flat assembler
Message board for the users of flat assembler.

Index > Windows > win64 64 bit source samples, executables

Goto page Previous  1, 2, 3, 4, 5, 6, 7
Author
Thread Post new topic Reply to topic
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 07 Jul 2006, 12:19
A piece a cake !

Exception handling is done, include recovering from exception.

Added option for debug exception handler into fdbg (see !_news.txt)
http://board.flatassembler.net/topic.php?p=40950#40950

A made some antidebugs based on exception, see files in fdbg package.


Description: exception handling in win64 AMD64 + recovering from exception and continue code execution after instruction causing exception
Download
Filename: exception.zip
Filesize: 5.75 KB
Downloaded: 359 Time(s)

Post 07 Jul 2006, 12:19
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Chewy509



Joined: 19 Jun 2003
Posts: 297
Location: Bris-vegas, Australia
Chewy509 24 Jul 2006, 04:56
Feryno wrote:

so prolog's samples:

exe_entry_point:
sub rsp,8*(4+1) ; or 4+3, 4+5, 4+7, ...
; this leave 4 qwords [rsp+8*0]...[rsp+8*3] for API use - never use this 4 qwords for your things because API may use and destroy them !

exe_entry_point_sample_1:
push rbx ; save rbx and align stack 16
sub rsp,8*(4+0) ; reserve 4 qwords of stack for API

prologue_sample_2:
push rcx
push rdx
push r8
push r9
sub rsp,8*(4+3); reserve 4 qw for API, 3 for us and align stack 16
; use 4+3 even you need only 2 qwords becase subtracting nonparity power of 8 make stack aligned 16 - rsp is nonparity power of 8 at exe entry point and procedure start

Is there any way to know how much room needs to be reserved for the API? Or does it just need 4 qwords and the rest are for us to play with? And does the reserved space count always have to be odd, eg 1, 3, 5, 7, 9, 11, etc?
Post 24 Jul 2006, 04:56
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 24 Jul 2006, 06:50
Hello Chewy509
yes, it is as you wrote

every API needs 4 qwords reserved, no more
rsp must be aligned 16

so sub rsp,8*5 reserve 4 qwords at [rsp+8*0], ... [rsp+8*3] for API
qword [rsp+8*4] is here only for align 16 rsp or you can use it for yourself

another prologue sample when pushing nonparity number of registers:
push rbx
sub rsp,8*4
again rsp aligned 16 and 4 qwords reserved for API

sample when you push nothing and you need 2 qwords for local variables on the stack
prologue:
sub rsp,8*7 ; 4 for api, 2 for us and 1 for align stack 16
... your code
add rsp,8*7 ; epilogue
ret

short rule:
push parity number of registers + subtracting nonparity power of 8
push nonparity number of regs + subtracting parity power of 8

this is the same at exe entry point and every procedure prologue
(difference is of course any epilogue isn't necessary after ExitProcess)
Post 24 Jul 2006, 06:50
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Chewy509



Joined: 19 Jun 2003
Posts: 297
Location: Bris-vegas, Australia
Chewy509 26 Jul 2006, 23:59
Hi Feryno,

Thanks for the info and clarification. It's just incredible that MS would come up with having a call procedure where the caller having to reserve space for the caller on the stack!

Chewy509
Post 26 Jul 2006, 23:59
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 27 Jul 2006, 05:35
Yes, ms reserve 4 qwords for not essential things. I traced some APIs and I found only 1 usage of this space - APIs usualy save nonvalatile registers there (rbx, rsi, rdi, rbp, r12-r15). APIs can simple PUSH/POP them from the stack - most of APIs do it in this way, only a few of APIs realy use 4 qwords reserved. But if API needs to use mov qword [rsp+-...],reg64 then API can use its own reserved stack space by sub rsp,space_size.
Strage idea... I have only 1 strange explanation...
Maybe the first idea was to put API params in the stack as in 32-bit world. The second idea was when ms developers decided: 'why to use stack when we have 2* more registers' and the most of APIs use not more than 4 input params - so developers changed first 4 input params from qword [rsp+8*0], [rsp+8*1], [rsp+8*2], [rsp+8*3] to rcx, rdx, r8, r9 (btw you can't push imm64 value, you can push only max. imm32 value in range from -80000000h to +7FFFFFFFh and how to put imm64 value in the stack - only indirect by mov reg64,value and then push reg64 or mov [rsp+-...],reg64 ) . 5th and above params stayed in the stack. And at the end somebody decided to use 4 free qwords for API purposes and thus complicate life of ASM coders ?
Post 27 Jul 2006, 05:35
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Garthower



Joined: 21 Apr 2006
Posts: 158
Location: Ukraine
Garthower 11 Aug 2006, 10:22
Somebody has the information about SoftIce64 for x64? I tried to find any information on it on site Numega, but there even was not present in the list of such product, as Driver Studio Sad
Post 11 Aug 2006, 10:22
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.