flat assembler
Message board for the users of flat assembler.

Index > Windows > question about files

Author
Thread Post new topic Reply to topic
Ali.Z



Joined: 08 Jan 2018
Posts: 716
Ali.Z 15 Jul 2018, 00:50
i want to read specific bytes from specific offsets in a file.

i know for sure i can use "GetFileSize" to get how large is the file and then "ReadFile" and pass the file size to load the full file in my program.
and read as many bytes as i want and from offsets i want.

but im not looking for this way, i know files in my SSD have pointers.
when i want to open a .txt file the OS will search for the pointer to this file and load from SSD.

the question is how to get the file pointer, im thinking if its possible to get the file pointer and do like this:

Code:
mov eax,[FilePointer]   ; file pointer
mov eax,[eax+5]   ; move 4 bytes after offset 5
mov [SomeData],eax   ; store the data    

i know im missing some stuff, and there are some gaps that must be filled with knowledge!

_________________
Asm For Wise Humans
Post 15 Jul 2018, 00:50
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 15 Jul 2018, 07:58
You seem to be missing knowledge about file systems. SSDs are external devices from CPU’s perspective and they don’t share addressing space with RAM (unless you specifically setup some kind of DMA-like mechanism (if any SSD in the whole world would ever supports it) or pretend you have such a mechanism by emulating it with memory-mapped files). Anyway, you have a 32-bit pointer (in your example) which limits you to 4 GB. I doubt your SSD is so small.
Post 15 Jul 2018, 07:58
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 15 Jul 2018, 08:53
DimonSoft wrote:
unless you specifically setup some kind of DMA-like mechanism (if any SSD in the whole world would ever supports it)
Nowadays this is a DAX mechanism (also supported by Windows), and while it looks like a memory mapped file, there is no intermediary, the addresses are mapped directly to the device I/O. Still, this won't work with just any SSD, the drive must be specifically set up for DAX.
Post 15 Jul 2018, 08:53
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 716
Ali.Z 15 Jul 2018, 09:14
okay, then how would the OS load a file when there is no pointer points to the current location of clusters / sector that have the file and file data.
Post 15 Jul 2018, 09:14
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 15 Jul 2018, 09:27
External devices read and write data to and from RAM through the I/O mechanisms. A normal user mode process doesn't have any privilege to directly do I/O operations.
Post 15 Jul 2018, 09:27
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 716
Ali.Z 15 Jul 2018, 23:58
okay thanks guys, now i really hate user mode ):
Post 15 Jul 2018, 23:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 16 Jul 2018, 00:25
Elevate yourself to SYSTEM privilege and then you can do anything you want.
Post 16 Jul 2018, 00:25
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 716
Ali.Z 16 Jul 2018, 05:01
true, but im missing knowledge rev.
there are lot of things i dont know about, i even dont know boot process .. what load firsts and next.

compiling a device driver using fasm not a hard task just PE native and you are done, but what about functions that a .sys must have. (i know most device drivers communicate with ntdll, hal.dll, ntoskrnl.exe)
but does these modules have everything i need? (and what are the abilities i can perform) and how would my .sys communicate with my .exe or .dll? because .dll and .exe runs in usermode using usermode thread, and .sys runs in kernelmode so calling a function in my .sys from my .dll or .exe will result access violation.

excuse me tho, no one taught anything about computers, hardware, software. (no school no institute nor university)

everything i know is from reading documents on internet. (it took over 15 years to understand)

sorry im not talking it personal, im just trying to say every single information i know is from internet .. and not everything i need is available in this network.
Post 16 Jul 2018, 05:01
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.