flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Windows > Error calling WSAStartup with unaligned stack in Win64

Author
Thread Post new topic Reply to topic
MUFOS



Joined: 17 Apr 2016
Posts: 47
Error calling WSAStartup with unaligned stack in Win64
Hey, there Im getting an error when calling WSAStartup.
First I call MemAlloc, which is just a function to call HeapAlloc.
Using the memory pointer, which is WSADATA, I pass it to WSAStartup.

However, I get the same access violation error every time.


Code:
                mov     r8400
                call    MemAlloc
                mov     [WSAData], rax
                mov     cx0x101
                mov     rdxrax
                call    [WSAStartup]
                ret



The following is the result: https://gyazo.com/9616013908dcb4da961152607341b057

Always the same address, 00007FFC4...
I am using x64dbg. However, I tried a different debugger, same result.
Post 14 Jan 2017, 13:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
Your stack is not properly aligned.

RSP must be 0 mod 16 before doing the call. And make sure you preallocate space for all the parameters as required by the FastCall standard.
Post 14 Jan 2017, 13:22
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
Your stack is not properly aligned.

RSP must be 0 mod 16 before doing the call. And make sure you preallocate space for all the parameters as required by the FastCall standard.



Thanks, could u explain what it means to align the stack? This is the first time im programming in win64. I am not really familiar with the calling convention.

But do I need to allocate space for the parameters even when its passed using the registers?
Post 14 Jan 2017, 13:26
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua

MUFOS wrote:
Thanks, could u explain what it means to align the stack?

Make sure RSP = 0 mod 16.

MUFOS wrote:
But do I need to allocate space for the parameters even when its passed using the registers?

Yes. Always. No exception.
Post 14 Jan 2017, 13:31
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:

MUFOS wrote:
Thanks, could u explain what it means to align the stack?

Make sure RSP = 0 mod 16.

MUFOS wrote:
But do I need to allocate space for the parameters even when its passed using the registers?

Yes. Always. No exception.



0 mod 16 = 0
I am not sure I understand :/ Newbie here.
Post 14 Jan 2017, 13:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
Make sure the lowest four bits of RSP = 0 and then do the call. This should happen automatically if you have proper stack frame code.
Post 14 Jan 2017, 13:40
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
Make sure the lowest four bits of RSP = 0 and then do the call. This should happen automatically if you have proper stack frame code.


Would u mind giving me an example ?
Post 14 Jan 2017, 13:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
This is in the fasm download:

Code:
; Example of 64-bit PE program

format PE64 GUI
entry start

section '.text' code readable executable

  start:
        sub     rsp,8*5         ; reserve stack for API use and make stack dqword aligned

        mov     r9d,0
        lea     r8,[_caption]
        lea     rdx,[_message]
        mov     rcx,0
        call    [MessageBoxA]

        mov     ecx,eax
        call    [ExitProcess]

section '.data' data readable writeable

  _caption db 'Win64 assembly program',0
  _message db 'Hello World!',0

section '.idata' import data readable writeable

  dd 0,0,0,RVA kernel_name,RVA kernel_table
  dd 0,0,0,RVA user_name,RVA user_table
  dd 0,0,0,0,0

  kernel_table:
    ExitProcess dq RVA _ExitProcess
    dq 0
  user_table:
    MessageBoxA dq RVA _MessageBoxA
    dq 0

  kernel_name db 'KERNEL32.DLL',0
  user_name db 'USER32.DLL',0

  _ExitProcess dw 0
    db 'ExitProcess',0
  _MessageBoxA dw 0
    db 'MessageBoxA',0

Post 14 Jan 2017, 13:55
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
This is in the fasm download:

Code:
; Example of 64-bit PE program

format PE64 GUI
entry start

section '.text' code readable executable

  start:
        sub     rsp,8*5         ; reserve stack for API use and make stack dqword aligned

        mov     r9d,0
        lea     r8,[_caption]
        lea     rdx,[_message]
        mov     rcx,0
        call    [MessageBoxA]

        mov     ecx,eax
        call    [ExitProcess]

section '.data' data readable writeable

  _caption db 'Win64 assembly program',0
  _message db 'Hello World!',0

section '.idata' import data readable writeable

  dd 0,0,0,RVA kernel_name,RVA kernel_table
  dd 0,0,0,RVA user_name,RVA user_table
  dd 0,0,0,0,0

  kernel_table:
    ExitProcess dq RVA _ExitProcess
    dq 0
  user_table:
    MessageBoxA dq RVA _MessageBoxA
    dq 0

  kernel_name db 'KERNEL32.DLL',0
  user_name db 'USER32.DLL',0

  _ExitProcess dw 0
    db 'ExitProcess',0
  _MessageBoxA dw 0
    db 'MessageBoxA',0




So by subtracting by a product of 8 it gets 0 mod 16 aligned?
I saw someone on the internet saying that one should subtract amount of bytes needed, then

Code:
and rsp, -10


Someone else suggests doing it, but instead:

Code:
and rsp0fffffff0h

Post 14 Jan 2017, 13:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
If you use a normal stack frame with RBP and ensure that all stack adjustments are multiples is 16 bytes then you won't need to fiddle with it.
Post 14 Jan 2017, 14:17
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
If you use a normal stack frame with RBP and ensure that all stack adjustments are multiples is 16 bytes then you won't need to fiddle with it.



In the example above, 8*5 is not a multiple of 16.
Post 14 Jan 2017, 14:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
The caller starts at 0 mod 16 and calls the "start:" label putting the stack at 8 mod 16. So if you then push RBP for a normal function then the stack is again 0 mod 16. And from there everything can use a full multiple of 16.

The example code doesn't push RBP so instead you adjust another 8 bytes to align it correctly.
Post 14 Jan 2017, 15:06
View user's profile Send private message Visit poster's website Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
The caller starts at 0 mod 16 and calls the "start:" label putting the stack at 8 mod 16. So if you then push RBP for a normal function then the stack is again 0 mod 16. And from there everything can use a full multiple of 16.

The example code doesn't push RBP so instead you adjust another 8 bytes to align it correctly.



All right, thank you so much for the help Smile
+rep
Post 14 Jan 2017, 15:35
View user's profile Send private message Reply with quote
MUFOS



Joined: 17 Apr 2016
Posts: 47

revolution wrote:
The caller starts at 0 mod 16 and calls the "start:" label putting the stack at 8 mod 16. So if you then push RBP for a normal function then the stack is again 0 mod 16. And from there everything can use a full multiple of 16.

The example code doesn't push RBP so instead you adjust another 8 bytes to align it correctly.



I actually have one more question; while I have my stack aligned in one stack frame, if I push an argument onto the stack for then to call a function, it seems I have to subtract 8 bytes from RSP to keep it aligned. That is all normal, or is there a better way to implement stack frame so that its aligned independent of number of arguments passed?
Post 14 Jan 2017, 18:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15235
Location: 1I/ʻOumuamua
To comply with the fastcall spec you have to follow the argument order correctly. It is probably easiest to adjust the stack first and then place the arguments later using "mov" instructions. But whatever you do you still have to make it 0 mod 16. If you don't your code will crash, as you have seen.
Post 15 Jan 2017, 01:40
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.