flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > unexpected code

Author
Thread Post new topic Reply to topic
Corsair59



Joined: 23 May 2016
Posts: 2
Corsair59 07 Nov 2016, 08:24
I was testing some disassemblers and used fasmw17157. I noticed the code right after the exitprocess instruction was supposed to push several values and call instruction, then push several registers. What I found is nothing of the sort.


end_loop:
invoke ExitProcess,[msg.wParam]

proc MainWindow hwnd,wmsg,wparam,lparam
push ebx esi edi
;--------------------------------------------------

call dword ptr [exitprocess]
push ebp
mov ebp,esp
push ebx
push esi
push edi


several confirmations prompted me to point this out.
I'm just getting back into assembly programming again, so maybe the assembler knows something I don't.
Post 07 Nov 2016, 08:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 07 Nov 2016, 09:27
Immediately after the call to ExitProcess the next procedure "MainWindow" begins. That is exactly what you coded. If you put an intervening instruction like int3 you would see where the function begins.
Code:
end_loop:
invoke ExitProcess,[msg.wParam]

int3

proc MainWindow hwnd,wmsg,wparam,lparam
push ebx esi edi     
Post 07 Nov 2016, 09:27
View user's profile Send private message Visit poster's website Reply with quote
Corsair59



Joined: 23 May 2016
Posts: 2
Corsair59 07 Nov 2016, 10:18
The upper code is from the fasmw.asm file. below the dotted line is what was generated. note that the data pushes and procedure call are absent. exit process and the register pushes frame the abhorrent code. the push and move instructions were not supposed to be there. You can check this yourself by matching the fasmw.asm file with the disassembled program. this was 1.71.57 new release.
Post 07 Nov 2016, 10:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 07 Nov 2016, 10:33
AFAIKT everything is there as you coded:
Code:
invoke ExitProcess,[msg.wParam]                 ;push dword ptr [msg.wParam]
                                                ;call dword ptr [exitprocess]

proc MainWindow hwnd,wmsg,wparam,lparam         ;push ebp
                                                ;mov ebp,esp

push ebx esi edi                                ;push ebx
                                                ;push esi
                                                ;push edi    
Post 07 Nov 2016, 10:33
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.