flat assembler
Message board for the users of flat assembler.

Index > Windows > x64 code in x86 file

Author
Thread Post new topic Reply to topic
roxaz



Joined: 27 Jul 2008
Posts: 25
roxaz
http://vx.netlux.org/lib/vrg02.html

maybe we can hope fasm to support this too? ^_^
Post 12 Jul 2009, 15:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17628
Location: In your JS exploiting you and your system
revolution
fasm already supports mixed 32/64 code. Has done for a long time.
Post 12 Jul 2009, 15:55
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7782
Location: Kraków, Poland
Tomasz Grysztar
And with fasm you really don't have to use "db" directives to build jumps. Wink
Post 12 Jul 2009, 15:56
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3018
Location: vpcmipstrm
bitRAKE
Syntax is a little different:
Code:
     format PE GUI 4.0
   include 'win32wxp.inc'
    .end start

      use64
in64:
  mov rax, qword [gs:30h] ;gs not fs
      mov rax, qword [rax+60h]
    mov rax, qword [rax+18h]
    mov rax, qword [rax+30h]
    mov rax, qword [rax+10h]

; use native 64-bit interface

   retfd
       use32


start:
 call 33h:in64
   ;32-bit code continues here
 
        invoke ExitProcess, 0    
Edit: Thanks, Tomasz


Last edited by bitRAKE on 12 Jul 2009, 19:07; edited 1 time in total
Post 12 Jul 2009, 16:02
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7782
Location: Kraków, Poland
Tomasz Grysztar
bitRAKE: still one thing could use small correction - put USE32 after RETF instead of before (because return instruction still belongs to a 64-bit world) and change RETF to RETFD to get same result in a more "proper" way.
Post 12 Jul 2009, 16:07
View user's profile Send private message Visit poster's website Reply with quote
roxaz



Joined: 27 Jul 2008
Posts: 25
roxaz
heh noob me... should have checked before posting ^_^
Post 12 Jul 2009, 17:43
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I hope the people who asked about mixing 32- and 64-bit code is looking at this right now. Any comments about the reliability of this method?
Post 12 Jul 2009, 17:43
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
What's with the 33h after the call? Is that a segment? How does it work anyway? Confused

(btw is hard-coding segment values reliable?)

_________________
Previously known as The_Grey_Beast
Post 12 Jul 2009, 22:07
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
website at top of thread wrote:

Heaven's Gate

The jump in wow64cpu.dll is a 64-bit gate. We can jump through it into the world of 64-bit code: 64-bit address space, 64-bit registers, 64-bit calls. We might think that jumping into wow64cpu.dll is useless because we cannot control where it goes after that, but of course we can change the address ourself to anywhere we like. We can alter the address inside wow64cpu.dll, we can alter the address at fs:[0c0h], or we can just call through the gate on our own. The gate maps the entire 4Gb of memory, and the selector value is always 33h.
Post 12 Jul 2009, 22:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17628
Location: In your JS exploiting you and your system
revolution
LocoDelAssembly wrote:
Any comments about the reliability of this method?
Since MS have in no way said that all the various offset and/or segment values will remain static then this method could well fail on some future Windows version. Plus the fact that the native interface is also not-documented (a deliberate decision by MS so that they can change if they need to) so basically, use with caution and if it bombs then tough, you won't get help from any official documents.
Post 12 Jul 2009, 23:44
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Exactly that was the point of my question.

_________________
Previously known as The_Grey_Beast
Post 12 Jul 2009, 23:48
View user's profile Send private message Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
shouldn't it be 4 giga BYTES? http://xkcd.com/394/
I hate when they get it wrong Sad
Post 13 Jul 2009, 09:25
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.