flat assembler
Message board for the users of flat assembler.

Index > Windows > FASM BUG or WIN64 BUG? when calling MessageBoxA in win64

Author
Thread Post new topic Reply to topic
caoyunbin001



Joined: 21 Jan 2012
Posts: 20
caoyunbin001
I'm a Chinese so forgive me about my poor English.
I'm running fasmw16935 on Microsoft Windows [版本 6.1.7601].
Here, I'll make it simple:
when assemble this:
;=============================
include "win64ax.inc"
.data
szContent db "lalala",0
.code
start:
push 0
push 0

; times 8 push 0
mov rcx,0
mov rdx,szContent
mov r8,0
mov r9,0
call [MessageBox]
invoke ExitProcess,0
.end start
;=============================
runs correctly,and MessageBox is shown.
but when assemble this:
;=============================
include "win64ax.inc"
.data
szContent db "lalala",0
.code
start:
push 0
; push 0

; times 8 push 0
mov rcx,0
mov rdx,szContent
mov r8,0
mov r9,0
call [MessageBox]
invoke ExitProcess,0
.end start
;=============================
I just removed one "push" at the beginning of my program,
it crashed without even a ErrorReport !
Just vanished! Like you didn't ever run it , nothing happens,
no error, no MessageBox, no nothing!
I debugged it, using FDBG, the only runtime-debug tool I can found,
but it's a little hard to use ...


Description: when done with two push, the bug just vanished!
Filesize: 25.61 KB
Viewed: 1104 Time(s)

Win64BugFixed.png


Description: screenshot of what was happing when there is only one push
Filesize: 29.18 KB
Viewed: 1104 Time(s)

Win64Bug.png


Description: sample source code,must be run in win7-64
Download
Filename: jmps.asm
Filesize: 223 Bytes
Downloaded: 46 Time(s)

Post 27 Jan 2012, 07:38
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17248
Location: In your JS exploiting you and your system
revolution
For Windows 64-bit code you must align the stack to 0 mod 16 before calling any API. If you use only one push your stack becomes mis-aligned and the app will crash (as you saw). This is a property of the Windows API interface and is not a problem with fasm. If you need that behaviour changed then talk to Microsoft about it. Wink
Post 27 Jan 2012, 08:38
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 692
Location: Adelaide
sinsi
Shouldn't one push align it? When Windows calls your entry is misaligns by 8 (return address). I think more likely you are not allocating stack space for 'spill', 4 slots on the stack for rcx/rdx/r8/r9 parameters
Post 27 Jan 2012, 09:03
View user's profile Send private message Reply with quote
caoyunbin001



Joined: 21 Jan 2012
Posts: 20
caoyunbin001
yeah, I figured it out later,
I know that it should be aligned,
but a got mislead by the debugger:
it tells me that it's a ACCESS_VIOLATION fault,
somehow not DATA_ALIGNMENT fault,
maybe windows was unable to tell the #AC fault?

there is a solution I found later:
at the beginning : invoke SetErrorMode,0x0004 (will ignore #AC fault)
Post 27 Jan 2012, 10:16
View user's profile Send private message ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 692
Location: Adelaide
sinsi
Look at the macro .code in win64ax.inc, this aligns the stack for you.
So one push misaligns it again.
I would suggest that if you use the include file you should fully use it - invoke instead of mov/mov/call.
Post 27 Jan 2012, 10:48
View user's profile Send private message Reply with quote
caoyunbin001



Joined: 21 Jan 2012
Posts: 20
caoyunbin001
yeah, I just use:
.code
proc start
invoke MessageBox,0,"ccc","ttt",0
endp
.end start

it wont work ,but it will work on win32,
so I simplified the problem to the push problems,
i.e., when using push ebp, the stack misaligned.
Post 27 Jan 2012, 10:57
View user's profile Send private message ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.