flat assembler
Message board for the users of flat assembler.

Index > Main > How to get into assembly programming

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Walter



Joined: 26 Jan 2013
Posts: 136
Walter
In addition, there is the book that Tomasz participated as a technical consultant on.

Mastering Assembly Programming
Post 04 Nov 2019, 13:32
View user's profile Send private message Reply with quote
rc



Joined: 03 Nov 2019
Posts: 13
Location: Germany
rc
Walter wrote:
In addition, there is the book that Tomasz participated as a technical consultant on.

Mastering Assembly Programming


I already bought this book (twice) (as kindle and as paperback to support the author).
Its really good, although pretty heavy to begin with. Smile


Last edited by rc on 05 Nov 2019, 10:06; edited 1 time in total
Post 04 Nov 2019, 14:10
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 585
Location: Belarus
DimonSoft
rc wrote:
@DimonSoft: Yes, i only do programming in VMs. I have a windows 10 host running a win10 developer vm. And also win7 testing enviroments. I never develop on host machines. I have set up qemu and freedos and already played around with fasmd. I really like dos i have to admit. To bad it is pretty outdated by now and nobody is using it anymore. But luckily i still have several WinXP copies lying around somewhere.

WinXP + FASM for Windows is the most comfortable setup for learning MS-DOS programming (Windows version is still capable of creating MS-DOS programs). WinXP is the last Windows version which has full-featured NTVDM (environment to run old apps) without severe limitations. I recommend it to my students at the university. Most of them are newbies and having their environment close to what they are used to helps to avoid unnecessary difficulties and lets them focus on the assembly programming.
Post 04 Nov 2019, 20:45
View user's profile Send private message Visit poster's website Reply with quote
st



Joined: 12 Jul 2019
Posts: 33
Location: Russia
st
rc wrote:
What debugger do you use? In general, I prefer debuggers over print debugging. What is confusing though is, that unlike in high level languages you don't exactly step through the lines of code you have written. So you end up stepping through the code that the assembler has written out of your code. That's pretty confusing. I mean, that makes sense since you can't step through your macros and stuff line by line as they get converted into assembly as well, but that's confusing: what line in the debugger corresponds to the the line in my code. And also plain assembly code you have written is changed by the assembler due to optimization I guess.
Stepping through the debugger is a bit like: "hum, that's not what I have written, where am I right now.. and what is it doing.. "
That might sound pretty silly, but I guess that comes from working with visual studio 10 years, where you can step exactly through every line you have written and how you have written them.
It you are familiar with VS, C++ and can do basic stuff (arrays, pointers etc), I would recommend you try to compile some simple C code, debug it with asm listing enabled, then recompile with optimization and examine step-by-step again. Hope a few iterations will help to get a clue.
Post 05 Nov 2019, 07:23
View user's profile Send private message Visit poster's website Reply with quote
rc



Joined: 03 Nov 2019
Posts: 13
Location: Germany
rc
Quote:
WinXP is the last Windows version which has full-featured NTVDM (environment to run old apps) without severe limitations.

Oh, didn't know that. Thought the last version was Window ME.

Quote:
It you are familiar with VS, C++ and can do basic stuff (arrays, pointers etc), I would recommend you try to compile some simple C code, debug it with asm listing enabled, then recompile with optimization and examine step-by-step again. Hope a few iterations will help to get a clue.


Thats actually a good idea, thanks for the tip.
Post 05 Nov 2019, 10:04
View user's profile Send private message Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7404
Location: Kraków, Poland
Tomasz Grysztar
rc wrote:
Quote:
WinXP is the last Windows version which has full-featured NTVDM (environment to run old apps) without severe limitations.

Oh, didn't know that. Thought the last version was Window ME.
Windows Me was last in the 9x line, which was running on top of an actual DOS. NTVDM is something different - it is a subsystem on NT kernel that allows to run DOS programs in V86 mode. Also, it has a great DPMI implementation (an exemplary one), so you can run tools like FASMD with no problems.
Post 05 Nov 2019, 10:41
View user's profile Send private message Visit poster's website Reply with quote
rc



Joined: 03 Nov 2019
Posts: 13
Location: Germany
rc
Tomasz Grysztar wrote:
Windows Me was last in the 9x line, which was running on top of an actual DOS. NTVDM is something different - it is a subsystem on NT kernel that allows to run DOS programs in V86 mode. Also, it has a great DPMI implementation (an exemplary one), so you can run tools like FASMD with no problems.


Ah ok, then i have confused this.
Post 06 Nov 2019, 11:10
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 369
Location: Russian Federation, Sochi
ProMiNick
Moving to assembly can be started from bad things (bad for HLL). But they will help.
1. In assembly there is no types (all types only in mind of programmer).
2. Procedure in assembly is not an object - is just a piece of code with assigned local visibility of variables(params & locals) placed on stack.
3. There is no practical needance in objects or classes - all what makes HLL compiler at backend - in assembly programmer have to do manualy - and object will be just a structure not more.
4. in HLL var definition like "name type absolute var_of_another_type" is very rare case of typecasting(typemixing) - in assembly it is normal situation.
5. it is possible to not define result of function (result is eax usualy) even we not use result returned by winapi it remains in eax register
6. in assembly code could be exception protected too but no one will protect statical initialization (or zeroing) of structure - there is only sense to protect api calls and instruction that realy can cause exceptions (like div).
7. In assembler there is nothing private - everything is global accessed.
8. Standart string types in assembly pChar & pWChar
9. In assembly -there in no needance in highly limited main proc, assembly operate over entry point - and entry point is procedure too!
(stupid assumption removed - in edx - entrypoint address, not TEB), but in EBX is PEB (less informative then TEB)

prove of 9 pt.
Code:
format PE GUI 4.0
entry start

include 'win32w.inc'

virtual at 0
        PEB:
        db $A4 dup (?)
        .OSMajorVersion db ?
        db 3 dup (?)
        .OSMinorVersion db ?
        db 3 dup (?)
end virtual


section '.text' code readable executable

proc start
        mov     al,[ebx+PEB.OSMajorVersion]
        add     byte[_Version],al
        mov     al,[ebx+PEB.OSMinorVersion]
        add     byte[_Version+2*sizeof.TCHAR],al
        invoke  MessageBox,NULL,_Version,_winVerTitle,MB_OK
        ;xor     eax,eax ;mov    eax,ExitCode ; there is no needance in xor     eax,eax - MessageBox already done that for us
        ret
endp

section '.data' data readable writeable

  _Version TCHAR '0.0',0
  _winVerTitle TCHAR 'Windows version',0

section '.idata' import data readable writeable

  library user32,'USER32.DLL' ; even without kernel32 import

  include 'os specific/windows/api/x86/user32.inc'      


another variant prove of pt.9 (modified template):
Code:
format PE GUI 4.0
entry start

include 'win32w.inc'

virtual at 0
        PEB:
        dd ?,?
        .ImageBaseAddress dd ?
end virtual

section '.text' code readable executable

proc start

        mov     eax,[ebx+PEB.ImageBaseAddress] ;invoke  GetModuleHandle,0 - cut it off - it is require kernel32
        mov     [wc.hInstance],eax
        invoke  LoadIcon,0,IDI_APPLICATION
        mov     [wc.hIcon],eax
        invoke  LoadCursor,0,IDC_ARROW
        mov     [wc.hCursor],eax
        invoke  RegisterClass,wc
        test    eax,eax
        jz      error

        invoke  CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU,128,128,256,192,NULL,NULL,[wc.hInstance],NULL
        test    eax,eax
        jz      error

  msg_loop:
        invoke  GetMessage,msg,NULL,0,0
        cmp     eax,1
        jb      end_loop
        jne     msg_loop
        invoke  TranslateMessage,msg
        invoke  DispatchMessage,msg
        jmp     msg_loop

  error:
        invoke  MessageBox,NULL,_error,NULL,MB_ICONERROR+MB_OK

  end_loop:
        mov     eax,[msg.wParam] ; invoke  ExitProcess,[msg.wParam] - cut it off - it is require kernel32
        ret                      ;
endp

proc WindowProc uses ebx esi edi, hwnd,wmsg,wparam,lparam
        cmp     [wmsg],WM_DESTROY
        je      .wmdestroy
  .defwndproc:
        invoke  DefWindowProc,[hwnd],[wmsg],[wparam],[lparam]
        jmp     .finish
  .wmdestroy:
        invoke  PostQuitMessage,0
        xor     eax,eax
  .finish:
        ret
endp

section '.data' data readable writeable

  _class TCHAR 'FASMWIN32',0
  _title TCHAR 'Win32 program template',0
  _error TCHAR 'Startup failed.',0

  wc WNDCLASS 0,WindowProc,0,0,NULL,NULL,NULL,COLOR_BTNFACE+1,NULL,_class

  msg MSG

section '.idata' import data readable writeable

  library \;kernel32,'KERNEL32.DLL',\
          user32,'USER32.DLL'

  ;include 'os specific/windows/api/x86/kernel32.inc'
  include 'os specific/windows/api/x86/user32.inc'    


so kernel32 isn`t main library of OS (as smbody thought) - it is next level of abstraction over TEB & PEB, everything (heaps,TLS, critical sections,SEH, envitonment vars, working directory, etc...) could be accesed and modified manualy via these structures and via substructures they point to. But MS not recomend to do that.
(While everithing needed is within address space of current process there is no needance in kernel32, all the rest stubbed|wrapped in kernel32 points to ntdll).
Post 06 Nov 2019, 15:05
View user's profile Send private message Send e-mail Reply with quote
rc



Joined: 03 Nov 2019
Posts: 13
Location: Germany
rc
Thanks ProMiNick that's a nice little summary of the concepts of assembly language!
Post 08 Nov 2019, 09:38
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 585
Location: Belarus
DimonSoft
ProMiNick, just wondering, is the EBX value for the real entry point guaranteed (documented somewhere) to hold the pointer or is it a version-specific stuff? Any links to share?

P.S. ImageBase can be retrieved even easier and in a “more documented” way:
Code:
ImageBase = $ - rva $    
anywhere after the format directive.

Note also, that lack of ExitProcess may cause the process to stay alive due to threads injected by some components in newer Windows versions.
Post 08 Nov 2019, 18:41
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 369
Location: Russian Federation, Sochi
ProMiNick
DimonSoft, PEB.ImageBaseAddress is exactly place where GetModuleHandle grab information about imageBase,
PEB.OSMajorVersion & PEB.OSMinorVersion is exactly place where GetOSVersion frabs its data. they acces.
Almost everything that kernel32 does is access PEB or TEB and reading or modifiing its members.
thou could force relocation to exe adding errorneus imagebase & adding reloc section - so calculated in design time "ImageBase = $ - rva $" would have same errorneus value, but value extracted from PEB in real time will be correct.
Value of EBX is guaranteed to be on all windows from win95 up to win10 within all builds until now (nothing stops microsoft to change this on newer versions of win10 & newer Win servers, but they don`t do such changes for more than 20 years). Moreover (need testing) on other platforms MS gifts pointer to PEB too (in other register specific to platform of course)


About injected threads - MS injected theads succesfully exited when control returned from entrypoint to ImageLoader.
Programers of third party threads are self responsible for freeing threads they injected.
Post 08 Nov 2019, 20:59
View user's profile Send private message Send e-mail Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7404
Location: Kraków, Poland
Tomasz Grysztar
ProMiNick wrote:
thou could force relocation to exe adding errorneus imagebase & adding reloc section - so calculated in design time "ImageBase = $ - rva $" would have same errorneus value
If you add .reloc section, ImageBase as defined here would become a relocatable value and fasm would generate fixups whenever you would use it, or just signal an error when used in a way that cannot be fixed by relocations. I really paid attention to ensuring that such definitions give correct values.
Post 08 Nov 2019, 21:15
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16841
Location: In your JS exploiting you and your system
revolution
DimonSoft wrote:
... just wondering, is the EBX value for the real entry point guaranteed (documented somewhere) to hold the pointer or is it a version-specific stuff?
No, this is not guaranteed. And it is bad practice to rely upon such "tricks" IMO. You gain perhaps a few nanoseconds at startup and risk losing your entire code reliability. It just isn't worth it.
Post 09 Nov 2019, 01:52
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.