1
ret
stuff dd ?
end start
Unfortunately, this causes a segmentation fault, and I can't figure out why.
As another example:
.386
.model flat, stdcall
option casemap:none
include \masm32\include\masm32rt.inc
.code
start:
invoke MessageBoxA, 0, offset hello, offset hello, MB_OK
ret
hello db "Hello buddy", 0
end start
This one doesn't compile, as the hello variable is unknown at the compilation (assemble :p) time, which seems legit to me but then... what is the way?
Most operating systems disallow writes to the code segment, as part of their malware protection. Makes it harder to infect code. :-)
invoke is a macro that will likely have to see all its arguments at compile time, so it can be expanded properly. It cannot easily use things that appear later in the code, so you have to make sure it appears earlier. Here, for example, the address of hello will depend on the size of the expansion of the macro.
References to data, like in your mov stuff,1, has a fixed size and can be fixed-up later. Perhaps in a second pass of the assembler, or by the linker.