flat assembler
Message board for the users of flat assembler.
Index
> Windows > win64 64 bit source samples, executables Goto page Previous 1, 2, 3, 4, 5, 6, 7 Next |
Author |
|
jorgon 01 Jul 2005, 07:04
Thanks Feryno, yes GoBug, GoRC, GoAsm all must go 64-bit!
_________________ Author of "Go" tools |
|||
01 Jul 2005, 07:04 |
|
decard 01 Jul 2005, 13:27
actually Tomasz Grysztar and Privalov is the same person
|
|||
01 Jul 2005, 13:27 |
|
Tomasz Grysztar 01 Jul 2005, 14:04
For this very reason I have stopped using thing nick - it was causing the confusion that there is actually some team working on fasm.
Jeremy: my congratulations - since fasm itself lacks any dedicated linker I appreciate your choice of developing first the linker for x86-64, so fasm and golink can now complement each other to make a good alternative development package for AMD64-based Windows. Maybe we should combine our efforts to make some forerunner independent Win64 assembly package? |
|||
01 Jul 2005, 14:04 |
|
jorgon 01 Jul 2005, 17:55
Tomasz Grysztar wrote: Maybe we should combine our efforts to make some forerunner independent Win64 assembly package? _________________ Author of "Go" tools |
|||
01 Jul 2005, 17:55 |
|
Tomasz Grysztar 03 Jul 2005, 13:03
Well, for beginning it would be some package containing assembler, linker, some set of headers for Win64 programming, examples, tutorials etc.
|
|||
03 Jul 2005, 13:03 |
|
Feryno 04 Jul 2005, 04:52
In the last weekend i tried to make some exe's by linking with GoLink. Everthing is O.K., i can't send no one bug. But it's need more tests...
In a zip file some samples, in second is loader - usefull for hackers - loader load protected or crypted or compressed file, wait until protected file decrypt or decompress, then patch some code and data (e.g. time limitation, other trial shit's). Platform i'am used is Windows 2003 Server x64 Standard Edition Service Pack 1 Build 3790, CPU AMD64. I hope, there isn't relevant difference between winxp and win2003 when work with assembler. edit 2011-01-11 reached quota limit, deleted some attachments
Last edited by Feryno on 11 Jan 2011, 09:23; edited 1 time in total |
|||||||||||
04 Jul 2005, 04:52 |
|
Feryno 04 Jul 2005, 05:00
oops, there is old version of loader that i was uploaded, you must correct one error for don't leave suspended process:
bug in loader.asm: exitus: lea rcx,[ProcessInfo + 1*8] ; hThread ; lea is bad, mov must be used !!! call ResumeThread xor rcx,rcx ; uExitCode call ExitProcess correct: exitus: mov rcx,[ProcessInfo + 1*8] ; hThread call ResumeThread xor rcx,rcx ; uExitCode call ExitProcess I make very much errors by changing lea and mov because in old win32 asm i every used mov... |
|||
04 Jul 2005, 05:00 |
|
jorgon 04 Jul 2005, 06:47
Many thanks a lot Feryno for the pleasing no-bug-as-yet report for GoLink - it's pleasing news so far.
Meanwhile I did some tweaking to GoRC, the resource compiler. This needed alteration only for the RES>OBJ conversion, which does the same job as CVTRES in your sample batch file. This is because the 64-bit object file format is different. The RC>OBJ function has also changed for the same reason. RES file formats are the same no there is no change to the RC>RES function. You tell GoRC to produce a 64-bit object file instead of a 32-bit object using the switch: /machine AMD64 or /machine X64, or for compatibility with CVTRES, using /machine:AMD64 or /machine:X64 in the command line. GoRC 0.90.0 beta can be downloaded from here. This link will always point to the latest beta version of GoRC, until it becomes officially published. Eventually I will need to add automatic recognition for the appropriate VERSIONINFO constants for Win64 (VOS__WINDOWS64 etc) but they don't seem to have been published yet ..). _________________ Author of "Go" tools |
|||
04 Jul 2005, 06:47 |
|
Feryno 07 Jul 2005, 06:57
I tried GoRC to produce resource section for win64 exe - with SUCCESS, every look nice O.K. See TrIco2.exe in attached *.zip
After a few days i completed porting trayicon demo to win64, i got very much trouble, must trace kernel dll's... maybe because i'am not real coder, but something other... For other coders documentation and study is enough, but it's look as not enough for me. GetCursorPos API failed if data structure not aligned, that i found after few days of debugging. Sizes in structures: handles, addresses, ... of course 64 bits quadwords. But flags, ... is sometimes (or everytimes ?) doublewords... that i found after few hours of debugging, but i can't tell in what API qwords and what dwords, maybe everytime dwords? You can see that after comment some lines with by ; WindowsClassEx structure work because delete one qword and split other qword to 2 doublewords... e.g. section '.data' data readable writeable WindowsClassEx dq WindowsClassEx_size ; UINT cbSize; ; dq 2003h ;CS_HREDRAW | CS_VREDRAW; style; dq WNDProc ; WNDPROC lpfnWndProc; ; dq 0 ; int cbClsExtra; dq 0 ; int cbWndExtra; this is working structure, but i can't tell where is here what param... i finded this after disassembling and debugging working 64 bit exe's. attached zip contain more samples as well correct version of loader = patcher usefull for hacking data and code in protected file, e.g. in a demo or trials. 64 bit assembler is still wonderful for me. Se ya in assembler! edit 2011-01-11 reached quota limit, deleted some attachments Last edited by Feryno on 11 Jan 2011, 09:24; edited 1 time in total |
|||
07 Jul 2005, 06:57 |
|
f0dder 07 Jul 2005, 11:08
Quote:
Why not have a look at a 64bit PlatformSDK instead of disassembling and tracing kernel? That should save you quite some time... |
|||
07 Jul 2005, 11:08 |
|
Feryno 07 Jul 2005, 11:33
I have 64 bit SDK installed, I promise look at it. I learn.
But the pleasure of solving a problem after 4 days is bigger as after few seconds when looking to SDK. OK, looking at SDK is better, i can devote saved time to girls. |
|||
07 Jul 2005, 11:33 |
|
f0dder 07 Jul 2005, 13:23
Quote:
Indeed - while tracing kernel can be fun, it's a bit useless having to do it for a lot of APIs... better to translate from the SDK, and devote your spare time to writing useful examples and chasing girls |
|||
07 Jul 2005, 13:23 |
|
THEWizardGenius 07 Jul 2005, 18:36
Your page is not working:
MS IE said: Quote:
|
|||
07 Jul 2005, 18:36 |
|
Feryno 08 Jul 2005, 06:53
THEWizardGenius you forgot to tell which page.
my assembler page http://feryno.host.sk is up about 5 years and is up now, but I encountered much unavailable intervals. It's free webhosting, I don't donate it (maybe nobody), so services look like you see. Maybe (sure) it will end sometimes (when moneys for server operation drop to zero) and I'll migrate to another free webhosting. Well, it work OK now, you can browse and download from it. But my work isn't serious material to learn, it's attempts to code something for a fun. There is enough links on page that point to excelent materials on other pages. I am able to send every file on my page, if you encounter problems with download. Files download isn't accessible from other pages when you put direct link to a file. You can download files only from host.sk This is it what I have costfree. I don't plan pay serious hosting. It's no matter of moneys but principles. Everything that I have is costfree (except few US$ for microsoft DDK and more moneys for a hardware of course) and I'll give stuff to everybody costfree. At the conclusion, internet is costfree in my job (employer pay it)... |
|||
08 Jul 2005, 06:53 |
|
Feryno 21 Jul 2005, 05:03
Here you have some samples. No one is new, everything is old samples rewrited to direct produce PE64 by FASM. For compile you need only fasm.exe 1.63.1 with size 73216 byte (included in attached file) or later, nothing more.
Is here somebody coding in FASM under win64?
|
|||||||||||
21 Jul 2005, 05:03 |
|
Feryno 03 Aug 2005, 05:05
Last evening and night I finished driver for win64, analogy to r0pc driver for win32 posted somewhere on this forum.
I had a problem with import section so I must comile it with microsoft stuff... But it's a thing of little of a time until produce drivers by FASM, it's thing of macros, structures, other things that I hate, don't known, don't understand. Stuff for install, start, stop, remove driver is written in FASM. Driver in microsoft stuff. Just run file !run_tests.bat from attached sys.zip. If you want to compile drivers, download ml64.zip and link64.zip attached here. Source for driver - a05.asm is full of bullshits, I had not a time to clean it. I had about 20 "correct" system resets until find correct offsets for driver structures. I have DDK, but I must compute offsets by calculator, compile by DDK, disassemble by IDA, find numbers in a IDA disassembled files, IDA 4.7 produce errors by disassemble win64 code... a lot of errors and system resets until finished this. Driver is a05.sys. You can use ring0 privileged instructions with this driver, e.g. reading and writing to a ports under win64. Don't use driver nanoreset.sys except you realy need reset system on the fly, without correct shutdown - don't stop services, don't kill processes, don't unmount, don't flush disk buffers... Well, producing correct import section by FASM for win64 drivers will be follow... update from 2005-august-04: Because MazeGen has right, I delete ml64.zip and link64.zip attached here. Don't wory, I finished producing drivers by FASM, so microsoft compiler isn't necessary. Follow reading this forum for FASM win64 drivers.
Last edited by Feryno on 04 Aug 2005, 05:05; edited 2 times in total |
|||||||||||
03 Aug 2005, 05:05 |
|
MazeGen 03 Aug 2005, 10:03
I much doubt MS files can't be redistributed this way.
|
|||
03 Aug 2005, 10:03 |
|
Feryno 03 Aug 2005, 10:37
Mazegen, you right, MS files can't be redistributed this way. But somebody need this files for compile.
Mazegen, what about you country? Czechoslovakia don't exist a lot of years... But don't take this personaly. I come from Slovakia and live (temporary) in Czech rep. |
|||
03 Aug 2005, 10:37 |
|
MazeGen 03 Aug 2005, 14:45
Feryno, check your PM.
|
|||
03 Aug 2005, 14:45 |
|
Goto page Previous 1, 2, 3, 4, 5, 6, 7 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.