CLEO Help Library not working

[Husnain]

{$CLEO .cs}
0000:

alloc 1@ 360
alloc 2@ 260
0AD3: 1@ "http:%c%cdownload1584.mediafire.com%c0j8c05w0h55g%ce4n5bkdkov855ho%csiteM16+%281%29.png" 47 47 47 47 47
0AD3: 2@ "CLEO\aim.png"

:File
wait 0
if
  0ADC: "OK"
jf @File
0AB1: @Download 2 _url 1@ _file 2@
0ACD: "Done" 2000
jump @File

:Download
wait 0
if
  0AA2: 3@ = load_library "Urlmon.dll" // IF and SET
jf @Download
0AA4: 4@ = get_proc_address "URLDownloadToFile" library 3@ // IF and SET
0AA7: call_function 4@ num_params 5 pop 0 0 0@ 1@ 0 0
0AA3: free_library 3@
ret 0

It is just keep crashing, Am I doing something wrong here?

@Parazitas
@monday
@Opcode.eXe

 

[monday]

hi, I don't know what is the problem but there are few things you could consider:
- "%281%2" how this part of url is formatted, idk about sanny builder and cleo, but when you want to format string to contain "%" symbol in C/C++ (using sprintf), you have to put it twice like:
%%281%%2

- length of formatted string, idk if there's some sanny builder imposed limit but Cleo seems to have 127 character limit, you can see it by checking line 2010 of:
https://github.com/cleolibrary/CLEO4/blob/master/source/CCustomOpcodeSystem.cpp

(your format string seems to have 87 characters so that shouldn't be a problem though, but again, idk how sanny builder compiles it)

Btw there are sampfuncs opcodes like:
0C65: 3@ = download_url "http://boost.org/LICENSE_1_0.txt" to_file "boost_lic.txt"
0C66: 1@ = get_download 0@ state
0C7D: release_download 1@

You can check how these could be used in here:
http://ugbase.eu/index.php?threads/intriguing-scam-check-if-your-data-was-stolen.17684/

 

[monday]

Btw here's example of someone calling this function:
http://ugbase.eu/index.php?threads/decrypting-cleos.18877/page-7#post-112047

Notice how it has "A" at the end of the function name (which means that ASCII strings are supplied, where 1 char = 1 byte, as opposed to "W" where "wide strings" would be expected where 1 char is stored as 2 bytes), maybe you could change the name to "URLDownloadToFileA" too.

It seems that the order of parameters supplied to that function is mixed up (comparing to example from link above), URL is in place of File name

 

[Husnain]

@monday

Thank you for those thread links, that helped me a lot and about the wrong formation of parameters in call function... I don't know why but sanny builder read parameters of call function in reverse order so that was the issue there.

And about the modification, it still crashes but... this time it crashes after downloading the file successfully

{$CLEO .cs}
0000:

alloc 1@ 360
0AD3: 1@ "http:%c%cdownload1649.mediafire.com%cu71lyusf343g%cfrd2fvadagsxl8y%ctest.txt" 47 47 47 47 47

:File
wait 0
if
  0ADC: "OK"
jf @File
0AB1: @download 1 _url 1@
jump @Download

:Download
wait 0
if
  0AA2: 3@ = load_library "Urlmon.dll" // IF and SET
jf @Download
if
  0AA4: 4@ = get_proc_address "URLDownloadToFileA" library 3@ // IF and SET
jf @Download
0AA7: call_function 4@ num_params 5 pop 0 0 0 "D:\file.txt" 0@ 0
0AA3: free_library 3@
ret 0

Do you see any additional problem because I have tried everything to fix it but it still crashes eventually?

 

[monday]

It shouldn't jump @Download after returning from Download function, it should jump @File label, so that's probably why it crashes

 

[monday]

Btw normally when you write a function like:
void func(int param1, int param2) { }

...during program execution, the parameters will be pushed onto "stack" from right to left (param2 first, param1 second), idk why but that seems to be how compiler writers decided it should be.
And someone who wrote 0AA7 opcode handler decided that it should push the parameters in the order they are provided (so always keep in mind to use reverse order of parameters when using 0AA7 or 0AA5 opcodes)

 

[Husnain]

Sorry for that 'jump' part but it still crashes even after correcting it.