flat assembler
Message board for the users of flat assembler.

Index > Main > [64-bit] Push and dword directive problems?

Author
Thread Post new topic Reply to topic
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 28 Sep 2016, 11:56
My question is how to specify the length of the IMM?

Code:
jack@JACK-PC MINGW64 ~/tst
$ cat asm.asm
use32
pushd 0fh
push dword 0fh
use64
pushd 0fh
push dword 0fh


jack@JACK-PC MINGW64 ~/tst
$ fasm asm.asm
flat assembler  version 1.71.57  (1048576 kilobytes memory)
asm.asm [5]:
pushd 0fh
processed: pushd 0fh
error: illegal instruction.

jack@JACK-PC MINGW64 ~/tst
$


jack@JACK-PC MINGW64 ~/tst
$ cat asm.asm
use32
push dword 0fh
use64
push dword 0fh


jack@JACK-PC MINGW64 ~/tst
$ fasm asm.asm
flat assembler  version 1.71.57  (1048576 kilobytes memory)
asm.asm [4]:
push dword 0fh
processed: push dword 0fh
error: illegal instruction.



jack@JACK-PC MINGW64 ~/tst
$ cat asm.asm
use32
push 0fh
use64
push 0fh


jack@JACK-PC MINGW64 ~/tst
$ fasm asm.asm
flat assembler  version 1.71.57  (1048576 kilobytes memory)
1 passes, 4 bytes.

jack@JACK-PC MINGW64 ~/tst
$ hexdump.exe -C asm.bin
00000000  6a 0f 6a 0f                                       |j.j.|
00000004    
[/code]


Description:
Filesize: 115.94 KB
Viewed: 13174 Time(s)

捕获.JPG




Last edited by jiangfasm on 28 Sep 2016, 14:09; edited 1 time in total
Post 28 Sep 2016, 11:56
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 28 Sep 2016, 13:39
In 64-bit code there is no dword push encoding. Try with "push qword 0xf" instead, or don't put any size prefix and let fasm figure out the size.
Post 28 Sep 2016, 13:39
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 28 Sep 2016, 13:42
And also use the
Code:
[code][/code]    
tags to enclose your code. This will make it much more readable and will provide more precise answers. For example:
Code:
jack@JACK-PC MINGW64 ~/tst
$ cat asm.asm
use32
pushd 0fh
push dword 0fh
use64
pushd 0fh
push dword 0fh     
Post 28 Sep 2016, 13:42
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 28 Sep 2016, 14:12
JohnFound wrote:
And also use the
Code:
[code][/code]    
tags to enclose your code. This will make it much more readable and will provide more precise answers. For example:
Code:
jack@JACK-PC MINGW64 ~/tst
$ cat asm.asm
use32
pushd 0fh
push dword 0fh
use64
pushd 0fh
push dword 0fh     


I corrected the
Post 28 Sep 2016, 14:12
View user's profile Send private message Visit poster's website Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 28 Sep 2016, 14:16
revolution wrote:
In 64-bit code there is no dword push encoding. Try with "push qword 0xf" instead, or don't put any size prefix and let fasm figure out the size.


Sounds strange!
Imm32 is 32bit, but to use the QWORD instead of DWORD, I misunderstood bug.
Post 28 Sep 2016, 14:16
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 28 Sep 2016, 14:32
The constant is encoded as as 32-bit signed value that expands to 64-bit when executed. For example you cannot encode 0x80000000 as an immediate value because it will get expanded to 0xffffffff80000000 when pushed.

push 0xFFFFFFFF80000000 <--- okay
push 0x0000000080000000 <--- not encodable
Post 28 Sep 2016, 14:32
View user's profile Send private message Visit poster's website Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 29 Sep 2016, 00:29
revolution wrote:
The constant is encoded as as 32-bit signed value that expands to 64-bit when executed. For example you cannot encode 0x80000000 as an immediate value because it will get expanded to 0xffffffff80000000 when pushed.

push 0xFFFFFFFF80000000 <--- okay
push 0x0000000080000000 <--- not encodable


Looks awkward, but thank you! I learn from you!
Post 29 Sep 2016, 00:29
View user's profile Send private message Visit poster's website Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 29 Sep 2016, 15:46
In 64-bit code there is no dword push encoding but you can use double "push word"
Code:
use64
push word 1234h ;\ push dword 12345678h
push word 5678h ;/
    

_________________
smaller is better
Post 29 Sep 2016, 15:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 29 Sep 2016, 16:02
CandyMan wrote:
In 64-bit code there is no dword push encoding but you can use double "push word"
Code:
use64
push word 1234h ;\ push dword 12345678h
push word 5678h ;/
    
But now you can't pop it.

IIRC (sorry too lazy to find it right now) but I expect a subsequent push will crash your program because of the unaligned RSP. The RSP alignment requirements will bite you.
Post 29 Sep 2016, 16:02
View user's profile Send private message Visit poster's website Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 29 Sep 2016, 16:20
you are right
Code:
push [Value] ; how to push not encodable immediate values
...
Value   dq 0x00000000_80000000
    

_________________
smaller is better
Post 29 Sep 2016, 16:20
View user's profile Send private message Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 01 Oct 2016, 12:48
CandyMan wrote:
you are right
Code:
push [Value] ; how to push not encodable immediate values
...
Value   dq 0x00000000_80000000
    


Description: push 0fh ; rsp = f888
Filesize: 54.91 KB
Viewed: 13031 Time(s)

捕获.JPG


Description: pop rax; rsp = f880
Filesize: 54.1 KB
Viewed: 13031 Time(s)

捕获1.JPG


Post 01 Oct 2016, 12:48
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 01 Oct 2016, 12:52
jiangfasm: What are you trying to say/ask?
Post 01 Oct 2016, 12:52
View user's profile Send private message Visit poster's website Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 03 Oct 2016, 06:43
revolution wrote:
jiangfasm: What are you trying to say/ask?

( fasm ) I think dword directive is modified imm32, now I see is modified, the operand size. Through communication with you to determine this is not a bug in fasm, but also how the fasm works
Post 03 Oct 2016, 06:43
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 03 Oct 2016, 07:36
jiangfasm: I think firstly we should establish that 'dword' is a size override, not a directive. There is a difference there so I am not just pointing this out to be pedenatic, just to be sure we are talking about the same thing.

So, when you put a 'dword' size override then fasm will try to encode an instruction that results in a dword value that is pushed to the stack. But in 64-bit mode there is no such instruction that exists to do that, so you get an error. This is not a bug, it is intended behaviour.

Putting 'dword' does not indicate the instruction encoding detail (i.e. it does not mean "use a dword encoding"), but instead it indicates the destination size (i.e. it means push a dword to the stack).
Post 03 Oct 2016, 07:36
View user's profile Send private message Visit poster's website Reply with quote
jiangfasm



Joined: 08 Mar 2015
Posts: 60
jiangfasm 03 Oct 2016, 14:50
revolution wrote:
jiangfasm: I think firstly we should establish that 'dword' is a size override, not a directive. There is a difference there so I am not just pointing this out to be pedenatic, just to be sure we are talking about the same thing.

So, when you put a 'dword' size override then fasm will try to encode an instruction that results in a dword value that is pushed to the stack. But in 64-bit mode there is no such instruction that exists to do that, so you get an error. This is not a bug, it is intended behaviour.

Putting 'dword' does not indicate the instruction encoding detail (i.e. it does not mean "use a dword encoding"), but instead it indicates the destination size (i.e. it means push a dword to the stack).


"it is intended behaviour."
Thank you, there would be many don't understand, to ask you, I learn from you!
Post 03 Oct 2016, 14:50
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.