Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.1, No.1, 2007
Issue 9 (1998-2001)
Issue 8 (1998-2001)
Issue 7 (1998-2001)
Issue 6 (1998-2001)
Issue 5 (1998-2001)
Issue 4 (1998-2001)
Issue 3 (1998-2001)
Issue 2 (1998-2001)
Issue 1 (1998-2001)

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 4046781

Who's Online

We have 1 guest online
Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home
Challenge
User Rating: / 0
PoorBest 
Written by Laura Fairhead   


Write a program that takes a snapshot of a text screen and writes it to a file. It should work in any text mode and lines should be terminated with newlines in the file so that it can easily be viewed in a standard editor. ( 04Dh = 77 bytes )

 

 

Solution

If you want to assemble this just remember FS = 064h, as MASM can't cope with legal x86 code. Then just replace the (single) offset 0148h with some name, then data is the filename at the end "SNAP",0. Obviously the B's prefixing the addresses mean "BYTE PTR", and ALL the numbers are in HEX.

=Z10 0
=NSUC0.COM
=L
0000004D
=U100 147 

1CB6:0100 B8 30 11          MOV     AX,1130
1CB6:0103 32 FF             XOR     BH,BH
1CB6:0105 CD 10             INT     10              ;DL=rows-1
1CB6:0107 B4 0F             MOV     AH,0F
1CB6:0109 CD 10             INT     10              ;AH=columns
1CB6:010B 0E                PUSH    CS              ;1st BIOS call
1CB6:010C 07                POP     ES              ;corrupts ES
1CB6:010D 52                PUSH    DX              ;
1CB6:010E 50                PUSH    AX              ;set B[BP+1]=columns
1CB6:010F 8B EC             MOV     BP,SP           ;    B[BP+2]=rows
1CB6:0111 BA 48 01          MOV     DX,0148         ;open (CREATE) file
1CB6:0114 33 C9             XOR     CX,CX           ;name "SNAP"
1CB6:0116 B4 3C             MOV     AH,3C
1CB6:0118 CD 21             INT     21
1CB6:011A 93                XCHG    BX,AX           ;handle stays in BX
1CB6:011B 33 F6             XOR     SI,SI           ;SI read screen offset
1CB6:011D BA 80 00          MOV     DX,0080         ;DX data store in PSP
1CB6:0120 B8 00 B8          MOV     AX,B800
1CB6:0123 8E E0             MOV     FS,AX           ;FS screen segment
1CB6:0125 8B FA             MOV     DI,DX           ;outer loop rows
1CB6:0127 0F B6 4E 01       MOVZX   CX,B [BP+0001]  ;miss out the attribute
1CB6:012B 64 AD             FS: LODSW               ;byte, copying to
1CB6:012D AA                STOSB                   ;DS:080
1CB6:012E E2 FB             LOOP    012B
1CB6:0130 B8 0D 0A          MOV     AX,0A0D         ;n/l on row end
1CB6:0133 AB                STOSW   
1CB6:0134 8B CF             MOV     CX,DI
1CB6:0136 2B CA             SUB     CX,DX           ;CX=data length
1CB6:0138 B4 40             MOV     AH,40           ;write row to file
1CB6:013A CD 21             INT     21
1CB6:013C FE 4E 02          DEC     B [BP+0002]     ;loop for row count
1CB6:013F 79 E4             JNS     0125
1CB6:0141 66 58             POP     EAX             ;clean-up stack
1CB6:0143 B4 3E             MOV     AH,3E           ;close file
1CB6:0145 CD 21             INT     21
1CB6:0147 C3                RET                     ;go CS:0 !
=D148 14C
1CB6:0148 53 4E 41 50 00                                  SNAP

=Q

If you've never seen the 2 BIOS calls before then you'd better take a look at ralf brown's legendary interrupt list.

You may always overide the source segment DS: on a string instruction, but you cannot override the destination segment ES: ever.

It's left as an exercise for you to incorporate error handling (since there is none) and still better the length of this code ;)