flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > [fixed] Using 32-bit registers in fastcall

Author
Thread Post new topic Reply to topic
magicSqr



Joined: 27 Aug 2011
Posts: 105
magicSqr 28 Oct 2013, 00:06
Hi,

SetFilePointer seems to accept both 32-bit and 64-bit values for the lDistanceToMove member. This doesn't always work though...

Code:
format PE64 console
entry start

include '%fasminc%\win64a.inc'

section '.text' code readable executable

    start:

        invoke  CreateFile, tmpFile, GENERIC_READ+GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL
        mov     [tmpHnd], rax
        invoke  SetFilePointer, [tmpHnd], ebx, [pointerHi], FILE_BEGIN          ; ebx is 32 bit
        invoke  SetFilePointer, [tmpHnd], r12, [pointerHi], FILE_BEGIN          ; r12 is 64 bit
        invoke  CloseHandle, [tmpHnd]
        invoke  ExitProcess, 0

;**************************************************************************************************
section '.data' data readable writeable

tmpFile         db "tmpFile.dat", 00
tmpHnd          dq ?
pointerHi       dq ?

;**************************************************************************************************


section '.idata' import data readable writeable

library user32, 'user32.dll',\
        kernel32, 'kernel32.dll'

include '%fasminc%\api\Kernel32.inc'
include '%fasminc%\api\User32.inc'
    


The above compiles fine and checking the disassembly it gives the following output for the relevant parameters in the relevant lines...

Code:
mov     edx, ebx      (32-bit)
    


and

Code:
mov   rdx, r12         (64-bit)
    


but if either the ebx or r12 is replaced by r12d, the code will not compile, even though r12d is 32-bit.

Can anyone explain what's happening here?

Thanks

magic²
Post 28 Oct 2013, 00:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 28 Oct 2013, 01:09
The problem is in PROC64.INC
Code:
        virtual
         origin = $
         inc param
         load opcode byte from origin
         if opcode = 67h
          load opcode byte from origin+1
         end if
         if opcode and 0F8h = 48h
          size@param = 8
         else if opcode = 66h
          size@param = 2
         else if opcode = 0FFh
          size@param = 4
         else
          size@param = 1
         end if
        end virtual    
If "param" is r12d the binary is 0x41,0xff,0xc4 and that section of code decides that size@param is 1.

I will sticky this because it is a bug in the macros.
Post 28 Oct 2013, 01:09
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 28 Oct 2013, 08:59
I updated the development package with a correction to the macro. Please try it.
Post 28 Oct 2013, 08:59
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 31 Oct 2013, 12:04
I tested with this ...
Code:
include 'win64ax.inc'
label t qword

invoke t,al
invoke t,bl
invoke t,cl
invoke t,dl
invoke t,ah
invoke t,bh
invoke t,ch
invoke t,dh
invoke t,sil
invoke t,dil
invoke t,spl
invoke t,bpl
invoke t,r8b
invoke t,r9b
invoke t,r10b
invoke t,r11b
invoke t,r12b
invoke t,r13b
invoke t,r14b
invoke t,r15b
invoke t,ax
invoke t,bx
invoke t,cx
invoke t,dx
invoke t,si
invoke t,di
invoke t,sp
invoke t,bp
invoke t,r8w
invoke t,r9w
invoke t,r10w
invoke t,r11w
invoke t,r12w
invoke t,r13w
invoke t,r14w
invoke t,r15w
invoke t,eax
invoke t,ebx
invoke t,ecx
invoke t,edx
invoke t,esi
invoke t,edi
invoke t,esp
invoke t,ebp
invoke t,r8d
invoke t,r9d
invoke t,r10d
invoke t,r11d
invoke t,r12d
invoke t,r13d
invoke t,r14d
invoke t,r15d
invoke t,rax
invoke t,rbx
invoke t,rcx
invoke t,rdx
invoke t,rsi
invoke t,rdi
invoke t,rsp
invoke t,rbp
invoke t,r8
invoke t,r9
invoke t,r10
invoke t,r11
invoke t,r12
invoke t,r13
invoke t,r14
invoke t,r15    
... and all seemed fine.
Post 31 Oct 2013, 12:04
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.