flat assembler
Message board for the users of flat assembler.

Index > Windows > windows pe64 console. how to get the commandline argc argv?

Author
Thread Post new topic Reply to topic
songjiangshan



Joined: 16 Dec 2022
Posts: 5
songjiangshan 16 Dec 2022, 07:32
how to get the main(argc, argv) parameters?

i tried:
1 __GetMainArgs --- works in win32. not exist in win64.
2 __getmainargs/__wgetmainargs-- works fine in win32. not work in win64.(just nothing happen, the program crashed and exited)

3 GetCommandLine CommandLineToArgvW -- this seems to work some how.
but i am in std c. i want to use CommandLineToArgvA. but their is no such function.

if i can choose, i prefer __getmainargs function, as it is easier to call.
the problem is that i do not know why it could not work.


the working code:


Code:
;************
;* Args.asm *
;************

format PE CONSOLE
entry start

include 'win32ax.inc'

section '.text' code readable executable

  start:

    cinvoke __getmainargs,argc,argv,env,0,NULL

    cinvoke printf,<"Argc count is %d",13,10>,[argc]
    mov     eax,[argv]
    cinvoke printf,<"Program name is %s",13,10>,dword [eax]

    mov     ebx,1

.while ebx < [argc]
    add     [argv],4
    mov     eax,[argv]
    cinvoke printf,<"argv[%d] = %s",13,10>,ebx,dword [eax]
    inc     ebx
.endw

    invoke  ExitProcess,0

section '.data' data readable writeable

  argc dd ?
  argv dd ?
  env dd ?

section '.idata' import data readable writeable

  library kernel32,'kernel32.dll',\
          msvcrt,'msvcrt.dll'

  import kernel32,\
         ExitProcess,'ExitProcess'

  import msvcrt,\
         __getmainargs,'__getmainargs',\
         printf,'printf'    








the not working code:


Code:
;************
;* Args.asm *
;************

format PE64 CONSOLE
entry start

include 'win64ax.inc'

section '.text' code readable executable

  start:

    

    
    cinvoke __getmainargs,argc,argv,env,0,NULL

    cinvoke printf,<"Argc count is %d",13,10>,[argc]
    mov     rax,[argv]
    cinvoke printf,<"Program name is %s",13,10>,qword [rax]

    mov     rbx,1

.while rbx < [argc]
    add     [argv],8
    mov     rax,[argv]
    cinvoke printf,<"argv[%d] = %s",13,10>,rbx,qword [rax]
    inc     rbx
.endw

    invoke  ExitProcess,0

section '.data' data readable writeable

  argc dq ?
  argv dq ?
  env dq ?

section '.idata' import data readable writeable

  library kernel32,'kernel32.dll',\
          msvcrt,'msvcrt.dll'

  import kernel32,\
         ExitProcess,'ExitProcess'

  import msvcrt,\
         __getmainargs,'__getmainargs',\
         printf,'printf'    
Edit by revolution: Added code tags
Post 16 Dec 2022, 07:32
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 481
Location: Czech republic, Slovak republic
Feryno 16 Dec 2022, 17:24
In my PC the code compiled into this, which I ran under debugger, I see there the misaligned stack:
Code:
0000000000401000                        4883EC30                        sub rsp,30
0000000000401004                        48C7C100204000                  mov rcx,00402000
000000000040100B                        48C7C208204000                  mov rdx,00402008
0000000000401012                        49C7C010204000                  mov r8,00402010
0000000000401019                        49C7C100000000                  mov r9,00000000
0000000000401020                        48C744242000000000                      mov qword [rsp+20],00000000
0000000000401029                        FF1571200000                    call qword [00000000004030A0] ; []=00007FFDB50879D0=msvcrt.__getmainargs
000000000040102F                        4883C430                        add rsp,30
0000000000401033                        4883EC20                        sub rsp,20
0000000000401037                        EB13                    jmp 000000000040104C
0000000000401039                        417267                  jc 00000000004010A2
000000000040103C                        6320                    movsxd esp,[rax]
000000000040103E                        636F75                  movsxd ebp,[rdi+75]
0000000000401041                        6E                      outsb
0000000000401042                        7420                    jz 0000000000401064
0000000000401044                        69732025640D0A                  imul esi,[rbx+20],0A0D6425
000000000040104B                        00488D                  add [rax-73],cl
000000000040104E                        0DE6FFFFFF                      or eax,FFFFFFE6
0000000000401053                        488B15A60F0000                  mov rdx,[0000000000402000] ; []=0000000000000000
000000000040105A                        FF1548200000                    call qword [00000000004030A8] ; []=00007FFDB50C8B50=msvcrt.printf
0000000000401060                        4883C420                        add rsp,20
0000000000401064                        488B059D0F0000                  mov rax,[0000000000402008] ; []=0000000000000000
000000000040106B                        4883EC20                        sub rsp,20
000000000040106F                        EB15                    jmp 0000000000401086
0000000000401071                        50                      push rax
0000000000401072                        726F                    jc 00000000004010E3
0000000000401074                        677261                  jc 00000000004010D7
0000000000401077                        6D                      insd
0000000000401078                        206E61                  and [rsi+61],ch
000000000040107B                        6D                      insd
000000000040107C                        65206973                        GS and [rcx+73],ch
0000000000401080                        2025730D0A00                    and [00000000004A1DF9],ah ; [00000000004A1DF9]=?
0000000000401086                        488D0DE4FFFFFF                  lea rcx,[0000000000401071] ; []=206D6172676F7250
000000000040108D                        488B10                  mov rdx,[rax]
0000000000401090                        FF1512200000                    call qword [00000000004030A8] ; []=00007FFDB50C8B50=msvcrt.printf
0000000000401096                        4883C420                        add rsp,20
000000000040109A                        48C7C301000000                  mov rbx,00000001
00000000004010A1                        483B1D580F0000                  cmp rbx,[0000000000402000] ; []=0000000000000000
00000000004010A8                        7341                    jnc 00000000004010EB
00000000004010AA                        488305560F000008                        add qword [0000000000402008],08 ; []=0000000000000000
00000000004010B2                        488B054F0F0000                  mov rax,[0000000000402008] ; []=0000000000000000
00000000004010B9                        4883EC20                        sub rsp,20
00000000004010BD                        EB10                    jmp 00000000004010CF
00000000004010BF                        61                      illegal popa
00000000004010C0                        7267                    jc 0000000000401129
00000000004010C2                        765B                    jbe 000000000040111F
00000000004010C4                        25645D203D                      and eax,3D205D64
00000000004010C9                        2025730D0A00                    and [00000000004A1E42],ah ; [00000000004A1E42]=?
00000000004010CF                        488D0DE9FFFFFF                  lea rcx,[00000000004010BF] ; []=5D64255B76677261
00000000004010D6                        4889DA                  mov rdx,rbx
00000000004010D9                        4C8B00                  mov r8,[rax]
00000000004010DC                        FF15C61F0000                    call qword [00000000004030A8] ; []=00007FFDB50C8B50=msvcrt.printf
00000000004010E2                        4883C420                        add rsp,20    


there should be sub rsp,38h correctly
unfortunatelly I can't help you how to fix macros... I do not use macros, I do most of things by my own hands
btw I wouldn't use mov rcx,00402000 but LEA RCX,[address]
other notes it is quite inefficient to add and sub rsp so many times, it is enough to sub rsp at once in the prologue and then do not add/sub rsp during the procedure, restoring rsp back only at the epilogue at once

this program runs fine at me:
Code:
format PE64 CONSOLE at (1 shl 32) on 'nul'

section '.text' code readable executable

entry $

        push    rbx

; here we use stack for memory variables

a       =       1                       ; return address from the procedure (the last RET instruction uses it to return back to the caller)
b       =       1                       ; number of pushed registers (only 1 register push RBX)
; we will set up 'c' later as it cannot yet be calculated
d       =       1                       ; 1 qword for 5th param startupinfo
e       =       1                       ; 1 qword used for env
f       =       1                       ; 1 qword used for argv
g       =       1                       ; 1 qword used for argc
h       =       1                       ; 5th param passed to function via stack
i       =       4                       ; number of qwords reserved for system - qwords [rsp+8*0],... [rsp+8*3]

c       =       (a+b+d+e+f+g+h+i) and 1 ; aligning stack 10h, this could be 0 or 1 qword

stack_frame_size        =       8*(c+d+e+f+g+h+i)
        sub     rsp,stack_frame_size

; the stack frame looks like:
; <- top of stack
; a (ret addr)
; b (pushed regs)
; c (nothing or 1 qword for aligning at 10h)
; d, e, f, g (stack frame)
; h (1 qword for passing 5th arg)
; i (4 qwords)
; <- current RSP

        lea     rax,[rsp+8*(i+h+g+f+e)]
        and     qword [rax],0
        mov     qword [rsp+8*i],rax             ; 5th param
        xor     r9,r9                           ; 4th param
        lea     r8,[rsp+8*(i+h+g+f)]            ; 3rd param
        lea     rdx,[rsp+8*(i+h+g)]             ; 2nd param
        lea     rcx,[rsp+8*(i+h)]               ; 1st param
        call    [__getmainargs]
        test    eax,eax
        jz      OK
        lea     rcx,[msg_error]
        call    [printf]
        jmp     exit

OK:     mov     edx,[rsp+8*(i+h)]
        lea     rcx,[msg_argc]
        call    [printf]

        mov     rax,[rsp+8*(i+h+g)]
        mov     rdx,[rax]
        lea     rcx,[msg_progname]
        call    [printf]

        mov     ebx,1

align 10h
L0:     cmp     [rsp+8*(i+h)],ebx
        jbe     exit

        mov     rax,[rsp+8*(i+h+g)]
        mov     r8,[rax + rbx*8]
        mov     edx,ebx
        lea     rcx,[msg_argv]
        call    [printf]

        inc     ebx
        jmp     L0

align 10h
exit:   xor     ecx,ecx
        call    [ExitProcess]   

; this should not execute, but it is here as and example of epilogue
        add     rsp,stack_frame_size
        pop     rbx
        xor     eax,eax
        ret


section '.data' data readable writeable
msg_error       db      '__getmainargs failed',0Dh,0Ah,0
msg_argc        db      'Argc count is %d',0Dh,0Ah,0
msg_progname    db      'Program name is %s',0Dh,0Ah,0
msg_argv        db      'argv[%d] = %s',0Dh,0Ah,0


section '.idata' import data readable writeable

                        dd      0,0,0,  RVA kernel_name,        RVA kernel_table
                        dd      0,0,0,  RVA msvcrt_name,        RVA msvcrt_table
                        dd      0,0,0,  0,                      0

kernel_table:
ExitProcess             dq      RVA _ExitProcess
                        dq      0
msvcrt_table:
__getmainargs           dq      RVA ___getmainargs
printf                  dq      RVA _printf
                        dq      0

kernel_name             db      'KERNEL32.DLL',0
msvcrt_name             db      'MSVCRT.DLL',0

; kernel32.dll:
_ExitProcess            db      0,0,'ExitProcess',0

; msvcrt.dll:
___getmainargs          db      0,0,'__getmainargs',0
_printf                 db      0,0,'printf',0    


here its disasm:
Code:
0000000100001000                        53                      push rbx
0000000100001001                        4883EC50                sub rsp,50
0000000100001005                        488D442440              lea rax,[rsp+40]
000000010000100A                        48832000                and qword [rax],00
000000010000100E                        4889442420              mov [rsp+20],rax
0000000100001013                        4D31C9                  xor r9,r9
0000000100001016                        4C8D442438              lea r8,[rsp+38]
000000010000101B                        488D542430              lea rdx,[rsp+30]
0000000100001020                        488D4C2428              lea rcx,[rsp+28]
0000000100001025                        FF1521200000            call qword [000000010000304C] ; []=00007FFDB50879D0=msvcrt.__getmainargs
000000010000102B                        85C0                    test eax,eax
000000010000102D                        740F                    jz 000000010000103E
000000010000102F                        488D0DCA0F0000          lea rcx,[0000000100002000] ; []=69616D7465675F5F
0000000100001036                        FF1518200000            call qword [0000000100003054] ; []=00007FFDB50C8B50=msvcrt.printf
000000010000103C                        EB62                    jmp 00000001000010A0
000000010000103E                        8B542428                mov edx,[rsp+28]
0000000100001042                        488D0DCE0F0000          lea rcx,[0000000100002017] ; []=756F632063677241
0000000100001049                        FF1505200000            call qword [0000000100003054] ; []=00007FFDB50C8B50=msvcrt.printf
000000010000104F                        488B442430              mov rax,[rsp+30]
0000000100001054                        488B10                  mov rdx,[rax]
0000000100001057                        488D0DCC0F0000          lea rcx,[000000010000202A] ; []=206D6172676F7250
000000010000105E                        FF15F01F0000            call qword [0000000100003054] ; []=00007FFDB50C8B50=msvcrt.printf
0000000100001064                        BB01000000              mov ebx,00000001
0000000100001069                        90                      nop
000000010000106A                        90                      nop
000000010000106B                        90                      nop
000000010000106C                        90                      nop
000000010000106D                        90                      nop
000000010000106E                        90                      nop
000000010000106F                        90                      nop
0000000100001070                        395C2428                cmp [rsp+28],ebx
0000000100001074                        762A                    jbe 00000001000010A0
0000000100001076                        488B442430              mov rax,[rsp+30]
000000010000107B                        4C8B04D8                mov r8,[rax+rbx*8]
000000010000107F                        89DA                    mov edx,ebx
0000000100001081                        488D0DB70F0000          lea rcx,[000000010000203F] ; []=5D64255B76677261
0000000100001088                        FF15C61F0000            call qword [0000000100003054] ; []=00007FFDB50C8B50=msvcrt.printf
000000010000108E                        FFC3                    inc ebx
0000000100001090                        EBDE                    jmp 0000000100001070
0000000100001092                        90                      nop
0000000100001093                        90                      nop
0000000100001094                        90                      nop
0000000100001095                        90                      nop
0000000100001096                        90                      nop
0000000100001097                        90                      nop
0000000100001098                        90                      nop
0000000100001099                        90                      nop
000000010000109A                        90                      nop
000000010000109B                        90                      nop
000000010000109C                        90                      nop
000000010000109D                        90                      nop
000000010000109E                        90                      nop
000000010000109F                        90                      nop
00000001000010A0                        31C9                    xor ecx,ecx
00000001000010A2                        FF15941F0000            call qword [000000010000303C] ; []=00007FFDB6B6E860=KERNEL32.ExitProcess
00000001000010A8                        4883C450                add rsp,50
00000001000010AC                        5B                      pop rbx
00000001000010AD                        31C0                    xor eax,eax
00000001000010AF                        C3                      ret    
Post 16 Dec 2022, 17:24
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
songjiangshan



Joined: 16 Dec 2022
Posts: 5
songjiangshan 25 Dec 2022, 01:49
thanks @Feryno

it works
Post 25 Dec 2022, 01:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.