flat assembler
Message board for the users of flat assembler.

Index > Main > Multiple aliases

Author
Thread Post new topic Reply to topic
AE



Joined: 07 Apr 2022
Posts: 70
AE 11 Jan 2023, 01:41
Is it possible to assign multiple names to the same value without generating extra code and using extra memory?

For example, to replace this to something reasonable
Code:
GetCurrentProcess    dq 0xFFFFFFFFFFFFFFFF
NtCurrentProcess     dq 0xFFFFFFFFFFFFFFFF
NtCurrentSilo        dq 0xFFFFFFFFFFFFFFFF
FastPebLock          dq 0xFFFFFFFFFFFFFFFF
    


I believe that this can also be done through 'assume' as suggested in one of my previous questions, but just in case, I want to make sure of this
Post 11 Jan 2023, 01:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 11 Jan 2023, 02:06
All of the four labels have the same address.
Code:
GetCurrentProcess    rq 0
NtCurrentProcess     rq 0
NtCurrentSilo        rq 0
FastPebLock          dq 0xFFFFFFFFFFFFFFFF    
Post 11 Jan 2023, 02:06
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2493
Furs 11 Jan 2023, 14:13
Or you can just literally use normal labels:
Code:
GetCurrentProcess:
NtCurrentProcess:
NtCurrentSilo:
FastPebLock          dq 0xFFFFFFFFFFFFFFFF    
Post 11 Jan 2023, 14:13
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 928
Location: Russia
macomics 11 Jan 2023, 14:48
Furs wrote:
Or you can just literally use normal labels:

But in this case, the labels will not have a size and you will have to specify the qword everywhere when using them.
Post 11 Jan 2023, 14:48
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 11 Jan 2023, 17:05
In fasmg it's possible to define the details of a label in another way - both the location of the label and the size can be specified (with an expression); with code located arbitrarily.
Code:
GetCurrentProcess    dq 0xFFFFFFFFFFFFFFFF

label NtCurrentProcess     :qword at GetCurrentProcess
label NtCurrentSilo        :qword at GetCurrentProcess
label FastPebLock          :qword at GetCurrentProcess    

macomics wrote:
Furs wrote:
Or you can just literally use normal labels:

But in this case, the labels will not have a size and you will have to specify the qword everywhere when using them.
That's not true. Unsized labels allow general use - without any size protection.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 11 Jan 2023, 17:05
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 11 Jan 2023, 17:22
bitRAKE wrote:
In fasmg it's possible to define the details of a label in another way - both the location of the label and the size can be specified (with an expression); with code located arbitrarily.
The same for fasm.
Code:
GetCurrentProcess    dq 0xFFFFFFFFFFFFFFFF

label NtCurrentProcess     qword at GetCurrentProcess
label NtCurrentSilo        qword at GetCurrentProcess
label FastPebLock          qword at GetCurrentProcess    
But without the excess colons. Smile
Post 11 Jan 2023, 17:22
View user's profile Send private message Visit poster's website Reply with quote
AE



Joined: 07 Apr 2022
Posts: 70
AE 11 Jan 2023, 17:24
Thank you!
Post 11 Jan 2023, 17:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 11 Jan 2023, 17:33
bitRAKE wrote:
Unsized labels allow general use - without any size protection.
For the most part, yes. But there are some other cases.
Code:
a:
b db ?
mov [b],2 ; okay
mov [a],2 ; error: operand size not specified.    
Post 11 Jan 2023, 17:33
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 928
Location: Russia
macomics 11 Jan 2023, 19:01
bitRAKE wrote:
That's not true. Unsized labels allow general use - without any size protection.
ok:
Code:
GetCurrentProcess    rq 0
NtCurrentProcess     rq 0
NtCurrentSilo        rq 0
FastPebLock          dq 0xFFFFFFFFFFFFFFFF  

...

and [GetCurrentProcess], 0    
or error
Code:
GetCurrentProcess:
NtCurrentProcess:
NtCurrentSilo:
FastPebLock          dq 0xFFFFFFFFFFFFFFFF

...

and [GetCurrentProcess], 0    
Post 11 Jan 2023, 19:01
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 11 Jan 2023, 20:47
Yet another option is to use symbolic substitution:
Code:
GetCurrentProcess equ QxFFFFFFFFFFFFFFFF
NtCurrentProcess equ QxFFFFFFFFFFFFFFFF
NtCurrentSilo equ QxFFFFFFFFFFFFFFFF
FastPebLock equ QxFFFFFFFFFFFFFFFF
QxFFFFFFFFFFFFFFFF dq 0xFFFFFFFFFFFFFFFF    

And yes, "label X qword at Y" has been around since fasm 1.0. And fasmg accepts legacy syntax (without ":") as well.
Post 11 Jan 2023, 20:47
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.