flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > How to know whether it's now use16 or use32

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 25 Jan 2015, 16:08
I want to make a "nop for n bytes" command:
Code:
macro nop n {
  if n == 0
  else if n == 1
    nop
  else if n==2
    mov edi,edi
  else if n==3
    mov di,di
  else if n==4
    ;lea esp,[esp+0]
    dd $0024648d
  else if n==5
    lea bp,[bp]
  else if n==6
    ;lea ebx,[ebx+0L]
    DB 8DH, 9BH, 00H, 00H, 00H, 00H
  else if n==7
    ;lea esp,[esp+0L]
    DB 8DH,0A4H, 24H, 00H, 00H, 00H, 00H
  else if n==8
    ;lea sp,[esp+0L]
    DB 66H, 8DH,0A4H, 24H, 00H, 00H, 00H, 00H
  else if n==9
    mov [ss:esp-4],dword 0
  else
    jmp near $+n
    db n-5 dup 0
  end if
}    

1.Is it a good one?
2.How to make it always have n bytes even if in 16-bits mode?[/code]
Post 25 Jan 2015, 16:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 25 Jan 2015, 16:35
Your code for n=9 is not a nop "mov [ss:esp-4],dword 0" alters the stack.

To detect 16/32 bit mode you can use something like this:
Code:
virtual at 0
 xchg eax,eax
 detected_16bit = $-1
end virtual

if detected_16bit
 ;...
end if
    
That code is from 'WIN32AX.INC'
Post 25 Jan 2015, 16:35
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 26 Jan 2015, 03:28
revolution wrote:
Your code for n=9 is not a nop "mov [ss:esp-4],dword 0" alters the stack.

To detect 16/32 bit mode you can use something like this:
Code:
virtual at 0
 xchg eax,eax
 detected_16bit = $-1
end virtual

if detected_16bit
 ;...
end if
    
That code is from 'WIN32AX.INC'

Yes it did modified [esp-4] but that's out of the stack. Anytime it gets changed.
Post 26 Jan 2015, 03:28
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 26 Jan 2015, 03:39
l4m2 wrote:
Yes it did modified [esp-4] but that's out of the stack. Anytime it gets changed.
This can cause various side effects from allocating a new page to causing a fault and crashing the program.
Post 26 Jan 2015, 03:39
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 17 Feb 2023, 10:33
In a similar way it is possible to determine the current 16/32/64 bit mode with this:
Code:
virtual at 0
        inc ax
        native_size = 1 shl $
end virtual    
Gives 2/4/8 to match the size of a register.

It works because of the different encodings.
Code:
use16
inc ax  ;0x40
use32
inc ax  ;0x66, 0x40
use64
inc ax  ;0x66, 0xff, 0xc0    
Post 17 Feb 2023, 10:33
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.