flat assembler
Message board for the users of flat assembler.
Index
> Windows > Show Registers (32-bit) |
Author |
|
Madis731 19 May 2009, 07:54
EDIT2: See post http://board.flatassembler.net/topic.php?p=94749#94749 for the most current 64-bit version!
Victory! EDIT: (suggestions from r22, code from bitRAKE) Code: ; Written by thimis ; Converted by Madis731 ; Corrected by bitRAKE format PE64 GUI entry main include 'win64a.inc' section '.code' code executable readable main: call Dump call Dump call Dump invoke ExitProcess, 0 Dump: pushf push qword[rsp+8] r15 rdi r14 rsi r13 rbp r12 rsp r11 rdx r10 rcx r9 rbx r8 rax ;pushf ;pop r8 mov r8,[rsp+17*8] sub rsp,32 ; {build flag string} lea rcx,[memstr] lea rdx,[regstr] lea r9,[rflags] call [wsprintf] mov rcx,HWND_DESKTOP lea rdx,[memstr] lea r8,[_status] mov r9,MB_OK call [MessageBox] ; return to caller (ERROR: need to restore the flags here) add rsp,32 pop rax r8 rbx r9 rcx r10 rdx r11 rsp r12 rbp r13 rsi r14 rdi r15 qword[rsp+8] popf retn xchg rcx,rax call [ExitProcess] section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',\ user32, 'USER32.DLL' include 'api/kernel32.inc' include 'api/user32.inc' _status db 'Status',0 regstr db \ 'RFLAGS: %.8X',13,10,\ '%s',13,10,\ 13,10,\ 'RAX: %.16IX', 9, ' R8: %.16IX',13,10,\ 'RBX: %.16IX', 9, ' R9: %.16IX',13,10,\ 'RCX: %.16IX', 9, 'R10: %.16IX',13,10,\ 'RDX: %.16IX', 9, 'R11: %.16IX',13,10,\ 'RSP: %.16IX', 9, 'R12: %.16IX',13,10,\ 'RBP: %.16IX', 9, 'R13: %.16IX',13,10,\ 'RSI: %.16IX', 9, 'R14: %.16IX',13,10,\ 'RDI: %.16IX', 9, 'R15: %.16IX',13,10,\ 13,10,\ 'RIP: %.16IX',13,10,\ 13,10,\ 0 memstr rb 1024 rflags dd ? Last edited by Madis731 on 24 May 2009, 17:15; edited 4 times in total |
|||
19 May 2009, 07:54 |
|
bitRAKE 19 May 2009, 15:32
The stack alignment at MessageBox crashes Win7. Also, wsprintf memory buffer should be 1024 bytes, afaik (more than 256 is needed above). Also, the flags are modified with the SUB RSP,8 instruction. Also, "%.16X" doesn't work for 64-bit integers - need "%.16IX".
Code: Dump: call @F @@: push r15 rdi r14 rsi r13 rbp r12 rsp r11 rdx r10 rcx r9 rbx r8 rax pushf pop r8 sub rsp,32 ; {build flag string} lea rcx,[memstr] lea rdx,[regstr] lea r9,[rflags] call [wsprintf] mov rcx,HWND_DESKTOP lea rdx,[memstr] lea r8,[_status] mov r9,MB_OK call [MessageBox] ; return to caller (ERROR: need to restore the flags here) ; add rsp,32 ; pop rax r8 rbx r9 rcx r10 rdx r11 rsp r12 rbp r13 rsi r14 rdi r15 ; retn xchg rcx,rax call [ExitProcess] ... regstr db \ 'RFLAGS: %.8X',13,10,\ '%s',13,10,\ 13,10,\ 'RAX: %.16IX', 9, ' R8: %.16IX',13,10,\ 'RBX: %.16IX', 9, ' R9: %.16IX',13,10,\ 'RCX: %.16IX', 9, 'R10: %.16IX',13,10,\ 'RDX: %.16IX', 9, 'R11: %.16IX',13,10,\ 'RSP: %.16IX', 9, 'R12: %.16IX',13,10,\ 'RBP: %.16IX', 9, 'R13: %.16IX',13,10,\ 'RSI: %.16IX', 9, 'R14: %.16IX',13,10,\ 'RDI: %.16IX', 9, 'R15: %.16IX',13,10,\ 13,10,\ 'RIP: %.16IX',13,10,\ 13,10,\ 0 |
|||
19 May 2009, 15:32 |
|
Madis731 19 May 2009, 19:14
Yeah I also thought about XMMs. Thanks for the Win7-compatibility and all the fixes Server 2008 was my testing platform and seems its forgiving a lot.
|
|||
19 May 2009, 19:14 |
|
r22 20 May 2009, 20:44
I always use FORMAT PE CONSOLE and MSVCRT.printf for my debugging.
Putting your above code in a MACRO would be convenient should probably be part of the win[32/64]ax.inc. Don't you have to take extra care with displaying the RSP value since you want it to be the stack pointer before your display code. |
|||
20 May 2009, 20:44 |
|
bitRAKE 21 May 2009, 00:48
r22 wrote: Don't you have to take extra care with displaying the RSP value since you want it to be the stack pointer before your display code. I'm shocked Server 2008 worked correctly with Madis731's code - someone at MS completely ignored the documentation it seems. _________________ ¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup |
|||
21 May 2009, 00:48 |
|
Madis731 21 May 2009, 07:13
I edited my code to fit bitRAKE's and r22's suggestions. Now it shows the correct RSP, RIP and RFLAGS.
|
|||
21 May 2009, 07:13 |
|
Picnic 21 May 2009, 08:50
I was going to ask for that, thanks Madis731 - bitRAKE - r22.
I don't have a 64 bit machine to run the code, but i wanted to see how it goes. |
|||
21 May 2009, 08:50 |
|
bitRAKE 24 May 2009, 15:38
Madis731 wrote: Now it shows the correct RSP, RIP and RFLAGS. My previous posted code does not work. Code: ; Written by thimis ; Converted by Madis731 & bitRAKE to Win64 format PE64 GUI entry TestDump include 'win64a.inc' section '.code' code executable readable TestDump: call Dump enter 32,0 stc call Dump sbb eax,eax leave call Dump retn ; - stack alignment not required ; - all registers preserved ; - flags preserved Dump: ; RIP on stack push r15 rdi r14 rsi r13 rbp r12 rsp r11 rdx r10 rcx r9 rbx r8 rax pushf lea rbp,[rflags] enter 32,0 ; RBP is parameter array and esp,-16 ; align stack label .RSP qword at rbp+8*10 label .RFLAGS qword at rbp+8*1 ; adjust RSP to value prior to call add [.RSP],8*8 ; build RFLAGS string mov rsi,[rbp] mov rdx,[.RFLAGS] mov ecx,rflags.count .A: mov al,[rflags.map0+rcx-1] shr rdx,1 jnc .0 mov al,[rflags.map1+rcx-1] .0: mov [rsi+rcx-1],al loop .A ; generate message lea rcx,[memstr] lea rdx,[regstr] mov r8,rbp call [wvsprintfA] ; display it mov rcx,HWND_DESKTOP lea rdx,[memstr] lea r8,[_status] mov r9,MB_OK call [MessageBoxA] ; return to caller leave popf ; NOTE: first RDI pop is for RSP value, second restores RDI pop rax r8 rbx r9 rcx r10 rdx r11 rdi r12 rbp r13 rsi r14 rdi r15 retn section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',\ user32, 'USER32.DLL' include 'api/kernel32.inc' include 'api/user32.inc' _status db 'Status',0 rflags.map0 db '------0-0---',0 rflags.map1 db 'ODITSZ-A-P1C',0 rflags db ' ',0 rflags.count = $ - rflags - 1 regstr db \ 'RFLAGS: %s (%.8X)',13,10,\ 13,10,\ 'RAX: %.16IX', 9, ' R8: %.16IX',13,10,\ 'RBX: %.16IX', 9, ' R9: %.16IX',13,10,\ 'RCX: %.16IX', 9, 'R10: %.16IX',13,10,\ 'RDX: %.16IX', 9, 'R11: %.16IX',13,10,\ 'RSP: %.16IX', 9, 'R12: %.16IX',13,10,\ 'RBP: %.16IX', 9, 'R13: %.16IX',13,10,\ 'RSI: %.16IX', 9, 'R14: %.16IX',13,10,\ 'RDI: %.16IX', 9, 'R15: %.16IX',13,10,\ 13,10,\ 'RIP: %.16IX',13,10,\ 13,10,\ 0 memstr rb 1024 _________________ ¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup |
|||
24 May 2009, 15:38 |
|
pal 24 May 2009, 18:18
Nice codes.
By the way (this may sound retarded), but what does the r in the 64-bit registers stand for? I cannot find it anywhere, or is it just a 'random' (not random I know) character. |
|||
24 May 2009, 18:18 |
|
bitRAKE 24 May 2009, 18:43
pal, I have always imagined it was for "register" - basically, it just indicates the 64-bit width. Whereas the Exx designations are for the 32-bit width. The other parts of the names help distinguish special use - some instructions are limited as to what registers they may use. Though, it is entirely possible to only use an orthogonal subset of the instructions to mimic a RISC processor.
Almost forgot the least character being used to access smaller partitions: r8d, r8w, r8l, etc... DWORD, WORD, BYTE, ... respectively. |
|||
24 May 2009, 18:43 |
|
pal 24 May 2009, 19:12
Yeah. Well I know Exx is extended xx. So when coding in 64 bit you can use r8l to access the byte value in the r8 register? If I interpreted you correctly that is a good feature.
|
|||
24 May 2009, 19:12 |
|
bitRAKE 25 May 2009, 04:31
The byte size is kind of special because there are 20 bytes size registers, but only 16 of the other sizes. Special care is needed when using AH, BH, CH, and DH - as they cannot be used with the REX prefix.
|
|||
25 May 2009, 04:31 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.