flat assembler
Message board for the users of flat assembler.

Index > Windows > "call" doing wrong

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 04 Aug 2020, 13:52
bitRAKE wrote:
... but when assemblers starting making decisions what a return instruction is based on the context ...
It is the macros that override ret, not the assembler. If you choose to use the fasm provided macro set then it is something to be aware of, along with the EDX corruption inside invoke/stdcall/ccall/cinvoke.
Post 04 Aug 2020, 13:52
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 04 Aug 2020, 13:53
Overclick wrote:
about call:
How stupid (slowly) will be that:
Code:
macro call destination {
   push  rip
   push  rax
   mov   rax,<sum of opcodes size>
   add   [rsp+8],rax
   pop   rax
   jmp   destination
}    
You don't need it. There is something else in your code causing the problem.
Post 04 Aug 2020, 13:53
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 669
Location: Ukraine
Overclick 04 Aug 2020, 14:03
Just to test it
Post 04 Aug 2020, 14:03
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 669
Location: Ukraine
Overclick 04 Aug 2020, 15:18
revolution, why JMP works fine in same condition? What have I done to corrupt call addressing for "call" only?
Post 04 Aug 2020, 15:18
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 04 Aug 2020, 15:56
It isn't call that is corrupted, it is your stack that is corrupted, because ret is doing more than you expect.

Try bitRAKEs suggestion to use retn for any internal function within your proc. Or try my suggestion to move the function out of the proc.
Post 04 Aug 2020, 15:56
View user's profile Send private message Visit poster's website Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 04 Aug 2020, 16:02
bitRAKE wrote:
but when assemblers starting making decisions what a return instruction is based on the context

They don’t. It’s a macro thing, the source is available, the behaviour is documented and the feature is done in a way that makes it feel quite natural. One should always know what is going on under the hood of any library or syntax sugar feature to avoid cargo cults.

Overclick wrote:
Why it is not documented anyhow?

FASM.pdf, end of the section 3.1.3.

Computers never do what you want, they always do what you asked for.
Post 04 Aug 2020, 16:02
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 669
Location: Ukraine
Overclick 04 Aug 2020, 16:22
Once again Crying or Very sad:
I don't have any issues with ret or stack itself. Error happens before ret.
For example:
Code:
must_be_executed:
    <any visible operations> 
    invoke              ExitProcess,rax    ; or MessageBox or anything BEFORE ret and stack request.
    ret
.....
DlgProc
...
call must_be_executed    ; jumps to hell 
jmp must_be_executed   ; works just fine
...
ret
endp    
Post 04 Aug 2020, 16:22
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 04 Aug 2020, 16:37
Show us a minimal example that exhibits your problem, something complete we can compile without having to guess any other parts.
Post 04 Aug 2020, 16:37
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 669
Location: Ukraine
Overclick 04 Aug 2020, 20:47
Here we go:
Code:
format PE64 GUI 5.0
entry start
include 'win64a.inc'
section '.data' data readable writeable
    message db 'WHERE IS MY MESSAGE?',0
section '.text' code readable executable
  start:
        invoke  GetModuleHandle,0
        invoke  DialogBoxParam,rax,37,HWND_DESKTOP,DialogProc,0
        invoke  ExitProcess,0
  LOOK_AT_ME:
        invoke  MessageBox,HWND_DESKTOP,message,0,MB_OK
  ret
proc DialogProc uses rbx rsi rdi,hWnd,wMsg,wParam,lParam
        mov             [hWnd],rcx
        mov             [wMsg],rdx
        mov             [wParam],r8
        mov             [lParam],r9

        cmp     [wMsg],WM_COMMAND
        je      .wmcommand
        cmp     [wMsg],WM_CLOSE
        je      .wmclose
        xor     rax,rax
        jmp     .finish
  .wmcommand:
        cmp     [wParam],BN_CLICKED shl 16 + IDOK
        jne     .processed
        call    LOOK_AT_ME
        ret
  .wmclose:
        invoke  EndDialog,[hWnd],0
  .processed:
        mov     rax,1
  .finish:
        ret
endp
section '.idata' import data readable writeable
  library kernel,'KERNEL32.DLL',\
          user,'USER32.DLL'
  import kernel,\
         GetModuleHandle,'GetModuleHandleA',\
         ExitProcess,'ExitProcess'
  import user,\
         DialogBoxParam,'DialogBoxParamA',\
         CheckRadioButton,'CheckRadioButton',\
         GetDlgItemText,'GetDlgItemTextA',\
         IsDlgButtonChecked,'IsDlgButtonChecked',\
         MessageBox,'MessageBoxA',\
         EndDialog,'EndDialog'
section '.rsrc' resource data readable
  directory RT_DIALOG,dialogs
  resource dialogs,\
           37,LANG_ENGLISH+SUBLANG_DEFAULT,demonstration
  dialog demonstration,'Create message box',70,70,190,175,WS_CAPTION+WS_POPUP+WS_SYSMENU+DS_MODALFRAME
       dialogitem 'BUTTON','OK',IDOK,85,150,45,15,WS_VISIBLE+WS_TABSTOP+BS_DEFPUSHBUTTON
  enddialog    

It was ok at 32bit but 64 just crashing
Post 04 Aug 2020, 20:47
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 04 Aug 2020, 23:14
This is a case of unaligned stack. Try this
Code:
;...
  start:
        push    rbp ;<-- add me
        invoke  GetModuleHandle,0
        invoke  DialogBoxParam,rax,37,HWND_DESKTOP,DialogProc,0
        invoke  ExitProcess,0
  LOOK_AT_ME:
        push    rbp ;<-- add me
        invoke  MessageBox,HWND_DESKTOP,message,0,MB_OK
        pop     rbp ;<-- add me
  ret
;...    
Post 04 Aug 2020, 23:14
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.