Message board for the users of flat assembler.
> Windows > win64 64 bit source samples, executables
Goto page Previous 1, 2, 3, 4, 5, 6, 7
Feryno 07 Jul 2006, 12:19
A piece a cake !
Exception handling is done, include recovering from exception.
Added option for debug exception handler into fdbg (see !_news.txt)
A made some antidebugs based on exception, see files in fdbg package.
|07 Jul 2006, 12:19||
Chewy509 24 Jul 2006, 04:56
Is there any way to know how much room needs to be reserved for the API? Or does it just need 4 qwords and the rest are for us to play with? And does the reserved space count always have to be odd, eg 1, 3, 5, 7, 9, 11, etc?
|24 Jul 2006, 04:56||
Feryno 24 Jul 2006, 06:50
yes, it is as you wrote
every API needs 4 qwords reserved, no more
rsp must be aligned 16
so sub rsp,8*5 reserve 4 qwords at [rsp+8*0], ... [rsp+8*3] for API
qword [rsp+8*4] is here only for align 16 rsp or you can use it for yourself
another prologue sample when pushing nonparity number of registers:
again rsp aligned 16 and 4 qwords reserved for API
sample when you push nothing and you need 2 qwords for local variables on the stack
sub rsp,8*7 ; 4 for api, 2 for us and 1 for align stack 16
... your code
add rsp,8*7 ; epilogue
push parity number of registers + subtracting nonparity power of 8
push nonparity number of regs + subtracting parity power of 8
this is the same at exe entry point and every procedure prologue
(difference is of course any epilogue isn't necessary after ExitProcess)
|24 Jul 2006, 06:50||
Chewy509 26 Jul 2006, 23:59
Thanks for the info and clarification. It's just incredible that MS would come up with having a call procedure where the caller having to reserve space for the caller on the stack!
|26 Jul 2006, 23:59||
Feryno 27 Jul 2006, 05:35
Yes, ms reserve 4 qwords for not essential things. I traced some APIs and I found only 1 usage of this space - APIs usualy save nonvalatile registers there (rbx, rsi, rdi, rbp, r12-r15). APIs can simple PUSH/POP them from the stack - most of APIs do it in this way, only a few of APIs realy use 4 qwords reserved. But if API needs to use mov qword [rsp+-...],reg64 then API can use its own reserved stack space by sub rsp,space_size.
Strage idea... I have only 1 strange explanation...
Maybe the first idea was to put API params in the stack as in 32-bit world. The second idea was when ms developers decided: 'why to use stack when we have 2* more registers' and the most of APIs use not more than 4 input params - so developers changed first 4 input params from qword [rsp+8*0], [rsp+8*1], [rsp+8*2], [rsp+8*3] to rcx, rdx, r8, r9 (btw you can't push imm64 value, you can push only max. imm32 value in range from -80000000h to +7FFFFFFFh and how to put imm64 value in the stack - only indirect by mov reg64,value and then push reg64 or mov [rsp+-...],reg64 ) . 5th and above params stayed in the stack. And at the end somebody decided to use 4 free qwords for API purposes and thus complicate life of ASM coders ?
|27 Jul 2006, 05:35||
Garthower 11 Aug 2006, 10:22
Somebody has the information about SoftIce64 for x64? I tried to find any information on it on site Numega, but there even was not present in the list of such product, as Driver Studio
|11 Aug 2006, 10:22||
|Goto page Previous 1, 2, 3, 4, 5, 6, 7
< Last Thread | Next Thread >
Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.
Website powered by rwasa.