flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > An 'f' in the binary assembler output [Solved. I'm dumb]
Author
Thread Post new topic Reply to topic
z0rberg



Joined: 04 Dec 2016
Posts: 2
z0rberg 04 Dec 2016, 20:00
Greetings!

I have a weird issue I don't understand and this is probably the only place left where I can ask. To save on typing, let me first refer to this thread I've made on reddit:

https://www.reddit.com/r/asm/comments/5gfuct/execute_fasm_output_in_ram_in_python_how

I'd like to ask you to read through the initial post and the comments, but will explain it here again as well.

My issue - which is a guess - seems to be an "f" in the binary assembler output, but I'm not actually sure. I'm using fasm.dll and pyfasm. I've tried fasm.exe and I've also tried nasm and they all give me an "f" in the bytecode as output.

"Éf©90 ├"

For those like me who can't read binary: "nop; mov eax,12345; ret"

Someone in the thread suggested that the "f" doesn't seem to belong there. I've crosschecked with a python based assembler I've found on github, pyasm2, and funnily enough this "f" isn't in the output. But what's even more funny is that the code works! Unlike the one with the "f". Sadly I can't use pyasm2, because for some reason whenever I drop a label it excepts with a "privileged instruction" error I didn't manage to figure out.

Anyhow ... it makes no sense. All I want to do is generate binary code, jump to it, and continue python. Pycca and pyasm2 both work, but both have other bugs, or lack instructions, so I thought I'd seek a different way and found fasm.dll, which seems perfect ... but doesn't work as I think it should!


Is there anything you know that I can do? Maybe I'm missing something? Where does that "f" come from? Why isn't it there in pyasm2's output, yet pyasm2's output actually works?

Why? I'm desperate ....


Thank you for your time and patience.


Last edited by z0rberg on 04 Dec 2016, 20:10; edited 1 time in total
Post 04 Dec 2016, 20:00
View user's profile Send private message Reply with quote
z0rberg



Joined: 04 Dec 2016
Posts: 2
z0rberg 04 Dec 2016, 20:08
Well, ain't I stupid.

The person no reddit figured it out.

The "f" stands for 0x66h. It's that prefix I've used extensively back in the DOS days when I was programming assembler in pascal. It made 32bit reps possible. Apparently I needed to add "use32" to generate 32bit assembler output, because 16bit was standard... which I would have never guessed.

I feel so incredibly stupid now ... and please accept my apology. :/

I haven't touched assembler in over 20 years....


Thank you for your great product and time reading this.
Post 04 Dec 2016, 20:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20520
Location: In your JS exploiting you and your system
revolution 04 Dec 2016, 22:25
Yes, by default fasm starts in 16 bit mode.

A disassembler should have shown this, and even better a debugger would have made it clear that the opsize prefix was in effect.
Post 04 Dec 2016, 22:25
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.