flat assembler
Message board for the users of flat assembler.
Index
> Tutorials and Examples > IDA SDK porting it to fasm |
Author |
|
masm 04 Apr 2020, 14:00
Please help how can get (IDA6.X_SDK_target_64.inc) or (IDA7.X_SDK_target_64.inc) please post this files because wen i compile error missing files
|
|||
04 Apr 2020, 14:00 |
|
ProMiNick 04 Apr 2020, 18:18
No way (For now - no way). I didn`t create them yet.(I even write: "without SDK includes for now" in 1st post)
If thou interest in development in fasm for IDA I ready to cooperate development. If thou going to wait when I make them myself. Order of my interests: [SEMISOLVED]highest prioritet: adapt fasm for dev for win16 subsystem, and port all existing win16 examples that makes practical sence (demonstrated various technologies that actual in modern windows) to fasm syntax. 2nd prioritet: simplificate to api-only old Delphi example HTTPClient, than port it to fasm (once I done similar thing and port SHELLEX to fasm). 3rd prioritet: rewrite (cutoff unneeded parts of) openssl in assembly (it is opensource, so I don`t see problems), port HTTPClient & openssl to kolibri (maybe to menuet too) 4th prioritet: support IDA extensions in fasm (and because of that dissassembling going in that extensions & IDA itself only visualizer maybe someone write disasm in assembly based on such extensions). [ACCIDENTALY SOLVED]5th prioritet: fix struct in my package (they incorrect calculate subunions size & incorect addressing of following members. 6th prioritet: rewrite in assembly windows research kernel, try to rewrite parts of reactOS( or parts of Windows) 7th prioritet: pseudo3D antalogy - example of similars demos in DX1 to DX12, OGL1 to OGL3 with examples that goes in appropriate SDKs. 8th prioritet: regular expressions framework for fasm. 9th prioriten: documentation related to all previous. If I stuck (the muse will not come for first 3 prioritets or they will be done) I made thour request (maybe). Last edited by ProMiNick on 28 Apr 2020, 13:24; edited 1 time in total |
|||
04 Apr 2020, 18:18 |
|
masm 05 Apr 2020, 13:36
Thank you i create plugins for idapro and hiew in pure assembler without sdk and it is work but if you have sdk compatible with fasm or how convert sdk c++ to fasm can you help if you can.? Sorry for my English
|
|||
05 Apr 2020, 13:36 |
|
macgub 08 Apr 2020, 14:52
ProMiNick wrote:
ProMiNick - I like your goals, especially this one with Kolibri and Menuet development. I wish you good luck to achive it. Stay safe. |
|||
08 Apr 2020, 14:52 |
|
ProMiNick 20 Apr 2020, 15:52
first of all need some table where what types declared.
PRO.H it is main for different compilers (there is nothing important except how they should interpret types). In assembly such interpretting is task for programer. Or we need to create much of struct & equs. for example I always forgot size of bool. Code: ;typedef int bool PRO_H ;typedef unsigned char uchar PRO_H ;typedef unsigned short ushort PRO_H ;typedef unsigned int uint PRO_H ;typedef char int8 PRO_H ;typedef signed char sint8 PRO_H ;typedef unsigned char uint8 PRO_H ;typedef short int16 PRO_H ;typedef unsigned short uint16 PRO_H ;typedef int int32 PRO_H ;typedef unsigned int uint32 PRO_H ;typedef longlong int64 PRO_H ;typedef ulonglong uint64 PRO_H ;typedef uint16 wchar16_t PRO_H ;typedef uint32 wchar32_t PRO_H ;#ifdef __EA64__ ;typedef uint64 ea_t PRO_H ;typedef uint64 sel_t PRO_H ;typedef uint64 asize_t PRO_H ;typedef int64 adiff_t PRO_H ;#else ;typedef uint32 ea_t PRO_H ;typedef uint32 sel_t PRO_H ;typedef uint32 asize_t PRO_H ;typedef int32 adiff_t PRO_H ;#endif ;typedef __EA64__ asize_t uval_t PRO_H ;typedef __EA64__ adiff_t sval_t PRO_H ;typedef uchar comp_t IDA_HPP ;typedef uchar cm_t IDA_HPP as we see in most cases if type has _t postfix it is __EA64__ (size of effective address dependant - analog of targetx86 & targetx64) about inline procs (2 above examples could be rewritten to): Code: format PE GUI 4.0 DLL as 'plw' entry DllEntryPoint include 'win32a.inc' include 'IDA6.X_SDK_target_32.inc' ;(ida.inc, idp.inc, loader.inc, kernwin.inc, bytes.inc, auto.inc, srarea.inc) macro netnode this,name,namlen:0,do_create:FALSE { ;netnode.hpp invoke netnode_check,this,name,namlen,do_create } macro netnode_altval this,alt,tag:'A' { ;netnode.hpp invoke netnode_altval,dword[this],dword[alt],tag } macro netnode_altdel this,alt,tag:'A' { ;netnode.hpp invoke netnode_supdel,dword[this],dword[alt],tag } macro netnode_altset this,alt,value,length:0,tag:'A' { ;netnode.hpp invoke netnode_supdel,dword[this],dword[alt],value,length,tag } macro get_screen_ea,ea { cinvoke callui,ui_screenea,ea } ;kernwin.hpp macro autoMark ea,type { ;auto.hpp local ..out mov eax, [ea] cmp eax, BADADDR jz ..out mov eax, [ea] inc eax invoke auto_mark_range,dword[ea],eax,type ..out: } macro noUsed,ea { autoMark ea,AU_USED } ;auto.hpp macro isCode? reg:eax { ;bytes.hpp and reg, MS_CLS cmp reg, FF_CODE } macro get_flags_novalue,ea { invoke get_flags_ex,dword[ea],GFE_NOVALUE } ;bytes.hpp section '.text' code readable executable DllEntryPoint: procedure (hinstDLL,fdwReason,lpvReserved) mov eax,TRUE ret endp AskUsingForm_c: procedure (buffer,pcallee) lea eax, [pcallee] cinvoke callui,ui_form,[buffer],eax ret endp init: procedure () mov eax,[ph] mov eax, [eax + processor_t.id] test eax, eax ;PLFM_386 jz .retTRUE cmp eax, PLFM_MIPS jz .retTRUE cmp eax, PLFM_ARM jz .retTRUE xor eax, eax ret .retTRUE: mov eax, TRUE ret endp run: procedure () mov eax,[ph] mov eax, [eax + processor_t.id] sub eax, PLFM_MIPS jz .MIPS_case ja .ARM_case mov eax, x86_case jmp .nname_ready .MIPS_case: mov eax, mips_case jmp .nname_ready .MIPS_case: mov eax, arm_case .nname_ready: mov [nname], eax netnode nnode,eax ;invoke netnode_check,nnode,eax,0,FALSE get_screen_ea ea ;cinvoke callui,ui_screenea,ea get_flags_novalue ea ;invoke get_flags_ex,dword[ea],GFE_NOVALUE isCode? ;and eax, MS_CLS ;cmp eax, FF_CODE jnz .locret netnode_altval nnode,ea ;invoke netnode_altval,dword[nnode],dword[ea],'A' dec eax mov [callee],eax mov eax, [ph] cmp [eax + processor_t.id], PLFM_ARM jnz .skipClearingARMmodebit and [callee], not 1 .skipClearingARMmodebit: cinvoke qsnprintf,buf,MAXSTR,form,help ccall AskUsingForm_c,buf,callee test eax, eax jz .locret cmp [callee], BADADDR jnz .valid_callee netnode_altdel nnode,ea ;invoke netnode_supdel,dword[nnode],dword[ea],'A' jmp .reanalyze .valid_callee: mov edx, [ph] cmp [edx + processor_t.id], PLFM_ARM jnz .not_ARM test al, 1 jnz .skipthumbbit invoke get_segreg,dword[callee],reg__T test eax, eax jz .skipthumbbit cmp eax, BADSEL jz .skipthumbbit or [callee], 1 .skipthumbbit: mov eax, [callee] inc eax mov [ea], eax netnode_altset nnode,ea,ea,4 ;invoke netnode_supset,dword[nnode],dword[ea],ea,4,'A' .reanalyze: noUsed ea ;mov eax, [ea] ;cmp eax, BADADDR ;jz .locret ;mov eax, [ea] ;inc eax ;invoke auto_mark_range,dword[ea],eax,$28 .locret: ret endp section '.data' data readable writeable PLUGIN plugin_t IDP_INTERFACE_VERSION,0,init,NULL,run,comment,help,wanted_name,wanted_hotkey nname dd ? nnode nodeidx_t ;dd ea ea_t ;dd comment db 'Change the callee address',0 help db 'This plugin allows the user to change the address of the called function,10,\ 'in constructs like',10,\ 10,\ ' call esi',10,\ 10,\ 'You can enter a function name instead of its address',10,0 form db 'HELP',10,\ '%s',10,\ 'ENDHELP',10,\ 'Enter the callee address',10,\ 10,\ ' <~C~allee:$:500:40:::>',10\ ,10\ ,10,0 virtual at comment wanted_name db 'Change the callee address',0 end virtual wanted_hotkey db 'Alt-F11',0 mips_case db '$ mips',0 arm_case db ' $arm',0 x86_case db '$ vmm functions',0 buf db MAXSTR dup (?) section '.idata' import data readable writeable library idawll,'IDA.WLL',\ kernel32,'KERNEL32.DLL' import idawll,\ netnode_check,'netnode_check',\ netnode_altval,'netnode_altval',\ netnode_supset,'netnode_supset',\ netnode_supdel,'netnode_supdel',\ get_flags_ex,'get_flags_ex',\ callui,'callui',\ auto_mark_range,'auto_mark_range',\ ph,'ph',\ get_segreg,'get_segreg',\ qsnprintf,'qsnprintf' import kernel32,\ DisableThreadLibraryCalls,'DisableThreadLibraryCalls' section '.edata' export data readable export 'callee.plw',\ PLUGIN,'PLUGIN' section '.reloc' fixups data readable discardable for 64effective address Code: format PE GUI 4.0 DLL as 'p64' entry DllEntryPoint include 'win32a.inc' include 'IDA6.X_SDK_target_64.inc' ;(ida.inc, idp.inc, loader.inc, kernwin.inc, bytes.inc, auto.inc, srarea.inc) macro netnode this,name,namlen:0,do_create:FALSE { ;netnode.hpp invoke netnode_check,this,name,namlen,do_create } macro netnode_altval this,alt,tag:'A' { ;netnode.hpp invoke netnode_altval,qword[this],qword[alt],tag } macro netnode_altdel this,alt,tag:'A' { ;netnode.hpp invoke netnode_supdel,qword[this],qword[alt],tag } macro netnode_altset this,alt,value,length:0,tag:'A' { ;netnode.hpp invoke netnode_supdel,qword[this],qword[alt],value,length,tag } macro get_screen_ea,ea { cinvoke callui,ui_screenea,ea } ;kernwin.hpp macro autoMark ea,type { ;auto.hpp local ..out mov eax, [ea.lo] and eax, [ea.hi] cmp eax, BADADDR jz ..out mov eax, [ea.lo] mov edx, [ea.hi] add eax, 1 adc edx, 0 invoke auto_mark_range,qword[ea],qword edx:eax,type ..out: } macro noUsed,ea { autoMark ea,AU_USED } ;auto.hpp macro isCode? reg:eax { ;bytes.hpp and reg, MS_CLS cmp reg, FF_CODE } macro get_flags_novalue,ea { invoke get_flags_ex,qword[ea],GFE_NOVALUE } ;bytes.hpp section '.text' code readable executable DllEntryPoint: procedure (hinstDLL,fdwReason,lpvReserved) mov eax, [fdwReason] cmp eax, 1 jne .retTRUE mov eax, [hinstDLL] invoke DisableThreadLibraryCalls, eax .retTRUE: xor eax, eax inc eax ret endp AskUsingForm_c: procedure (buffer,pcallee) lea eax, [pcallee] cinvoke callui,ui_form,[buffer],eax ret endp init: procedure () mov eax,[ph] mov eax, [eax + processor_t.id] test eax, eax ;PLFM_386 jz .retTRUE cmp eax, PLFM_MIPS jz .retTRUE cmp eax, PLFM_ARM jz .retTRUE xor eax, eax ret .retTRUE: mov eax, TRUE ret endp run: procedure () mov eax, [ph] mov eax, [eax + processor_t.id] sub eax, PLFM_MIPS jz .MIPS_case ja .ARM_case mov eax, x86_case jmp .nname_ready .MIPS_case: mov eax, mips_case jmp .nname_ready .MIPS_case: mov eax, arm_case .nname_ready: mov [nname], eax netnode nnode,eax ;invoke netnode_check,nnode,eax,0,FALSE get_screen_ea ea ;cinvoke callui,ui_screenea,ea get_flags_novalue ea ;invoke get_flags_ex,qword[ea],GFE_NOVALUE isCode? ;and eax, MS_CLS ;cmp eax, FF_CODE jnz .locret netnode_altval nnode,ea ;invoke netnode_altval,qword[nnode],qword[ea],'A' sub eax, 1 sbb edx, 0 mov [callee+ea_t.lo], eax mov [callee+ea_t.hi], edx mov eax, [ph] cmp [eax + processor_t.id], PLFM_ARM jnz .skipClearingthumbbit and [callee+ea_t.lo], not 1 .skipClearingthumbbit: cinvoke qsnprintf,buf,MAXSTR,form,help ccall AskUsingForm_c,buf,callee test eax, eax jz .locret mov eax, [callee+ea_t.lo] mov edx, [callee+ea_t.hi] and edx, eax cmp edx, BADADDR jnz .valid_callee netnode_altdel nnode,ea ;invoke netnode_supdel,qword[nnode],qword[ea],'A' jmp .reanalyze .valid_callee: mov edx, [ph] cmp [edx + processor_t.id], PLFM_ARM jnz .skipthumbbit test al, 1 jnz .skipthumbbit invoke get_segreg,qword[callee],reg__T and eax, edx jz .skipthumbbit cmp eax, BADSEL jz .skipthumbbit or [callee+ea_t.lo], 1 .skipthumbbit: mov eax, [callee+ea_t.lo] mov edx, [callee+ea_t.hi] add eax, 1 adc edx, 0 mov [ea], eax netnode_altset nnode,ea,ea,8 ;invoke netnode_supset,qword[nnode],qword[ea],ea,8,'A' .reanalyze: noUsed ea ;mov eax, [ea+ea_t.lo] ;and eax, [ea+ea_t.hi] ;cmp eax, BADADDR ;jz .locret ;mov eax, [ea+ea_t.lo] ;mov edx, [ea+ea_t.hi] ;add eax, 1 ;adc edx, 0 ;invoke auto_mark_range,qword[ea],qword edx:eax,$28 .locret: ret endp section '.data' data readable writeable PLUGIN plugin_t IDP_INTERFACE_VERSION,0,init,NULL,run,comment,help,wanted_name,wanted_hotkey nname dd ? nnode nodeidx_t;dq ea ea_t ;dq comment db 'Change the callee address',0 help db 'This plugin allows the user to change the address of the called function,10,\ 'in constructs like',10,\ 10,\ ' call esi',10,\ 10,\ 'You can enter a function name instead of its address',10,0 form db 'HELP',10,\ '%s',10,\ 'ENDHELP',10,\ 'Enter the callee address',10,\ 10,\ ' <~C~allee:$:500:40:::>',10\ ,10\ ,10,0 virtual at comment wanted_name db 'Change the callee address',0 end virtual wanted_hotkey db 'Alt-F11',0 mips_case db '$ mips',0 arm_case db ' $arm',0 x86_case db '$ vmm functions',0 buf db MAXSTR dup (?) section '.idata' import data readable writeable library idawll,'IDA64.WLL',\ kernel32,'KERNEL32.DLL' import idawll,\ netnode_check,'netnode_check',\ netnode_altval,'netnode_altval',\ netnode_supset,'netnode_supset',\ netnode_supdel,'netnode_supdel',\ get_flags_ex,'get_flags_ex',\ callui,'callui',\ auto_mark_range,'auto_mark_range',\ ph,'ph',\ get_segreg,'get_segreg',\ qsnprintf,'qsnprintf' import kernel32,\ DisableThreadLibraryCalls,'DisableThreadLibraryCalls' section '.edata' export data readable export 'callee.p64',\ PLUGIN,'PLUGIN' section '.reloc' fixups data readable discardable when some consistency of SDK will be reached i will update fasmpack with it inside. It additionaly will require to override pushd in way similar to ...ax.inc ...wx.inc headers (there "double" word, I used "qword") for reasons of same look coding for x32 & x64 targets. |
|||
20 Apr 2020, 15:52 |
|
ProMiNick 21 Apr 2020, 23:50
I explore IDA SDKs from 4.13 to 7.2 and I think support of 6.8 & 7.0-7.2 would be more then enought.
Why these?: I succesfuly can use IDA in 64 bit environment of my winXP64 (I don`t targeting to debugging - so all works perfect), but not all had 64bit machines. So SDK should contain 2 different versions of IDA: IDA 6.8 (last I can test for x86) & IDA 7.X (7.0 is free & buggy, so for 7.0 & 7.2 same time). root of SDK: 1. "X_TARGET" - contains macros|strucs|fixes to declare new data definition directive & size operator that are altered according to target bitness: x86.inc: Code: d? fix dd d% fix dd r? fix rd r% fix rd cell? fix dword Code: d? fix dq d% fix dq r? fix rq r% fix rq cell? fix qword 2. "COMMON" contain stuff common to all 6.8-7.2 versions, and common to different bitness of host. 3. "X86_ENVT" contain stuff related to x86 environment 4. "X64_ENVT" contain stuff related to x64 environment https://yadi.sk/d/BmUyS1Tq15GV8w - pro.H & IDA.HPP, RANGE.HPP, NETNODE.HPP, NALT.HPP, SEGMENT.HPP, LINES.HPP, BYTES.HPP implemented in corresponding incs. |
|||
21 Apr 2020, 23:50 |
|
ProMiNick 27 Apr 2020, 22:18
first plugin assembled via SDK (32bit version of x86 environment), SDK is still not fully reproduced.(64bit bersion will require pushd override seamless to xtended headers way).
https://yadi.sk/d/HTs1wxZvp6BmYw version for x64 environment will require later reversing of x64 plugins. |
|||
27 Apr 2020, 22:18 |
|
ProMiNick 28 Apr 2020, 07:46
https://yadi.sk/d/HTs1wxZvp6BmYw updated (64bit version compilable too)
in win32a.inc added this: Code: macro pushd value { match =addr var,value \{ if +var relativeto 0 | +var relativeto $ push var else lea edx,[var] push edx end if pushd equ \} match pushd =qword high:low,pushd value \{ match any [more] rest,:high[$]:\\{ match [$]:,rest \\\{ push dword high \\\} match =$:,more \\\{ push high \\\} \\} match any [more] rest,:low[$]:\\{ match [$]:,rest \\\{ push dword low \\\} match =$:,more \\\{ push low \\\} \\} pushd equ \} match pushd =qword [var],pushd value \{ push dword [var+4] push dword [var] pushd equ \} match pushd =qword num,pushd value \{ \local ..high,..low virtual at 0 dq num load ..low dword from 0 load ..high dword from 4 end virtual push ..high push ..low pushd equ \} ; I dislike support of passing strings as direct parameters match pushd,pushd \{ ;\local ..continue ;if value eqtype '' ; call ..continue ; db value,0 ; ..continue: ;else push value ;end if pushd equ \} restore pushd } It seemed like it conflict with pushd override from win32ax.inc but I don`t target to use extended headers, so or standard headers with my functionlity or extended ones with cuted off of my functional. so there is no conflict. |
|||
28 Apr 2020, 07:46 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.