flat assembler
Message board for the users of flat assembler.
Index
> Windows > win64 64 bit source samples, executables Goto page Previous 1, 2, 3, 4, 5, 6, 7 |
Author |
|
Feryno 07 Jul 2006, 12:19
A piece a cake !
Exception handling is done, include recovering from exception. Added option for debug exception handler into fdbg (see !_news.txt) http://board.flatassembler.net/topic.php?p=40950#40950 A made some antidebugs based on exception, see files in fdbg package.
|
|||||||||||
07 Jul 2006, 12:19 |
|
Feryno 24 Jul 2006, 06:50
Hello Chewy509
yes, it is as you wrote every API needs 4 qwords reserved, no more rsp must be aligned 16 so sub rsp,8*5 reserve 4 qwords at [rsp+8*0], ... [rsp+8*3] for API qword [rsp+8*4] is here only for align 16 rsp or you can use it for yourself another prologue sample when pushing nonparity number of registers: push rbx sub rsp,8*4 again rsp aligned 16 and 4 qwords reserved for API sample when you push nothing and you need 2 qwords for local variables on the stack prologue: sub rsp,8*7 ; 4 for api, 2 for us and 1 for align stack 16 ... your code add rsp,8*7 ; epilogue ret short rule: push parity number of registers + subtracting nonparity power of 8 push nonparity number of regs + subtracting parity power of 8 this is the same at exe entry point and every procedure prologue (difference is of course any epilogue isn't necessary after ExitProcess) |
|||
24 Jul 2006, 06:50 |
|
Chewy509 26 Jul 2006, 23:59
Hi Feryno,
Thanks for the info and clarification. It's just incredible that MS would come up with having a call procedure where the caller having to reserve space for the caller on the stack! Chewy509 |
|||
26 Jul 2006, 23:59 |
|
Feryno 27 Jul 2006, 05:35
Yes, ms reserve 4 qwords for not essential things. I traced some APIs and I found only 1 usage of this space - APIs usualy save nonvalatile registers there (rbx, rsi, rdi, rbp, r12-r15). APIs can simple PUSH/POP them from the stack - most of APIs do it in this way, only a few of APIs realy use 4 qwords reserved. But if API needs to use mov qword [rsp+-...],reg64 then API can use its own reserved stack space by sub rsp,space_size.
Strage idea... I have only 1 strange explanation... Maybe the first idea was to put API params in the stack as in 32-bit world. The second idea was when ms developers decided: 'why to use stack when we have 2* more registers' and the most of APIs use not more than 4 input params - so developers changed first 4 input params from qword [rsp+8*0], [rsp+8*1], [rsp+8*2], [rsp+8*3] to rcx, rdx, r8, r9 (btw you can't push imm64 value, you can push only max. imm32 value in range from -80000000h to +7FFFFFFFh and how to put imm64 value in the stack - only indirect by mov reg64,value and then push reg64 or mov [rsp+-...],reg64 ) . 5th and above params stayed in the stack. And at the end somebody decided to use 4 free qwords for API purposes and thus complicate life of ASM coders ? |
|||
27 Jul 2006, 05:35 |
|
Garthower 11 Aug 2006, 10:22
Somebody has the information about SoftIce64 for x64? I tried to find any information on it on site Numega, but there even was not present in the list of such product, as Driver Studio
|
|||
11 Aug 2006, 10:22 |
|
Goto page Previous 1, 2, 3, 4, 5, 6, 7 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.