flat assembler
Message board for the users of flat assembler.

Index > Windows > Beginners Question..

Goto page Previous  1, 2, 3  Next
Author
Thread Post new topic Reply to topic
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all...

wonder if I can get a brief description of whats happening here...

The code is..... Push [Flags]

the debuggers says......Push DWORD PTR DS:[402000]


I think PTR has to do with what the dbugger recognises....

But when Flags is pushed.....is this the Flags register....or some other variable that has been given the name Flags dd ? as shown in the data section.
Post 24 Dec 2009, 11:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
You have pushed a variable stored in RAM.

To push the CPU flags register (EFLAGS) use this:
Code:
pushfd    
Post 24 Dec 2009, 12:46
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2915
Location: [RSP+8*5]
bitRAKE
The dialect used by OlyDbg is slightly different than FASM. PTR isn't required by FASM - helps eliminate abiguity / redundancy / confusion. Additionally, the DS: segment specifier is the default - making the explicit syntax redundant (iirc, an option exists to turn them off). Numbers in brackets are addresses used to access data - sometimes referred to as indirect addressing. Conversely, if the data was used directly "PUSH 402000", that is direct addressing - immediate data.
Post 27 Dec 2009, 07:29
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> the debuggers says......Push DWORD PTR DS:[402000]
> I think PTR has to do with what the dbugger recognises....

NO. It has to do with dbugger author not knowing FASM.

Code:
   PUSH DWORD [$0040'2000]
    


is what a FASM disassembler would output Wink

Code:
   PUSH DWORD [BLAH] 
    


is what you more likely would find in the source, or even something like Invoke ...

> You input the number in base 10(decimal), but fasm converts it to base 16(hex)

NO. FASM defaults to DEC (if no "$" or "0x" or "h" is used) while the dbugger uses HEX without any "decoration".

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 28 Dec 2009, 07:42
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
HI ....thanks for the replies..

I get the general idea of what your talking about regarding the dbugger...


Now for another question.....

How do you know what register is being affected by using Invoke or some other function....besides using the dbugger to see....is there information on this.....

for example ..does using invoke return something to the EAX register in every case...

Hope everyone is enjoying the Holiday period...
Post 29 Dec 2009, 10:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Jmac: Windows uses the stdcall (except wsprint which uses ccall) convention for register reservation and corruption and stack restoration.

ebx, esi, edi, ebp always preserved. Others liable for corruption.

Result always returned in eax.
Post 29 Dec 2009, 11:27
View user's profile Send private message Visit poster's website Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi..

Thanks for the quick reply.....I know it sounded like a simple question, but I could not find the answer anywhere ...official places anyway..
Post 29 Dec 2009, 11:39
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all....

This has probably been asked before....

I was looking at the "TEMPLATE for program using standard Win32 headers"..... and tried it in a win95 laptop..

I came up with an error...thats worked into the Template...."Startup Failed"

I changed the header from Win32w.inc To Win32a.inc and now no error.

Just wondering would this change effect anything else......I thought they were basically interchangeable...
Post 14 Jan 2010, 01:57
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all..

Need a little help with a loop...

the idea I am working with is an adjustable Pulse. with a fixed total width.

I dont see any delay using what I have in code....?

trying to get it working so I can see the delay using a messagebox...this will change when I have it working..

Code:
     .dly:
                    sub[SSTP], 1      ;  sstp is a fixed number
                    mov ecx,  [SSTP]
                    cmp ecx, [PWH]      ; PWH will be an adjustable number
                    jnz  .dly
                    jmp  .error               :this jmps to the messageBox     
Post 20 Jan 2010, 06:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
What sort of pulse widths are you wanting? micro seconds, milliseconds, seconds, more? Are you programming for just you or for lots of users?

If just you then you can use the time stamp counter for very small delays. If you are programming for lots of users then you can use the Windows API QueryPerformanceCounter for slightly longer delays. Or you can use the GetTickCount for longer delays.

For delays longer than 10ms best would be Sleep, but it does not have good jitter performance. It depends upon how accurate and the length of delay you need. You have to define your problem further.
Post 20 Jan 2010, 07:15
View user's profile Send private message Visit poster's website Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi

Thanks for the reply.....it is only for me...not even close to being able to do stuff for others..

well I have not heard of those options you mention so I will investigate those...and read up...
Post 20 Jan 2010, 07:22
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi all

I am doing the reading on the functions that were mentioned by revolution.

but in the mean time....as I am still trying to learn this stuff...can someone give me an idea why the computer basically locks up when I was looking at something like this code..

Code:
         .dly_Main:
                            sub [SSM] ,1
                            mov ecx,[SSM]
                            cmp ecx,[PWH]  ; the idea here was to adjust the loop
                            ja .dly
                            jmp error      ; just a jump to a messageBox

                       .dly
                          sub [SSTP], 1
                          mov ecx, [SSTP]
                          cmp ecx, 0
                          jnz  .dly
                          jmp .dly_Main     
Post 21 Jan 2010, 04:55
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Jmac wrote:
... give me an idea why the computer basically locks up ...
After the first delay the value in SSTP is 0. This mean every subsequent loop is 2^32 iterations. You need to reload the value in SSTP after each loop. Perhaps better to keep the loop counter in registers and never change the values stored in memory.
Code:
  mov ecx,[SSM]
.dly_Main:
  dec ecx
  cmp ecx,[PWH]
  jbe error
  mov eax,[SSTP]
.dly:
  dec eax
  jnz .dly
  jmp .dly_Main    
Post 21 Jan 2010, 05:10
View user's profile Send private message Visit poster's website Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi..



Ok I thought about the reloading thing somewhere while I was looking into this....not sure where I lost it....hehe
Post 21 Jan 2010, 05:18
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all...

So the question was coming sooner or later...

how do you keep button control of a program while the program is doing other things......as in Stop doing what it is doing and wait..
Post 26 Jan 2010, 09:51
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Jmac,

Program UI remains responsive iff messages are processed (i.e. there are GetMessage/PeekMessage and DispatchMessage calls somewhere in the running code). This can be achieved by several methods:

1. Intersperse long sequence with PeekMessage and DispatchMessage calls. Remember that DispatchMessage doesn't return until window procedure finishes processing.

2. Create separate thread to do the work and keep UI thread running.

3. Use thread pooling. Almost the same as (2): QueueUserWorkItem uses thread from a pool of worker threads that are managed by the system.
Post 26 Jan 2010, 11:00
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi

Ok thanks for that....gives me something to look into...

the new thread idea sounds interesting..
Post 26 Jan 2010, 11:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Set your worker threads to a lower priority than the UI thread.
Post 26 Jan 2010, 12:59
View user's profile Send private message Visit poster's website Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi....


first I need to find something that shows me about these threads and how to create one into a program.....

I think I have mentioned before that there is a serious lack of examples and such regarding ASM and practical uses.....BUT still looking...lol
Post 26 Jan 2010, 13:19
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Post 26 Jan 2010, 13:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.