flat assembler
Message board for the users of flat assembler.

Index > Windows > 64 bit code procedures

Author
Thread Post new topic Reply to topic
john_25



Joined: 05 Jun 2014
Posts: 5
john_25
just started coding on 64 bit mode and to be honest this is my first time coding in 64 bit.
now i know that in 64 bit procedures are called in fastcall method and this first four parameters are passed in the registers:rcx rdx r8 r9 and rest in reserved stack space.
if i create my own function let's say:

proc GetValue arg1:DWORD,arg2:DWORD,arg3:DWORD,arg4:DWORD,arg5:DWORD

;some code

ret
endp

when i call it:
stdcall GetValue ,dword 1,dword 2,dword 3,dword 4,dword 5

still for the first four parameters uses the rcx rdx r8 r9.
now i know that win64 api requires this but can i design the proc macro in a way that leaves out the registers and use the stack space for the first four parameters just like the rest of the parameters?
i want this for my own created function.
Post 05 Jun 2014, 13:35
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
john_25,

Calling conventions are, by definition, just conventions. Your code have to comply with them if it either calls external functions, or supplies some functions to be called from elsewhere. Inner working of your code is up to you.
Post 05 Jun 2014, 14:16
View user's profile Send private message Reply with quote
john_25



Joined: 05 Jun 2014
Posts: 5
john_25
yeah i know that i can code my own created procedure in the way i want to.

for example this is my function:

proc GetValue arg1:DWORD,arg2:DWORD,arg3:DWORD,arg4:DWORD,arg5:DWORD

;some code

ret
endp

when compiled it produces this code:

00401055 - B9 01000000 - mov ecx,00000001 ; arg1
0040105A - BA 02000000 - mov edx,00000002 ; arg2
0040105F - 41 B8 03000000 - mov r8d,00000003 ; arg3
00401065 - 41 B9 04000000 - mov r9d,00000004 ; arg4
0040106B - C7 44 24 20 05000000 - mov [rsp+20],00000005 ; arg5
00401073 - E8 14000000 - call 0040108C
00401078 - 48 83 C4 30 - add rsp,30

what i wanna know if it's possible to create a macro that passes the first four parameters in the stack and leaves out the rcx rdx r8 and r9 registers?

something like this:

00401055 - B9 01000000 - mov [rsp+40],00000001 ; arg1
0040105A - BA 02000000 - mov [rsp+38],00000002 ; arg2
0040105F - 41 B8 03000000 - mov [rsp+30],00000003 ; arg3
00401065 - 41 B9 04000000 - mov [rsp+28],00000004 ; arg4
0040106B - C7 44 24 20 05000000 - mov [rsp+20],00000005 ; arg5
00401073 - E8 14000000 - call 0040108C
00401078 - 48 83 C4 30 - add rsp,30

something like modified "proc" macro so it leaves out the registers.
is it possible to create such macro that does this?
Post 05 Jun 2014, 14:44
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17276
Location: In your JS exploiting you and your system
revolution
You can modify the existing fastcall macro to ignore all register loads. Maybe something like this (not tested):
Code:
macro john_25_call proc,[arg]
 { common local stackspace,argscount,counter
    if argscount and 1
     stackspace = (argscount+1)*8
    else
     stackspace = argscount*8
    end if
    counter = 0
    if stackspace
     if defined current@frame
      if current@frame<stackspace
       current@frame = stackspace
      end if
     else
      if stackspace
       sub rsp,stackspace
      end if
     end if
    end if
   forward
    counter = counter + 1
    define type@param
    define definition@param arg
    match =float value,definition@param
    \{ define definition@param value
       define type@param float \}
    match =addr value,definition@param
    \{ define definition@param value
       define type@param addr \}
    match any=,any,definition@param
    \{ \local ..string,..continue
       jmp ..continue
       align sizeof.TCHAR
       ..string TCHAR definition@param,0
       ..continue:
       define definition@param ..string
       define type@param addr \}
    match any,definition@param
    \{ match \`any,any
       \\{ \\local ..string,..continue
           jmp ..continue
           align sizeof.TCHAR
           ..string TCHAR definition@param,0
           ..continue:
           define definition@param ..string
           define type@param addr \\} \}
    match param,definition@param
    \{ local opcode,origin
       size@param = 0
       if param eqtype 0 | param eqtype 0f | type@param eq addr
        size@param = 8
       else if param eqtype byte 0 | param eqtype byte 0f
        match prefix value,definition@param
         \\{ if prefix eq qword
              size@param = 8
             else if prefix eq dword
              size@param = 4
             else if prefix eq word
              size@param = 2
             else if prefix eq byte
              size@param = 1
             end if \\}
       else if ~ param in <xmm0,xmm1,xmm2,xmm3,xmm4,xmm5,xmm6,xmm7,xmm8,xmm9,xmm10,xmm11,xmm12,xmm13,xmm14,xmm15>
        virtual
         origin = $
         inc param
         load opcode byte from origin
         if opcode = 67h | opcode = 41h
          load opcode byte from origin+1
         end if
         if opcode and 0F8h = 48h
          size@param = 8
         else if opcode = 66h
          size@param = 2
         else if opcode = 0FFh
          size@param = 4
         else
          size@param = 1
         end if
        end virtual
       end if
         if type@param eq addr
          lea rax,[param]
          mov [rsp+(counter-1)*8],rax
         else if param eqtype [0] | param eqtype byte [0]
          if size@param = 8
           mov rax,param
           mov [rsp+(counter-1)*8],rax
          else if size@param = 4
           mov eax,param
           mov [rsp+(counter-1)*8],eax
          else if size@param = 2
           mov ax,param
           mov [rsp+(counter-1)*8],ax
          else
           mov al,param
           mov [rsp+(counter-1)*8],al
          end if
         else if size@param = 8
          virtual
           origin = $
           mov rax,param
           load opcode byte from origin+1
          end virtual
          if opcode = 0B8h
           mov rax,param
           mov [rsp+(counter-1)*8],rax
          else
           mov qword [rsp+(counter-1)*8],param
          end if
         else if param in <xmm0,xmm1,xmm2,xmm3,xmm4,xmm5,xmm6,xmm7,xmm8,xmm9,xmm10,xmm11,xmm12,xmm13,xmm14,xmm15>
          movq [rsp+(counter-1)*8],param
         else
          mov [rsp+(counter-1)*8],param
         end if \}
   common
    argscount = counter
    call proc
    if stackspace & ~defined current@frame
     add rsp,stackspace
    end if }    
Post 05 Jun 2014, 15:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.