flat assembler
Message board for the users of flat assembler.

Index > Main > lea reg32,[rip+offset] at high address ranges

Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
I still can't decide if the following should assemble, or if fasm should signal an error:
Code:
format ELF64 executable 3 at 1 shl 32   ; <--- note the high address value
entry main

SYS_WRITE       = 1
SYS_EXIT        = 60
STD_OUTPUT      = 1

segment executable readable writeable

hello_world: db 'Hello World!',10
main:
        mov     eax,SYS_WRITE
        mov     edi,STD_OUTPUT
        lea     esi,[hello_world]       ; <--- esi is too small to hold the full address
        mov     edx,main - hello_world
        syscall
        mov     eax,SYS_EXIT
        xor     edi,edi
        syscall    
As of now, fasm assembles this without any error. But it can't be run because the address generated by the line "lea esi,[hello_world]" is above the 4G limit.

If we change the "at" parameter to "1 shl 30" then it can be assembled and runs. Or if we change esi to rsi then it also can be assembled and runs.

I feel like this is a gotcha kind of thing where the principle of least surprise is being broken.
Post 21 Jan 2019, 10:48
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7496
Location: Kraków, Poland
Tomasz Grysztar
Isn't it in principle a similar thing to:
Code:
lea esi,[rbx]    
?
Or even, going further back in time:
Code:
lea si,[0FFFFFFFFh]    
Post 21 Jan 2019, 11:12
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 399
Location: Russian Federation, Sochi
ProMiNick
Assembler only translate to existent opcode. Architecture support this opcode - so no error from assembly. It is undocumented feature of x64 extension. not more.

Not undocumented. Wrong documented.
Post 21 Jan 2019, 11:17
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Tomasz Grysztar wrote:
Isn't it in principle a similar thing to:
Code:
lea esi,[rbx]    
?
Or even, going further back in time:
Code:
lea si,[0FFFFFFFFh]    
I think the first is the onus on the programmer to figure it out. The second can only be reliably caught by the assembler (assuming the literal constant is a variable in the code) and the assembler could at least say something about it.

Maybe force the programmer to apply the conversion manually
Code:
lea si,[(variable) and 0xffff]    
Post 21 Jan 2019, 11:20
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7496
Location: Kraków, Poland
Tomasz Grysztar
But then this would be a different instruction, and you would have no way of assembling the original one.

In general these kinds of modifications to make assembler "smarter" were usually not well received, at least in case of fasm.

On the other hand, I made fasmg's implementation of instruction sets in form of macros exactly to allow this kind of customization for anyone that needs it:
Code:
macro lea? dest*,src*
        x86.parse_operand @dest,dest
        x86.parse_operand @src,src
        if @src.type = 'mem' & @dest.type = 'reg'
                if @src.address relativeto 0 &\
                   ( ( @dest.size = 2 & @src.address > 0FFFFh ) |\
                     ( @dest.size = 4 & @src.address > 0FFFFFFFFh ) |\
                     ( @dest.size = 4 & @src.mode = 64 & @src.address > 7FFFFFFFh ) )
                        err 'address too large to fit in destination register'
                end if
                x86.select_operand_prefix @src,@dest.size
                x86.store_instruction 8Dh,@src,@dest.rm
        else
                err 'invalid combination of operands'
        end if
end macro    
Post 21 Jan 2019, 12:06
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.