Sometimes a Linux users need to learn how the assembly works on the Windows operating system. Why?
If someone is a Linux user has malware research in the Windows operating system, it can be helpful to see how the malware works on the Windows operating system and most of the malware is not running on the Linux operating system.
So, how to begin? Download the materials beforehand
– WinAsm (Please download in http://www.winasm.net or https://code.google.com/p/winasm-studio/downloads/list)
First time using MASM, initially a little strange but it is the same with other ASM. Both of them use the same operating system libraries respectively.
Let’s try with a simple hello world program 🙂
; Arch .386 .model flat,stdcall option casemap:none ; Library include windows.inc include user32.inc includelib user32.lib include kernel32.inc includelib kernel32.lib ; Data .data szCaption db "Hello",0 szMsg db "Hello World!",0 ; Var .data? retvalue dd ? ; Main .code start: invoke MessageBox,NULL,addr szMsg,addr szCaption,MB_OK mov retvalue,eax xor eax,eax invoke ExitProcess,eax end start
Somewhat annoying indeed, because oriented GUI and I kinda don’t like the GUI.
That’s it, may be useful.