flat assembler
Message board for the users of flat assembler.

Index > Windows > [solved] Why is this crashing?

Author
Thread Post new topic Reply to topic
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler 25 Jan 2014, 21:53
I'm trying to get back into asm, but I've forgotten a lot. If someone could just help me get this stub running, that would be appreciated.

Code:
include 'win64a.inc'
use64
format PE64
entry main

section '.text' code readable executable

main:
   ; setup shadow space
   sub    rsp, 32
   ; first arg (char*) goes in rcx
   mov    rcx, hello
   call   puts

   ; shadow space still setup from above
   mov    rcx, 0
   call   exit

section '.idata' import data readable writeable

   library msvcrt, 'MSVCRT.DLL'

   import msvcrt,\
      exit,'exit',\
      puts,'puts'

section '.data' data readable writable

   hello           db 'Hello world!',0    
Post 25 Jan 2014, 21:53
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 25 Jan 2014, 22:14
It's been ages since I last coded something for Windows, so don't quote me on this.

I believe you must pass those arguments through the stack, not registers.
In other words, push all those arguments (in reverse order) and then call the function. Or just use the invoke macro provided by fasmw (invoke puts,hello).
Post 25 Jan 2014, 22:14
View user's profile Send private message Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler 25 Jan 2014, 22:20
IIRC, that's exactly correct for stdcall. But I'm trying to learn 64 bit. MS (and all others that I know of) use register based calling conventions on AMD64. (http://en.wikipedia.org/wiki/X86_calling_conventions#Microsoft_x64_calling_convention)
Post 25 Jan 2014, 22:20
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 25 Jan 2014, 22:26
Code:
    call [puts]
    ...
    call [exit]
    
Post 25 Jan 2014, 22:26
View user's profile Send private message Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler 25 Jan 2014, 23:02
OHH!!! Yep. That did it. I forgot those stored pointers instead actually being the pointer I want. Thanks.
Post 25 Jan 2014, 23:02
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 26 Jan 2014, 06:39
Code:
   ; setup shadow space 
   sub    rsp, 32    

You need a minimum of 4 slots but you haven't aligned the stack to 16.
When your program starts the stack is 8-aligned because of the "call entry" the loader does.
Code:
   ; setup shadow space 
   sub    rsp, 32+8    


I think win64ax can take care of the aligning via "invoke" but I've never used it.
Post 26 Jan 2014, 06:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20483
Location: In your JS exploiting you and your system
revolution 26 Jan 2014, 07:12
sinsi wrote:
I think win64ax can take care of the aligning via "invoke" but I've never used it.
WIN64AX will align the stack upon entry if you use the".code" and ".end" macros:
Code:
macro .code {
  section '.text' code readable executable
  entry $
  sub rsp,8
  local main,code
  entry equ main
  if main <> code
  jmp main
  end if
  code: }

macro .end value
{
   label entry at value

;...    
Post 26 Jan 2014, 07:12
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler 26 Jan 2014, 07:18
I didn't know that, thanks. I don't think the 32+8 will do it. If it's 8 aligned, it could also be 16 aligned (like 64) If it is both, then subtracting 40 would make it 8 aligned. It would work if the stack happened to be 8 aligned and not 16 aligned (like 48 ), but that presumably only happens 50% of the time.

I think
Code:
shr rsp,4
shl rsp,4    
will guarantee rsp = 0 (mod 16), though, since it is in effect subtracting rsp % 2^4.


EDIT: Nevermind, I was thinking of it mathematically. I just tested it and it appears to always be 8 aligned and never 16 aligned.
Post 26 Jan 2014, 07:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20483
Location: In your JS exploiting you and your system
revolution 26 Jan 2014, 07:48
Tyler wrote:
EDIT: Nevermind, I was thinking of it mathematically. I just tested it and it appears to always be 8 aligned and never 16 aligned.
Windows guarantees the alignment of 8 mod 16 upon entry. This allows the normal "push rbp" as the first instruction that many HLLs will do automatically.
Post 26 Jan 2014, 07:48
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.