flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > Approach for "lea reg64, [reg64 + FunctionName]"
Author
Thread Post new topic Reply to topic
alorent



Joined: 05 Dec 2005
Posts: 227
alorent 08 Feb 2026, 08:00
Hi,

In my x86 code I'm using something like:

Code:
lea eax, [ebp + FunctionName]


That is the old "delta offset way" for code that is injected.

Now, I create a MS64 COFF and I put:

Code:
lea rax, [rbp + FunctionName]


but when I link that FASM OBJ with the MSCV linker I get:

Code:
MyLibrary.lib(test_coff64.obj) : error LNK2017: 'ADDR32' relocation to '.text' invalid without /LARGEADDRESSAWARE:NO


The problem should go away with /LARGEADDRESSAWARE:NO but my code goes in a DLL, so the linker
complains that DLLs cannot use the /LARGEADDRESSAWARE:NO switch Sad

Is there a way use that "lea" instruction to get the "rva" of FunctionName?

I have tried things like:

Code:
lea rax, [rbp + rva FunctionName]

; ERROR:
;     lea rax, [rbp + rva FunctionName]
; error: invalid use of symbol.


extrn __ImageBase:qword
lea rax, [rbp +  FunctionName - __ImageBase]

; ERROR:
; lea rax, [rbp +  FunctionName - __ImageBase]
; error: invalid use of symbol.


Is there a way to use that addressing approach? I know that I could use a set of instructions but I need it to be on a SINGLE lea instruction (in the form of "lea reg, [reg + xxx]).

I know that I could remove the "rbp" delta, but I need it as my parser checks for those "delta" instructions (like "[rbp + Name]) to fix them.

Thanks!
Post 08 Feb 2026, 08:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20874
Location: In your JS exploiting you and your system
revolution 08 Feb 2026, 08:27
How is FunctionName defined? I had no trouble with this:
Code:
format pe64

FunctionName:
lea     rax, [rbp + rva FunctionName]
Code:
flat assembler  version 1.73.31  (16384 kilobytes memory)
1 passes, 1024 bytes.
Post 08 Feb 2026, 08:27
View user's profile Send private message Visit poster's website Reply with quote
alorent



Joined: 05 Dec 2005
Posts: 227
alorent 08 Feb 2026, 09:55
Thanks revolution.

Your example builds correctly.

When I use "MS64 COFF" it fails:

Code:
format MS64 COFF

FunctionName:
lea     rax, [rbp + rva FunctionName]


Not sure if it's a bug in FASM or a limitation for COFF OBJ?

Thanks!
Post 08 Feb 2026, 09:55
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20874
Location: In your JS exploiting you and your system
revolution 08 Feb 2026, 10:18
For linkable formats use $$
Code:
format ms64 coff
org 0x123450
FunctionName:
lea     rax, [rbp + FunctionName - $$]
Post 08 Feb 2026, 10:18
View user's profile Send private message Visit poster's website Reply with quote
alorent



Joined: 05 Dec 2005
Posts: 227
alorent 08 Feb 2026, 16:49
Thanks revolution! That worked!! I will do some tests Smile
Post 08 Feb 2026, 16:49
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8504
Location: Kraków, Poland
Tomasz Grysztar 09 Feb 2026, 01:15
alorent wrote:
When I use "MS64 COFF" it fails:

Code:
format MS64 COFF

FunctionName:
lea     rax, [rbp + rva FunctionName]


Not sure if it's a bug in FASM or a limitation for COFF OBJ?
It is a limitation of fasm's implementation. The same source assembles successfully with fasm2.

As for the $$, it evaluates to the base address of the section. More precisely: the section fragment which you define in your object file (the linker may combine multiple such sections into a single one).
Post 09 Feb 2026, 01:15
View user's profile Send private message Visit poster's website Reply with quote
alorent



Joined: 05 Dec 2005
Posts: 227
alorent 13 Feb 2026, 11:36
Thanks a lot Tomasz!

You are right, with the "$$" approach it's from the base of the OBJ and not the RVA in the finally linked module.
Post 13 Feb 2026, 11:36
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20874
Location: In your JS exploiting you and your system
revolution 13 Feb 2026, 12:34
Any label can be used as the base.
Code:
format ms64 coff

my_base:
lea     rbp,[my_base]

lea     rax, [rbp + FunctionName1 - my_base]
lea     rbx, [rbp + FunctionName2 - my_base]
lea     rcx, [rbp + FunctionName3 - my_base]

FunctionName1:
FunctionName2:
FunctionName3:
Post 13 Feb 2026, 12:34
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2026, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.