flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > rb fasm syntax

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20627
Location: In your JS exploiting you and your system
revolution 02 Mar 2024, 15:47
The zeroing, even if done by most major OS loaders, is not always guaranteed. It is merely done "for security" but isn't always stated.

For example, I doubt that Win95 does any zeroing. So assuming that it is done and "you'll be alright" can be false.

Also, the "BSS" section isn't the only section that can have uninitialised data. Indeed the BSS section isn't special at all. It is just a convention made by the common exe generation tools like MS link et. al. For fasm files we can make any and all sections have uninitialised data in any part of the exe we choose.

The current versions of fasm might call a zeroing allocator but it isn't guaranteed. Other OSes have different rules. Relying upon unspecified behaviour is a great way to end up in trouble.
Post 02 Mar 2024, 15:47
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2624
Furs 02 Mar 2024, 18:48
I think .bss (and unreserved sections in general) is guaranteed to be zeros by the specs. It is in C at least.
Post 02 Mar 2024, 18:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20627
Location: In your JS exploiting you and your system
revolution 02 Mar 2024, 18:59
Furs wrote:
I think .bss (and unreserved sections in general) is guaranteed to be zeros by the specs. It is in C at least.
Which specs?

If it relies upon the C startup code then it has no effect for fasm sources unless you link to the C library.

The BSS section itself is not special (like I mentioned above). Only other code, like C et.al., try to make it special. The OS loader doesn't know about it, or care about it. It just loads what the exe tells it to. And if the OS isn't "modern and secure" then you are playing a game of chance to know if uninitialised sections are zeroed. Why play such a game? It is literally just a handful of instructions that run once at startup, to guarantee things are what you expect.
Post 02 Mar 2024, 18:59
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2624
Furs 03 Mar 2024, 15:54
revolution wrote:
Furs wrote:
I think .bss (and unreserved sections in general) is guaranteed to be zeros by the specs. It is in C at least.
Which specs?

If it relies upon the C startup code then it has no effect for fasm sources unless you link to the C library.

The BSS section itself is not special (like I mentioned above). Only other code, like C et.al., try to make it special. The OS loader doesn't know about it, or care about it. It just loads what the exe tells it to. And if the OS isn't "modern and secure" then you are playing a game of chance to know if uninitialised sections are zeroed. Why play such a game? It is literally just a handful of instructions that run once at startup, to guarantee things are what you expect.
What do you mean? .bss has the IMAGE_SCN_CNT_UNINITIALIZED_DATA flag which makes it "special" and that's what gives it the behavior?

I mean of course you can use this flag on any other section to turn it "special", but the point is, it does have a mechanism to ensure this.

Zeroing it yourself sounds like extreme paranoia to me. Reminds me of people who save callee-saved registers "just to be sure" before every API call.

There was another meme with someone checking same result again later "just in case it changed" (even though it was a stack variable, and likely even optimized out by the compiler).
Post 03 Mar 2024, 15:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20627
Location: In your JS exploiting you and your system
revolution 03 Mar 2024, 16:43
BSS is a name you can give to a section. It doesn't mean it automatically has various flags and whatnot associated with it.

But regardless, not all OSes honour all the flags. That is why I say you can't trust it. If the user runs the code in Win95 or DOS then it sucks to be them I guess. They should have been running the latest and greatest spying OS Win11, right?

If ensuring it is zeroed is "extreme paranoia" then so what? It takes probably a few microseconds to make sure the code simply works without having to place arbitrary restrictions upon which OS the user is permitted to run.
Post 03 Mar 2024, 16:43
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.