Align fix

Index > Windows > Align fix

Author

Thread

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 09:44

An incomprehensible situation
When I access memory with

Code:

[reg+struct.member]

I am accessing unaligned data even though the start address in the register is always aligned and the structure contains an aligned macro like this

Code:

struct m
    Ptr1                            dq ?
    Ptr2                            dq ?
    WinX                            dd ?
    WinY                            dd ?
    NtBuildNumber                   dd ?
    Align 16
    CurPath                         UNICODE_STRING
    NtFileName                      UNICODE_STRING
    ...
    Align 8
    OA                              OBJECT_ATTRIBUTES
    Align 8
    IO                              IO_STATUS_BLOCK
    PageSize                        dd ?
    Granularity                     dd ?
    ...
ends

Why is that and how to fix it?

It seems like there used to be a "bug" with the inability to make the alignment greater than that of the section, but I can't add alignment to the section because I always got an error

Code:

processed: section '.data' data readable writeable align 16
error: extra characters on line

Last edited by AE on 20 Jan 2023, 12:54; edited 1 time in total

20 Jan 2023, 09:44

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20807
Location: In your JS exploiting you and your system

revolution 20 Jan 2023, 10:12

The struct macro doesn't support Align. Unless you are using your own version of struct where you define Align?

Sections in Windows are always aligned to the next page, which is usually 4k. So you get that alignment for free.

20 Jan 2023, 10:12

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8495
Location: Kraków, Poland

Tomasz Grysztar 20 Jan 2023, 10:18

The "struct" macro as implemented in fasm's standard headers does not support "align" statements, the way it was designed makes these statements completely ignored. ProMiNick has been working on some advanced "struct" macro variants - they might be able to solve your problem.

The re-implementation of "struct" for fasmg should be able to handle it, although it may still behave unexpectedly if whole structure is instantiated misaligned. Do you expect it to align relative to the start of the structure, or do you expect the actual address to be aligned?

AE wrote:

It seems like there used to be a "bug" with the inability to make the alignment greater than that of the section, but I can't add alignment to the section because I always got an error
Code:
processed: section '.data' data readable writeable align 16
error: extra characters on line    

This setting is only available with object formats like ELF and MS COFF, where each section may be linked into a different area and therefore each may be aligned differently (and of course, if section itself is misaligned, then everything inside is too). But with PE format all sections are at fixed positions, so their alignment is known.

20 Jan 2023, 10:18

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 11:02

Tomasz Grysztar wrote:

Do you expect it to align relative to the start of the structure, or do you expect the actual address to be aligned?

It is necessary that a member of the structure has an aligned address in memory, but since I always write the "structure itself" to memory at an aligned address, we can say that alignment is needed from the beginning of the structure.

As far as I understand, I need to align the structure with "paddings" manually or migrate to fasmg.

By the way, a question a bit off topic - is fasm automatically aligns some structures?
AFAIK both of this will work:

Code:

    struct UNICODE_STRING
        Length             dw ?
        MaximumLength      dw ?
                           dd ?  ; manual padding
        Buffer             dq ?
    ends

    struct UNICODE_STRING
        Length             dw ?
        MaximumLength      dw ?
        Buffer             dq ?
    ends

20 Jan 2023, 11:02

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8495
Location: Kraków, Poland

Tomasz Grysztar 20 Jan 2023, 11:12

AE wrote:

As far as I understand, I need to align the structure with "paddings" manually or migrate to fasmg.

I was editing my post as you were writing - please take a look at the link to ProMiNick's macros.

AE wrote:

By the way, a question a bit off topic - is fasm automatically aligns some structures?

No, it does not. Even the extensions to fasmg's implementation only warn about misaligned fields, but do not insert any padding themselves.

20 Jan 2023, 11:12

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 11:29

Tomasz Grysztar wrote:

ProMiNick's macros

It can't handle 'union' Sad

20 Jan 2023, 11:29

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8495
Location: Kraków, Poland

Tomasz Grysztar 20 Jan 2023, 11:41

AE wrote:

Tomasz Grysztar wrote:
ProMiNick's macros

It can't handle 'union'

There was a follow-up thread, might be worth a try.

20 Jan 2023, 11:41

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 12:51

Thank you very much for the links, I tried all the solutions and only fasmg was able to do it right without changing the source.
Although I was confused by the garbage generation in code section if there is 'Align XX'.

Does it make sense to switch to fasmg (only for PE x64)?

20 Jan 2023, 12:51

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 13:58

Quote:

garbage generation in code section if there is 'Align XX'

Here is the code and disassembled instructions of the "strange" area

Code:

...
fastcall GetPath
; Align 16
ML: invoke  GetMessage,msg,NULL,0,0 ; msg loop start here
...
---------------------------------------------------------------------------------------
00000000004023D0 | 48:83EC 20                    | sub     rsp, 0x20
00000000004023D4 | E8 47090000                   | call    win32_.402D20
00000000004023D9 | 48:83C4 20                    | add     rsp, 0x20
---------------------------------------------------------------------------------------
00000000004023DD | 48:83EC 20                    | sub     rsp, 0x20
00000000004023E1 | 48:C7C1 20104000              | mov     rcx, win32_.401020
00000000004023E8 | 48:C7C2 00000000              | mov     rdx, 0x0
---------------------------------------------------------------------------------------
00000000004023EF | 49:C7C0 00000000              | mov     r8, 0x0
00000000004023F6 | 49:C7C1 00000000              | mov     r9, 0x0
00000000004023FD | FF15 850D0000                 | call    qword ptr ds:[<&GetMessageW>]
---------------------------------------------------------------------------------------

Code:

...
fastcall GetPath
Align 16
ML: invoke  GetMessage,msg,NULL,0,0 ; msg loop start here
...
---------------------------------------------------------------------------------------
00000000004023D0 | 48:83EC 20                    | sub     rsp, 0x20
00000000004023D4 | E8 47090000                   | call    win32_.402D20
00000000004023D9 | 48:83C4 20                    | add     rsp, 0x20
---------------------------------------------------------------------------------------
00000000004023DD | 0000                          | add     byte ptr ds:[rax], al
00000000004023DF | 0048 83                       | add     byte ptr ds:[rax - 0x7D], cl 
00000000004023E2 | EC                            | in      al, dx                       
00000000004023E3 | 2048 C7                       | and     byte ptr ds:[rax - 0x39], cl 
00000000004023E6 | C120 10                       | shl     dword ptr ds:[rax], 0x10
00000000004023E9 | 40:0048 C7                    | add     byte ptr ds:[rax - 0x39], cl 
00000000004023ED | C2 0000                       | ret     0x0
00000000004023F0 | 0000                          | add     byte ptr ds:[rax], al
---------------------------------------------------------------------------------------
00000000004023F2 | 49:C7C0 00000000              | mov     r8, 0x0
00000000004023F9 | 49:C7C1 00000000              | mov     r9, 0x0
0000000000402400 | FF15 820D0000                 | call    qword ptr ds:[<&GetMessageW>]
---------------------------------------------------------------------------------------

Pay attention to the middle section of the code, in the presence of an alignment macro, it turns into garbage

20 Jan 2023, 13:58

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20807
Location: In your JS exploiting you and your system

revolution 20 Jan 2023, 14:11

Pad with 0x90 bytes (nop).

20 Jan 2023, 14:11

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8495
Location: Kraków, Poland

Tomasz Grysztar 20 Jan 2023, 14:20

With "align" macro that comes with PE formatter for fasmg you can specify the pad bytes this way:

Code:

align 16, 90h

20 Jan 2023, 14:20

AE

Joined: 07 Apr 2022
Posts: 77

AE 20 Jan 2023, 14:37

Tomasz Grysztar wrote:

align 16, 90h

Thx!

20 Jan 2023, 14:37

AE

Joined: 07 Apr 2022
Posts: 77

AE 28 Dec 2025, 23:06

Quite a lot of time has passed and I'm wondering if something like

Code:

struct Name Align 8 ; (for total structure auto-alignment)
...
ends

has appeared in fasm(g|2)?

28 Dec 2025, 23:06

bitRAKE

Joined: 21 Jul 2003
Posts: 4337
Location: vpcmpistri

bitRAKE 29 Dec 2025, 00:20

I don't know the larger scope of what you need, but would it be sufficient to produce the "align #" following every use of the struct? We can see the two possible invocations in the "ends?" macro -- if we create conditions there, it would be possible to emit an "align #" statement. In the "struct?" macro we would create another possible attribute and perhaps a variable "declaration.__align" -- this is the variable needed in the above conditions. (An optimization would be to default to an align value of 1 and modify with attribute - no conditions needed in invocations - every struct aligns.)

29 Dec 2025, 00:20

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20807
Location: In your JS exploiting you and your system

revolution 29 Dec 2025, 08:53

For the native struc (not the macro) I use this in fasm to force all instantiations of a structure to align for its own needs.

Code:

struc FOO {
        align 8         ; force alignment to 2^3
        .:              ; label is placed here
        .bar rq 1       ; first element
        ;...            ; more elements
}

baz FOO         ; will be aligned to 8

29 Dec 2025, 08:53

AE

Joined: 07 Apr 2022
Posts: 77

AE 30 Dec 2025, 17:22

Well, I meant the standard solution for WinAPI system structures.
A simple example from the correspondence above:

Code:

struct UNICODE_STRING
    Length             dw ?
    MaximumLength      dw ?
                       dd ?  ; manual padding
    Buffer             dq ?
ends

As an example there is a compiler directive in purebasic 'Align #PB_Structure_AlignC' and we can just write:

Code:

Structure UNICODE_STRING Align #PB_Structure_AlignC
  Length.u
  MaximumLength.u
  *Buffer
EndStructure

and the compiler will automatically do the correct alignment

It is not always possible to find ready-made .inс files (for Win SDK|DDK) and it would be convenient when creating them not to waste time on setting alignments manually.

30 Dec 2025, 17:22

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20807
Location: In your JS exploiting you and your system

revolution 30 Dec 2025, 22:28

It is possible to make macros for each of db, dw, dd, etc. to do alignment.

Code:

$ cat align.asm 
struc dw value& {
        align 2
        . dw value
}

struc dq value& {
        align 8
        . dq value
}

struc UNICODE_STRING {
        align 8
        .:
        .Length             dw ?
        .MaximumLength      dw ?
        .Buffer             dq ?
}

db 0xff

foo UNICODE_STRING

db 0xff

Code:

$ fasm align.asm 
flat assembler  version 1.73.31  (16384 kilobytes memory)
1 passes, 25 bytes.

Code:

$ hd align.bin 
00000000  ff 90 90 90 90 90 90 90  00 00 00 00 90 90 90 90  |................|
00000010  00 00 00 00 00 00 00 00  ff                       |.........|
00000019

30 Dec 2025, 22:28

AE

Joined: 07 Apr 2022
Posts: 77

AE 30 Dec 2025, 23:50

revolution wrote:

It is possible to make macros

Simple and basically what I need 👍
If there are no conflicts with other built-in macros, I think I'll use this approach. Thanks!

30 Dec 2025, 23:50

bitRAKE

Joined: 21 Jul 2003
Posts: 4337
Location: vpcmpistri

bitRAKE 31 Dec 2025, 00:01

Every structure(data type) needs a minimal alignment attribute for the structure nesting to work correctly. Presently the fasmg macro struct?.check has all the information needed to create name.__alignment without displaying warnings. Then during instancing name.__alignment would be used to expand fields to their needed granularity.

fwiw: I imagine this technique was avoided because it hides errors in translation.

_________________
¯\(°_o)/¯ AI may [not] have aided with the above reply.

31 Dec 2025, 00:01

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum