flat assembler - [SOLVED] fault address 0x00230178 on x64 is only me?

flat assembler
Message board for the users of flat assembler.

Index > Windows > [SOLVED] fault address 0x00230178 on x64 is only me?

Goto page Previous 1, 2

Author

Thread

Post new topic

Reply to topic

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20700
Location: In your JS exploiting you and your system

revolution 20 Aug 2009, 11:46

Azu wrote:

revolution wrote:
If it is x64 code then you can't use 'push ebx' or 'mov ebx,eax'.
Really?

This compiles fine for me..
Code:
use64
mov ebx,eax    
Is it a bug in FASM? It should say invalid operand?

Well you took my posting out of context, but since you ask, the code that was posted above my post would not have worked with the e register variants in 64bit (long) mode. It would compile fine of course, as you know.

Post

20 Aug 2009, 11:46

Send private message

Visit poster's website

Reply with quote

Azu

Joined: 16 Dec 2008
Posts: 1159

Azu 20 Aug 2009, 11:52

ass0 wrote:

hi,

fault address 0x00230178

i have spend hours in this crap error and i can think is a x64 bug or just my machine bug

try:
Code:
        push    k
   call    [GetModuleHandle]
   mov             ebx,eax 
    
    push    k1
  push    ebx
 call    [GetProcAddress]
    
    k               db 'kernel32.dll',0
       k1              db 'ReadFile',0
    
i've tried with many other funcions: HeapCreate, HeapAlloc, CreateFileA, CloseHandle, ExitProcess, etc. But ReadFile for some reason that i am missing is screwing my day

some hints?

revolution wrote:

Azu wrote:
revolution wrote:
If it is x64 code then you can't use 'push ebx' or 'mov ebx,eax'.
Really?

This compiles fine for me..
Code:
use64
mov ebx,eax    
Is it a bug in FASM? It should say invalid operand?
Well you took my posting out of context, but since you ask

That was your whole post, I didn't take anything out.

revolution wrote:

, the code that was posted above my post would not have worked with the e register variants in 64bit (long) mode. It would compile fine of course, as you know.

??
It wouldn't have compiled, due the push ebx, which like you mentioned is invalid.
The mov ebx,eax in his code should have worked worked fine though.. I have used it in 64bit programs before in similar situations, and it ran fine. Probably because the addresses for windows API functions don't use the upper dword.

Edit: okay.. I added a quote of his post so you can have your context or whatever. Can you make an actual response to my post now please?

Last edited by Azu on 20 Aug 2009, 11:59; edited 1 time in total

Post

20 Aug 2009, 11:52

Send private message

Send e-mail

AIM Address

Yahoo Messenger

MSN Messenger

ICQ Number

Reply with quote

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20700
Location: In your JS exploiting you and your system

revolution 20 Aug 2009, 11:54

It is out of context. That means by putting it somewhere else in this thread then it is not going to make sense, the context was lost.

Post

20 Aug 2009, 11:54

Send private message

Visit poster's website

Reply with quote

Azu

Joined: 16 Dec 2008
Posts: 1159

Azu 20 Aug 2009, 11:59

Context added.

Post

20 Aug 2009, 11:59

Send private message

Send e-mail

AIM Address

Yahoo Messenger

MSN Messenger

ICQ Number

Reply with quote

Borsuc

Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania

Borsuc 20 Aug 2009, 15:34

Just because it ran fine doesn't mean it's guaranteed to run fine. A new version might use APIs with higher addressing.

Post

20 Aug 2009, 15:34

Send private message

Reply with quote

Goto page Previous 1, 2

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.