flat assembler
Message board for the users of flat assembler.

Index > Main > I have a question about re positioning code (PIC)

Author
Thread Post new topic Reply to topic
sid123



Joined: 30 Jul 2013
Posts: 340
Location: Asia, Singapore
sid123
Hello,
I am right now trying to reposition my kernel to 32MB (just for fun) so I use the
code below:
Code:
format MZ
;; real mode code
......
;; okay copy the code
                mov esi, next_code
                mov ecx, [kernel_32_size]
                mov edi, KERNEL_PHYSICAL_REMAP
                rep movsb
                jmp CODE_SEL:KERNEL_PHYSICAL_REMAP
next_code:
......
;; code
;; code 
;; code 
;; code
;; code
;; end of code
kernel_32_size: dd $ - next_code    

It works. Shocked
Now this has left me wondering how did FASM knew that the code after next_code is at 32MB? As I see it, position independent code is only possible in 64-bit (with RIP-addressing), or am I missing something?
I guess it's the work of DOS-MZ format which produces relocatable code.
I hope people would clear my misunderstanding.

_________________
"Those who can make you believe in absurdities can make you commit atrocities" -- Voltaire https://github.com/Benderx2/R3X
XD
Post 06 Apr 2014, 09:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
I suspect you are still referencing your variables in low memory. So when you say "it works" I think that means it woks as long a you don't overwrite the variables in low memory with other stuff.

The call/ret/jcc instructions are always relative so it will only be the data addressing that you need to relocate.

BTW: This is another case of someone not posting all the code, so we can't see what you are doing with your data addressing and we have to guess what you have done. Sad
Post 06 Apr 2014, 09:54
View user's profile Send private message Visit poster's website Reply with quote
sid123



Joined: 30 Jul 2013
Posts: 340
Location: Asia, Singapore
sid123
Quote:
I suspect you are still referencing your variables in low memory. So when you say "it works" I think that means it woks as long a you don't overwrite the variables in low memory with other stuff.

You got it there.
I tried to clear the low memory and guess what? It triple faulted.
I see. So what should be the solution? Use an ORG? Or is there perhaps a better solution?
I can't use an ORG because I have certain parts that are referenced by both parts that are in low memory as well as the code in high memory (GDT, IDT etc.), using an ORG will cause problems.
And do you want me to post 20,000+ lines of code? Laughing

_________________
"Those who can make you believe in absurdities can make you commit atrocities" -- Voltaire https://github.com/Benderx2/R3X
XD
Post 06 Apr 2014, 10:41
View user's profile Send private message Reply with quote
cod3b453



Joined: 25 Aug 2004
Posts: 619
cod3b453
The easiest way to do this would be re-base you code image automatically [assuming it's constant]:
Code:
                jmp CODE_SEL:KERNEL_PHYSICAL_REMAP 
org KERNEL_PHYSICAL_REMAP 
next_code:    
You can also achieve position independent code in 32bit if you explicitly use a base register [where the implicit RIP would be in 64bit]:
Code:
                jmp CODE_SEL:@f
@@:
jmp edi
next_code:
sub edi,next_code
; ...
mov eax,qword [edi+var]
;...
var dd 0    
Post 06 Apr 2014, 10:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
sid123 wrote:
So what should be the solution? Use an ORG? Or is there perhaps a better solution?
That is why PE files have a relocation section, for just this purpose. Another, less elegant, solution is to use a segment base offset for your kernel segment registers. You can also use something like this:
Code:
call @f
@@: pop ebp
mov eax,[ebp+something] ;<--- this is position independent    
Post 06 Apr 2014, 10:58
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> position independent code is only possible in 64-bit
> (with RIP-addressing), or am I missing something?

YES. 32-bit code itself (jumps and callls) is position independent, absolute addresses are not. But there is a solution, see post above by revo.
Post 21 Apr 2014, 07:58
View user's profile Send private message Reply with quote
sid123



Joined: 30 Jul 2013
Posts: 340
Location: Asia, Singapore
sid123
revolution wrote:
.
You can also use something like this:
Code:
call @f
@@: pop ebp
mov eax,[ebp+something] ;<--- this is position independent    

Sorry for replying late but is it possible to tell FASM to add EBP to all internal references (know that'll cause problems in some cases), but that would make my life easier. Razz

_________________
"Those who can make you believe in absurdities can make you commit atrocities" -- Voltaire https://github.com/Benderx2/R3X
XD
Post 21 Apr 2014, 09:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Something like the following might be useful (not tested):
Code:
        call    var_base
var_base:
        pop     ebp
        mov     eax,[var1]

        align 4
virtual at ebp+($-var_base)
        var1    dd ?
end virtual
        rb      4       ;make sure the var1 space is reserved non-virtually    
You can also make use of structures in a similar way.
Post 21 Apr 2014, 09:14
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4238
Location: 2018
edfed
a virtual assembly langage (based on raw data) can achieve perfectlly the need of repositionnable code.

Code:
Smile
    


and will also be executable on any machine.

means, java needs a jvm, data are always declared in a data section accessed by references (not pointer, but pointers to pointers, double * programming), but other designs are possible.

Code:
mov eax,[[myData]]
    

this addressing mode doesn't exist directlly

Code:
mov eax,[dataRef]
mov eax,[eax]
    
Post 21 Apr 2014, 11:57
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.