flat assembler
Message board for the users of flat assembler.

Index > Windows > why illegal instruction?

Author
Thread Post new topic Reply to topic
AE



Joined: 07 Apr 2022
Posts: 59
AE 10 Nov 2022, 11:25
Code:
format PE64 GUI 6.0
...
invoke  OleInitialize,NULL
invoke  SHGetDesktopFolder,Desktop
mov     rax,[Desktop]
mov     rax,[rax]
stdcall dword stdcall [rax+IShellFolder.ParseDisplayName],[Desktop],NULL,NULL,ParentDirPath,NULL,PPIDL,NULL
invoke  ExitProcess,0
    


illegal instruction: call dword[rax+IShellFolder.ParseDisplayName]

Why?


Last edited by AE on 12 Nov 2022, 09:13; edited 1 time in total
Post 10 Nov 2022, 11:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19076
Location: In your JS exploiting you and your system
revolution 10 Nov 2022, 11:57
Try with qword.
Code:
stdcall qword [rax+IShellFolder.ParseDisplayName],NULL,NULL,ParentDirPath,NULL,PPIDL,NULL    
Or without the override.
Code:
stdcall [rax+IShellFolder.ParseDisplayName],NULL,NULL,ParentDirPath,NULL,PPIDL,NULL    
Post 10 Nov 2022, 11:57
View user's profile Send private message Visit poster's website Reply with quote
AE



Joined: 07 Apr 2022
Posts: 59
AE 10 Nov 2022, 19:33
Thank you!
Post 10 Nov 2022, 19:33
View user's profile Send private message Reply with quote
AE



Joined: 07 Apr 2022
Posts: 59
AE 12 Nov 2022, 09:23
In continuation of the topic...
In the code below an exception occurs after calling the IShellFolder.ParseDisplayName method. Unfortunately I couldn't find any suitable examples for x64 Unicode. Please advise me where there can be an error in the call syntax.

Code:
format PE64 GUI 6.0
entry start
include 'win64w.inc'

section '.data' data readable writeable
    PPath                  du 'c:\windows\notepad.exe',0
    Desktop                dq ?
    PPIDL                  dq ?

    ; IShellFolder Interface
    struct IShellFolder
        ; IUnknown
        QueryInterface   dq ?   ; 000h
        AddRef           dq ?   ; 008h
        Release          dq ?   ; 010h
        ; IShellFolder
        ParseDisplayName dq ?   ; 018h
        EnumObjects      dq ?   ; 020h
        BindToObject     dq ?   ; 028h
        BindToStorage    dq ?   ; 030h
        CompareIDs       dq ?   ; 038h
        CreateViewObject dq ?   ; 040h
        GetAttributesOf  dq ?   ; 048h
        GetUIObjectOf    dq ?   ; 050h
        GetDisplayNameOf dq ?   ; 058h
        SetNameOf        dq ?   ; 060h
    ends


section '.text' code readable executable
start:
    sub     rsp,8*5
    invoke  OleInitialize,NULL
    invoke  SHGetDesktopFolder,Desktop
    test    rax, rax
    jnz     exit
    call    testf
    invoke MessageBox,NULL,'','',MB_OK or MB_TOPMOST ; if no crash we'll see it
exit:
    invoke  OleUninitialize
    invoke  ExitProcess,0

testf:
    mov     rax,[Desktop]
    mov     rax,[rax]
    stdcall [rax+IShellFolder.ParseDisplayName],[Desktop],\  ; <--- crash inside
                    NULL,NULL,PPath,NULL,PPIDL,NULL
    ret

section '.idata' import data readable writeable
    library kernel32,'KERNEL32.DLL',\
            user32,  'user32.dll',\
            Ole32,   'Ole32.dll',\
            Shell32, 'Shell32.dll'
    include 'api/KERNEL32.inc'
    include 'api/USER32.inc'
    import Ole32,\
        OleUninitialize, 'OleUninitialize',\
        OleInitialize, 'OleInitialize'
    import Shell32,\
        SHGetDesktopFolder, 'SHGetDesktopFolder'    
Post 12 Nov 2022, 09:23
View user's profile Send private message Reply with quote
AE



Joined: 07 Apr 2022
Posts: 59
AE 12 Nov 2022, 11:18
Code:
    interface IShellFolder,\
        QueryInterface,\      ; IUnknown
        AddRef,\
        Release,\
        ParseDisplayName,\    ; IShellFolder
        EnumObjects,\
        BindToObject,\
        BindToStorage,\
        CompareIDs,\
        CreateViewObject,\
        GetAttributesOf,\
        GetUIObjectOf,\
        GetDisplayNameOf,\
        SetNameOf

comcall rax,IShellFolder,ParseDisplayName,  NULL,NULL,ParentDirPath,NULL,PPIDL,NULL    


I tried to use ComCall, but the result is the same...
But then I used the procedure macro and everything worked, apparently it has something to do with the stack etc
Post 12 Nov 2022, 11:18
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3548
Location: vpcmipstrm
bitRAKE 13 Nov 2022, 09:15
Fundamental to 64-bit programming is the ABI - which requires the stack to be aligned to a 16 byte boundary. It is possible to bake alignment into the macros, but that is not efficient. Instead every non-leaf function needs to handle alignment in some way.
Code:
testf:
    sub     rsp,8*5

... (use of ABI functions)

    add     rsp,8*5
    ret    
... might resolve the problem?

Quote:
Most structures are aligned to their natural alignment. The primary exceptions are the stack pointer and malloc or alloca memory, which are 16-byte aligned to aid performance.


If you want to keep with the MASM-like syntax, I think the PROC/ENDP macros do alignment.

_________________
¯\(°_o)/¯ unlicense.org
Post 13 Nov 2022, 09:15
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.