flat assembler
Message board for the users of flat assembler.

Index > Main > Virtual label addressing problem

Author
Thread Post new topic Reply to topic
hellomachine



Joined: 18 May 2023
Posts: 22
Location: I don't even exist
hellomachine 20 May 2023, 19:11
Hello, I designed a function with its jmp data-table.
Also, I used virtual to move the jmp data-table to data section.
But when I used jmp QWORD[rax] to jump to the special label of that function,
I got seg fault problem. I think there is a problem with
dq .ret1
dq .ret2
(addressing a function label in virtual) ...

Code:
format MS64 COFF

virtual at 0x00
 data8::
end virtual

public func

section '.text' code readable executable align 64

func:
        lea     rax, [8*1+.jmp_table+data8.start] ; .ret2 address
        jmp     QWORD [rax]
 .ret1: mov     eax, 1
        ret
 .ret2: mov     eax, 2
        ret

 virtual data8
  .jmp_table:
        dq      .ret1
        dq      .ret2
 end virtual

section '.rdata' data readable align 64

 virtual data8
  data8.size=$-$$
 end virtual

 data8.start:

 repeat data8.size
  load a BYTE from data8:%-1
  db a
 end repeat
    

_________________
JESUS _F_ CHRIST
Post 20 May 2023, 19:11
View user's profile Send private message Reply with quote
hellomachine



Joined: 18 May 2023
Posts: 22
Location: I don't even exist
hellomachine 21 May 2023, 19:34
No Idea?
Post 21 May 2023, 19:34
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1004
Location: Russia
macomics 21 May 2023, 21:02
It's still simple. It is enough to look at your code in a hex editor or disassembler. To do this, you do not need to write to the forum
Code:
~ $ objdump -h -D test11.obj -M intel

test11.obj:     file format pe-x86-64

Разделы:
Idx Name          Size      VMA               LMA               PA  offs.  Alg.
  0 .text         00000015  0000000000000000  0000000000000000  00000064  2**6
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
  1 .rdata        00000010  0000000000000000  0000000000000000  00000079  2**6
                  CONTENTS, ALLOC, LOAD, READONLY, DATA

Disassembling .text:

0000000000000000 <func>:
   0:   48 8d 05 08 00 00 00    lea    rax,[rip+0x8]        # f <func+0xf> ; and there should be lea [rip + .rdata.jmp_table + 0x8]
   7:   ff 20                   jmp    QWORD PTR [rax] ; jmp 0x000000000000000F ; and there should be jmp $$+0x000000000000000F
   9:   b8 01 00 00 00          mov    eax,0x1
   e:   c3                      ret
   f:   b8 02 00 00 00          mov    eax,0x2
  14:   c3                      ret

Disassembling .rdata:

0000000000000000 <.rdata>:
   0:   09 00                   or     DWORD PTR [rax],eax ; dq .rel1 = 0x0000000000000009
   2:   00 00                   add    BYTE PTR [rax],al
   4:   00 00                   add    BYTE PTR [rax],al
   6:   00 00                   add    BYTE PTR [rax],al
   8:   0f 00 00                sldt   WORD PTR [rax] ; dq .rel2 = 0x0000000000000000F
   b:   00 00                   add    BYTE PTR [rax],al
   d:   00 00                   add    BYTE PTR [rax],al    

Try
Code:
format MS64 COFF

virtual at 0x00
 data8::
end virtual

public func

section '.text' code readable executable align 64

func:
        call    @f
  @@:
        lea     rdx, [data8.start] ; .ret2 address
        mov     rax, [rdx + .jmp_table + 8 * 1]
        pop     rdx
        add     rax, rdx
        jmp     rax
 .ret1: mov     eax, 1
        ret
 .ret2: mov     eax, 2
        ret

 virtual data8
  .jmp_table:
        dq      .ret1 - @b
        dq      .ret2 - @b
 end virtual

section '.rdata' data readable align 64

 virtual data8
  data8.size=$-$$
 end virtual

 data8.start:

 repeat data8.size
  load a BYTE from data8:%-1
  db a
 end repeat    
Post 21 May 2023, 21:02
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1004
Location: Russia
macomics 21 May 2023, 21:33
Code:
~ $ objdump -d ./test11 -m intel
...

0000000000001180 <func>:
    1180:       e8 00 00 00 00          call   1185 <func+0x5> ; call @f
 @@:
    1185:       48 8d 15 b4 0e 00 00    lea    rdx,[rip+0xeb4]        # 2040 <_IO_stdin_used+0x40> ; 2040 - 118C = 0EB4 OK
    118c:       48 8b 42 08             mov    rax,QWORD PTR [rdx+0x8] ; data8.start(=rdx) + .jmp_table(=0) + 8 * 1 = 8 OK
    1190:       5a                      pop    rdx ; rdx = 1185
    1191:       48 01 d0                add    rax,rdx ; rax = 1185 + 17 = 119C = .rel2 OK
    1194:       ff e0                   jmp    rax
 .rel1:
    1196:       b8 01 00 00 00          mov    eax,0x1
    119b:       c3                      ret
 .rel2:
    119c:       b8 02 00 00 00          mov    eax,0x2
    11a1:       c3                      ret

...

0000000000002040 <.rdata>:
    2040:       11 00                   adc    DWORD PTR [rax],eax ; dq 0x0000000000000011 ; .rel1
    2042:       00 00                   add    BYTE PTR [rax],al
    2044:       00 00                   add    BYTE PTR [rax],al
    2046:       00 00                   add    BYTE PTR [rax],al
    2048:       17                      (bad) ; dq 0x0000000000000017 ; .rel2
    2049:       00 00                   add    BYTE PTR [rax],al
    204b:       00 00                   add    BYTE PTR [rax],al
    204d:       00 00                   add    BYTE PTR [rax],al
    
Post 21 May 2023, 21:33
View user's profile Send private message Reply with quote
hellomachine



Joined: 18 May 2023
Posts: 22
Location: I don't even exist
hellomachine 22 May 2023, 07:00
macomics wrote:
It's still simple. It is enough to look at your code in a hex editor or disassembler. To do this, you do not need to write to the forum
Code:
~ $ objdump -h -D test11.obj -M intel

test11.obj:     file format pe-x86-64

Разделы:
Idx Name          Size      VMA               LMA               PA  offs.  Alg.
  0 .text         00000015  0000000000000000  0000000000000000  00000064  2**6
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
  1 .rdata        00000010  0000000000000000  0000000000000000  00000079  2**6
                  CONTENTS, ALLOC, LOAD, READONLY, DATA

Disassembling .text:

0000000000000000 <func>:
   0:   48 8d 05 08 00 00 00    lea    rax,[rip+0x8]        # f <func+0xf> ; and there should be lea [rip + .rdata.jmp_table + 0x8]
   7:   ff 20                   jmp    QWORD PTR [rax] ; jmp 0x000000000000000F ; and there should be jmp $$+0x000000000000000F
   9:   b8 01 00 00 00          mov    eax,0x1
   e:   c3                      ret
   f:   b8 02 00 00 00          mov    eax,0x2
  14:   c3                      ret

Disassembling .rdata:

0000000000000000 <.rdata>:
   0:   09 00                   or     DWORD PTR [rax],eax ; dq .rel1 = 0x0000000000000009
   2:   00 00                   add    BYTE PTR [rax],al
   4:   00 00                   add    BYTE PTR [rax],al
   6:   00 00                   add    BYTE PTR [rax],al
   8:   0f 00 00                sldt   WORD PTR [rax] ; dq .rel2 = 0x0000000000000000F
   b:   00 00                   add    BYTE PTR [rax],al
   d:   00 00                   add    BYTE PTR [rax],al    

Try
Code:
format MS64 COFF

virtual at 0x00
 data8::
end virtual

public func

section '.text' code readable executable align 64

func:
        call    @f
  @@:
        lea     rdx, [data8.start] ; .ret2 address
        mov     rax, [rdx + .jmp_table + 8 * 1]
        pop     rdx
        add     rax, rdx
        jmp     rax
 .ret1: mov     eax, 1
        ret
 .ret2: mov     eax, 2
        ret

 virtual data8
  .jmp_table:
        dq      .ret1 - @b
        dq      .ret2 - @b
 end virtual

section '.rdata' data readable align 64

 virtual data8
  data8.size=$-$$
 end virtual

 data8.start:

 repeat data8.size
  load a BYTE from data8:%-1
  db a
 end repeat    


Thanks, Your solution worked, but it adds too many extra ops, which regrets me from using virtual ! I think it's better to use another file for jmp-table and I just include it in data section !!!

_________________
JESUS _F_ CHRIST
Post 22 May 2023, 07:00
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.