flat assembler
Message board for the users of flat assembler.

Index > Windows > 64 bit not understood sub rsp,8 !

Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9  Next
Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1853
Roman 22 Dec 2020, 10:20
revolution wrote:
That is normal. What do you find "fanny"?

First easy write small chars.

Second I might write mov dword [],eax but must write DWORD in local.

Its confused.
When you try compile example and get error illegal !
And few seconds thinking what is wrong and what is mean.

And you won't immediately understand: need write big letters.


Last edited by Roman on 22 Dec 2020, 10:23; edited 1 time in total
Post 22 Dec 2020, 10:20
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 737
Ali.Z 22 Dec 2020, 10:23
just change them, your include folder\macro\procXX.inc

_________________
Asm For Wise Humans
Post 22 Dec 2020, 10:23
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1853
Roman 22 Dec 2020, 10:27
Very nice !
Change here.
Aligne there.
Remember here.
Modifi there.
https://i.pinimg.com/originals/4b/5c/77/4b5c77afa8801e33164d8292ace71a3e.gif

When to write my idea and program ? Smile


Last edited by Roman on 22 Dec 2020, 10:30; edited 1 time in total
Post 22 Dec 2020, 10:27
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 737
Ali.Z 22 Dec 2020, 10:30
Roman wrote:
Very nice !
Change here.
Aligne there.
Remember here.
Modifi there.

When to write my idea and program ? Smile


then stop using macros and 64-bit programming.

_________________
Asm For Wise Humans
Post 22 Dec 2020, 10:30
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1853
Roman 22 Dec 2020, 10:32
Unfortunately I can not.
I write Directx 12.
Directx 12 only 64 bits.

And i love registers R8 to R15 and Xmm8 to xmm15
And cmp qword strings
Post 22 Dec 2020, 10:32
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 22 Dec 2020, 10:35
You can also use locals
Code:
proc my_proc
        locals
                my_value dq ?
                other_value dq ?
        endl
        mov     [my_value],rsi
        mov     [other_value],rdi
endp    
Post 22 Dec 2020, 10:35
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 737
Ali.Z 22 Dec 2020, 10:37
Roman wrote:
Unfortunately I can not.
I write Directx 12.
Directx 12 only 64 bits.

And i love registers R8 to R15 and Xmm8 to xmm15
And cmp qword strings


https://docs.microsoft.com/en-us/windows/win32/direct3d12/directx-12-programming-environment-set-up

_________________
Asm For Wise Humans
Post 22 Dec 2020, 10:37
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1853
Roman 22 Dec 2020, 13:07
I start Directx 12 on Windows 7
Microsoft porting DX12 to Win 7
And was only 64 bits dlls for DX12
https://www.nuget.org/packages/Microsoft.Direct3D.D3D12On7

I wrote a lot code for DX12 64 bits for one year.
Post 22 Dec 2020, 13:07
View user's profile Send private message Reply with quote
FlierMate



Joined: 21 Jan 2021
Posts: 219
FlierMate 09 May 2022, 09:06
I saw a member here use:
Code:
and     rsp, not 0xf    


Is it the same as...?
Code:
and     rsp, -16    


I am a bit confused, do we AND or SUB rsp or both? And why are there so many magic values, like 8, 16, 0x20, 0x100...? Are these numbers all working?

Can someone explain? I am yet to migrate to 64-bit Windows programming.
Post 09 May 2022, 09:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 09 May 2022, 09:11
Because of differing entry procedures from various sources it might be unknown what is the stack disposition upon the start of your code.

So to "fix" it you need to align the stack first, else you risk crashes.

One method that always works is this:
Code:
and rsp, -16 ; or "and rsp, not 0x0f", it's the same    
Another method that only works if the stack has been correctly passed on from the OS is this:
Code:
push rbp ; to assist the debugger for stack unwinding    
Or if you don't care about any debugger, and your stack is known to be correct, then you can do this:
Code:
sub rsp,8    
Or
Code:
add rsp,-8    
All of these are required because OSes like Windows enforce stack alignment when you call the API functions.

If you want your code to run, align the stack.
If you want to risk "random" crashes, don't align. Razz

I recommend the first. It always works. Some debuggers might complain though, so your choice.
Post 09 May 2022, 09:11
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1044
Location: Russia
macomics 09 May 2022, 09:51
Quote:
Code:
sub rsp,8        
Or
Code:
add rsp,-8        
Code:
push 8    
or
Code:
push rax    
Post 09 May 2022, 09:51
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 09 May 2022, 10:21
If you are going to use push, then make it RBP IMO. Lose nothing, gain potential debugger support.
Post 09 May 2022, 10:21
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1044
Location: Russia
macomics 09 May 2022, 13:37
revolution wrote:
If you are going to use push, then make it RBP IMO. Lose nothing, gain potential debugger support.
revolution: Or if you don't care about any debugger, and your stack is known to be correct, then you can do this:
Post 09 May 2022, 13:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 09 May 2022, 13:42
Just because you can do something, doesn't mean it is better.

You can also do this:
Code:
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1    
But I wouldn't recommend it.
Post 09 May 2022, 13:42
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 10 May 2022, 05:10
Or maybe this:
Code:
.try:
  test rsp, 0x000000000000000f
  jz .aligned
  lea rsp, [rsp - 1]
  jmp .try
.aligned:    
Razz
Post 10 May 2022, 05:10
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4081
Location: vpcmpistri
bitRAKE 10 May 2022, 07:28
With larger data types or even just cache line aware leaf functions - it's useful to understand different techniques to get to a machine state that works for the needs of the code. My favorite is:
Code:
MyFunction:
        .STACK_ALIGNMENT := 128
        assert .STACK_ALIGNMENT > 0 \
        & (.STACK_ALIGNMENT and (.STACK_ALIGNMENT - 1)) = 0

        .FRAME := 1024 ; local data storage space needed
        enter .STACK_ALIGNMENT + .FRAME,0
        and rsp,-.STACK_ALIGNMENT


        ; Reference aligned data types from RSP,
        ; and/or unaligned local storage from RBP.


        leave ; restore ambiguous RSP
        retn    
... this is mainly because I am so lazy - I want the greatest number of features with the least amount of code - to cut-n-paste it when ever needed.

There are many reasons the stack could be unaligned in 64-bit windows: programs that don't use a common convention of alignment, use of external libraries that don't respect an alignment convention, etc.

(If we doubted our own work, the ENTER instruction could be overloaded with a macro that provided detailed debug info when we have failed to align the stack at runtime.)

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 10 May 2022, 07:28
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2572
Furs 10 May 2022, 13:11
revolution wrote:
Just because you can do something, doesn't mean it is better.

You can also do this:
Code:
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1
sub rsp, 1    
But I wouldn't recommend it.
This is actually bad more than just being silly, since if an exception happens between any of those instructions, it will be misaligned and probably crash. For example, when debugging (but any app could do this).
Post 10 May 2022, 13:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 10 May 2022, 15:02
External exceptions (like from a debugger, or a task switch) should be immune the anything the app does with it's stack. It's actually possible to use RSP as a GP register if you want to, it really works, just don't try PUSH/POP/CALL/RET. You can use a fixed memory address to store the RSP value and restore when you are done.

Only the internally generated exceptions, with an internal handler, should be where a bad RSP may be a problem.
Post 10 May 2022, 15:02
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1044
Location: Russia
macomics 10 May 2022, 15:17
revolution wrote:
External exceptions (like from a debugger,
If the debugger glues the flippers together from this, then to hell with it. Nothing to debug somebody else's code.
Post 10 May 2022, 15:17
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2572
Furs 11 May 2022, 11:53
revolution wrote:
External exceptions (like from a debugger, or a task switch) should be immune the anything the app does with it's stack.
And where do you think the exception struct and exception handler's return address are pushed when such exception happens?

Task switch is a separate matter since that's not even an exception raised for the app. It's completely unaware of it. I wasn't talking about that.
Post 11 May 2022, 11:53
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.