flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > Quick Decoder 64 - Hex editor for DOS and WINDOWS

Author
Thread Post new topic Reply to topic
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 11 Aug 2018, 20:47
Quick Decoder 64 - Hex editor for DOS and WINDOWS


Description:
Filesize: 11.68 KB
Viewed: 17853 Time(s)

QD-00001.PNG


Description:
Filesize: 10.9 KB
Viewed: 17853 Time(s)

QD-00000.PNG


Description:
Download
Filename: QD.7Z
Filesize: 678.71 KB
Downloaded: 954 Time(s)


_________________
smaller is better


Last edited by CandyMan on 01 Aug 2022, 20:15; edited 8 times in total
Post 11 Aug 2018, 20:47
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 12 Aug 2018, 09:47
Manages to draw its window only once before this happens.


Description: Screenshot of Access Violation in QD.
Filesize: 7.48 KB
Viewed: 17833 Time(s)

1.png


Post 12 Aug 2018, 09:47
View user's profile Send private message Visit poster's website Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 12 Aug 2018, 16:29
cannot reproduce this bug. what system version you use? whether you could check where exactly this bug is appearing using x96dbg debugger (the last correct address)? what instruction and register causes exception? try to delete the qd.hgl file and then to run a program.

_________________
smaller is better
Post 12 Aug 2018, 16:29
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 12 Aug 2018, 23:36
CandyMan wrote:
cannot reproduce this bug. what system version you use? whether you could check where exactly this bug is appearing using x96dbg debugger (the last correct address)? what instruction and register causes exception? try to delete the qd.hgl file and then to run a program.

1) Windows 10 LTSB, 1607, 14393.2368
2) Don’t have it right now, otherwise I’d probably give more insight on possible reasons. Will download it or something similar in the morning. At least, AFAICT, has nothing to do with file system paths (tried both long and short ones including different volumes).
3) qd.hgl deletion didn’t help.

UPD. IDA 7.0 stopped at ntdll.dll:00007FFA22A2D55B (which seems to be the same address as at the screenshot, with respect to ASLR). The instruction there is
Code:
movaps xmm0, xmmword ptr [rsp+40h]    
Tracing back to the program code it seems like the call to FindFirstFileA at 0x4065FA causes the access violation. The parameters passed are:
ECX = 0x4A2160 (pointer to "*.*" string)
EDX = 0x4A30CD

According to this page,
Quote:
The alignment of the beginning of a structure or a union is the maximum alignment of any individual member.


For WIN32_FIND_DATA this alignment is at least 4 while the program passes unaligned pointer. From my experience, this can be the case.
Post 12 Aug 2018, 23:36
View user's profile Send private message Visit poster's website Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 13 Aug 2018, 15:06
it for me looks like the unaligned address of the stack. thanks for the help.

_________________
smaller is better
Post 13 Aug 2018, 15:06
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 13 Aug 2018, 15:55
CandyMan wrote:
it for me looks like the unaligned address of the stack. thanks for the help.

I don’t think 0x4A30CD is a stack address. It is somewhere in the data section. Both addresses are moved to registers as constants so it shouldn’t be a stack address. Don’t know why the function uses globally defined structure for its local task but it seems the problem is with this structure alignment which is easier to find and fix than looking through the whole program for stack misalignments.
Post 13 Aug 2018, 15:55
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo 13 Aug 2018, 18:40
CandyMan wrote:
it for me looks like the unaligned address of the stack. thanks for the help.


Naive question (since I don't fully understand SIMD), why not just use "movups" instead?
Post 13 Aug 2018, 18:40
View user's profile Send private message Visit poster's website Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 13 Aug 2018, 19:42
rugxulo wrote:
CandyMan wrote:
it for me looks like the unaligned address of the stack. thanks for the help.


Naive question (since I don't fully understand SIMD), why not just use "movups" instead?

The instruction is part of a function within a system DLL. 64-bit Windows conventions are written in a way that lets Microsoft rely on proper data alignment.

It sometimes shines through to the 32-bit applications though: I once had a problem with 32-bit application using DirectShow which passed some pointer to a component that required 64-bit-convention alignment.
Post 13 Aug 2018, 19:42
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4050
Location: vpcmpistri
bitRAKE 17 Jan 2019, 19:59
It's possible to patch a single byte at $4078AC from $10 to $18, aligning the stack. The routine finishes with LEAVE instruction, so no change needed there.

I've attached a picture to further ease discovery of location...
(Wonderful tool thank you for sharing!)

I recommend use of the ENTER instruction, as it's processor mode agnostic and only four bytes. Compared to PUSH/MOV/SUB which is six bytes. The code used is conflicted as it MOV 64-bit and then SUB 32-bit (trashing the upper dword). It works but the MOV may as well be 32-bit.


Description:
Filesize: 94.6 KB
Viewed: 16748 Time(s)

QS_Error64.PNG



_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 17 Jan 2019, 19:59
View user's profile Send private message Visit poster's website Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1392
Location: Piraeus, Greece
Picnic 03 Mar 2019, 21:19
Excellent IDE work CandyMan. May i suggest a feature: to search directory by just typing its first letter, you know like in Windows explorer.
Post 03 Mar 2019, 21:19
View user's profile Send private message Visit poster's website Reply with quote
connor



Joined: 07 Jun 2016
Posts: 79
connor 11 Mar 2019, 03:44
any idea how to compile as a .cmd for the bdos file system?

obviously i don't.

_________________
cars tech weed bitches country & thug life
Post 11 Mar 2019, 03:44
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 14 Aug 2023, 09:21
Here version that works in VCPI mode with free memory beyond (4GB).
Windows version unfortunately not works with new OS like Windows 11


Description: QD for Dos64/Win64
Download
Filename: QD64.7Z
Filesize: 1.02 MB
Downloaded: 164 Time(s)


_________________
smaller is better
Post 14 Aug 2023, 09:21
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.