flat assembler
Message board for the users of flat assembler.

Index > Main > RB directive - Reserved Data (was "Reverse Data?")

Author
Thread Post new topic Reply to topic
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Code:
example rb 1024    
What is reverse data?
Why should I use it?
When should I use it?

Thank you.

(PS: My Antivir alerts for virus when I try to compile some amount of reverse data (like more than 60 bytes)).

EDIT by DOS386 : corrected and enhanced subject

_________________
Sorry if bad english.
Post 27 Dec 2009, 15:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
rb - reserve byte(s)

PS: Time to delete your AV
Post 27 Dec 2009, 15:14
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
revolution wrote:
rb - reserve byte(s)

Yeh, I just want to know 'why' and 'when'. Smile

Quote:
PS: Time to delete your AV

lol revolution, you already said that to me before, haha. But there is something wrong, bc some apps have reverse data and my antivir doesn't alerts. Only if I compile it alerts Confused

_________________
Sorry if bad english.
Post 27 Dec 2009, 15:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
reserve, not "reverse". Do you see the difference?
Post 27 Dec 2009, 15:26
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
You reserve space in your code or data. Presumably to put something there later at runtime.
Post 27 Dec 2009, 15:28
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
OMG, i did read everything wrong all times. Shocked
Sorry Confused

_________________
Sorry if bad english.
Post 27 Dec 2009, 15:32
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
man, I can't believe that! wow...

please delete this topic, i feel ashamed. lol haha
Post 27 Dec 2009, 15:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
Must have been a brain fart.
Post 27 Dec 2009, 15:42
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
oh well.. Smile

so
Code:
example rb 10    
=
Code:
example db 10 dup ?    
?
Post 27 Dec 2009, 17:40
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Quote:
(PS: My Antivir alerts for virus when I try to compile some amount of reverse data (like more than 60 bytes)).

I found it! When I change sections order the AV alerts Confused

Virus alert:
Code:
format PE GUI 4.0
entry _start

    include 'win32a.inc'

section '.data' data readable writeable ; <- data at top

       example rb 1024  ; !!!!!!!!!!!! virus alert.......... !!!!!!!!!!!!

section '.text' code readable executable

_start:
        invoke  ExitProcess, 0

section '.idata' import data readable writeable

    library kernel32,'KERNEL32.DLL', user32,'USER32.DLL'

    include 'api\user32.inc'
    include 'api\kernel32.inc'    


NO virus alert:
Code:
format PE GUI 4.0
entry _start

    include 'win32a.inc'

section '.text' code readable executable

_start:
        invoke  ExitProcess, 0

section '.data' data readable writeable ; <- data at bottom

       example rb 1024  ; !!!!!!!!!!!! NO virus alert.......... !!!!!!!!!!!!

section '.idata' import data readable writeable

    library kernel32,'KERNEL32.DLL', user32,'USER32.DLL'

    include 'api\user32.inc'
    include 'api\kernel32.inc'    
Post 27 Dec 2009, 18:11
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
Also...
Code:
section '.idata' import data readable writeable    

No need for writeable there...
Funny that fasm examples have it...
Post 27 Dec 2009, 20:18
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
reserve can be used in an uninitialized section to reserve a given memory (but not initialize it to a given value), it's like allocating that memory.

it doesn't take up size in the executable (on the file) apart from telling it how many bytes to reserve.
Post 27 Dec 2009, 20:48
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
@bitshifter, now you noticed I take the base code from FASM examples (EXAMPLES/TEMPLATE/TEMPLATE.ASM).

Borsuc, good to know that it doesn't increase exe size.
Post 27 Dec 2009, 21:13
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
Teehee wrote:
@bitshifter, now you noticed I take the base code from FASM examples (EXAMPLES/TEMPLATE/TEMPLATE.ASM).

Borsuc, good to know that it doesn't increase exe size.


It WILL increase file size if you put anything after it.

_________________
----> * <---- My star, won HERE
Post 27 Dec 2009, 22:00
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
That's because it will not be put into the uninitialized section anymore.

Right?
Post 27 Dec 2009, 23:05
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
bitshifter wrote:
Also...
Code:
section '.idata' import data readable writeable    

No need for writeable there... Funny that fasm examples have it...


Imports in a PE MUST be writable Shocked but only when loading ... protection is apparently set AFTER hacking the imports Shocked

> reserve can be used in an uninitialized section to reserve a
> given memory (but not initialize it to a given value), it's like
> allocating that memory.

You can avoid rb alltogether (or use it just inside virtual) and hog your memory from the kernel (VirtualAlloc, INT $31, INT $21), or reserve your (not too much) memory on the stack Smile

> (PS: My Antivir alerts for virus when I try to compile some amount
> of reverse data (like more than 60 bytes)).

On the subforum top there is a FAQ having 11 entries about this "problem" ... now 12 Wink

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 28 Dec 2009, 07:57
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.