flat assembler
Message board for the users of flat assembler.

Index > Windows > win64 64 bit source samples, executables

Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author
Thread Post new topic Reply to topic
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 01 Jul 2005, 06:46
This is very big and hard work - Tomasz Grysztar, Privalov, Jeremy Gordon, all developers, thanx for it.
I'am able to send zip file by about 30 MB of *.lib needed for ms link, libs are from MS SDK (about 300 MB). Thanx Jeremy for this new and excelent way - *.lib isn't needed, great!
Weekend will be come in a few hours, and after i leave this workplace, i'll be back to home and test golink for win64. Reports will be monday, july 4th, after i return to this workjob and PC connected to inet.
Will be GoBug64 developed in a feature? I use windbg from microsoft, console style under window, enough for my tests. I know... fasm as well golink are win32 exe, gobug64 must be win64 and it's to hard rewriting all excelent, optimized code developed and tested much years and by to many peoples.
I'am too frustrated because can't participate by developing. My job and education is too different from computers and programming, my style of coding is self-educating (about 8 years), i known't macros, nothig about C coding, nothing else raw asm code instructions as you see in debugger, too little about win OS and Linux OS. I can test every code, disassembling it, trace it to infinity, produce some simple samples.
I love asm, this is my big love... but girls are No 1, of course.
Post 01 Jul 2005, 06:46
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
jorgon



Joined: 29 Jun 2005
Posts: 4
Location: London, UK
jorgon 01 Jul 2005, 07:04
Thanks Feryno, yes GoBug, GoRC, GoAsm all must go 64-bit!

_________________
Author of "Go" tools
Post 01 Jul 2005, 07:04
View user's profile Send private message Visit poster's website Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1092
Location: Poland
decard 01 Jul 2005, 13:27
actually Tomasz Grysztar and Privalov is the same person Smile
Post 01 Jul 2005, 13:27
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8356
Location: Kraków, Poland
Tomasz Grysztar 01 Jul 2005, 14:04
For this very reason I have stopped using thing nick - it was causing the confusion that there is actually some team working on fasm. Wink

Jeremy: my congratulations - since fasm itself lacks any dedicated linker I appreciate your choice of developing first the linker for x86-64, so fasm and golink can now complement each other to make a good alternative development package for AMD64-based Windows. Maybe we should combine our efforts to make some forerunner independent Win64 assembly package?
Post 01 Jul 2005, 14:04
View user's profile Send private message Visit poster's website Reply with quote
jorgon



Joined: 29 Jun 2005
Posts: 4
Location: London, UK
jorgon 01 Jul 2005, 17:55
Tomasz Grysztar wrote:
Maybe we should combine our efforts to make some forerunner independent Win64 assembly package?
I would be interested to hear your ideas on this!

_________________
Author of "Go" tools
Post 01 Jul 2005, 17:55
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8356
Location: Kraków, Poland
Tomasz Grysztar 03 Jul 2005, 13:03
Well, for beginning it would be some package containing assembler, linker, some set of headers for Win64 programming, examples, tutorials etc.
Post 03 Jul 2005, 13:03
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 04 Jul 2005, 04:52
In the last weekend i tried to make some exe's by linking with GoLink. Everthing is O.K., i can't send no one bug. But it's need more tests...
In a zip file some samples, in second is loader - usefull for hackers - loader load protected or crypted or compressed file, wait until protected file decrypt or decompress, then patch some code and data (e.g. time limitation, other trial shit's).
Platform i'am used is Windows 2003 Server x64 Standard Edition Service Pack 1 Build 3790, CPU AMD64. I hope, there isn't relevant difference between winxp and win2003 when work with assembler.

edit 2011-01-11 reached quota limit, deleted some attachments


Description: Loader for hackers
Download
Filename: loader.zip
Filesize: 8.92 KB
Downloaded: 1849 Time(s)



Last edited by Feryno on 11 Jan 2011, 09:23; edited 1 time in total
Post 04 Jul 2005, 04:52
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 04 Jul 2005, 05:00
oops, there is old version of loader that i was uploaded, you must correct one error for don't leave suspended process:

bug in loader.asm:
exitus: lea rcx,[ProcessInfo + 1*8] ; hThread
; lea is bad, mov must be used !!!
call ResumeThread
xor rcx,rcx ; uExitCode
call ExitProcess

correct:
exitus: mov rcx,[ProcessInfo + 1*8] ; hThread
call ResumeThread
xor rcx,rcx ; uExitCode
call ExitProcess

I make very much errors by changing lea and mov because in old win32 asm i every used mov...
Post 04 Jul 2005, 05:00
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
jorgon



Joined: 29 Jun 2005
Posts: 4
Location: London, UK
jorgon 04 Jul 2005, 06:47
Many thanks a lot Feryno for the pleasing no-bug-as-yet report for GoLink - it's pleasing news so far.
Meanwhile I did some tweaking to GoRC, the resource compiler.
This needed alteration only for the RES>OBJ conversion, which does the same job as CVTRES in your sample batch file. This is because the 64-bit object file format is different. The RC>OBJ function has also changed for the same reason. RES file formats are the same no there is no change to the RC>RES function.

You tell GoRC to produce a 64-bit object file instead of a 32-bit object using the switch: /machine AMD64 or /machine X64, or for compatibility with CVTRES, using /machine:AMD64 or /machine:X64 in the command line.

GoRC 0.90.0 beta can be downloaded from here.
This link will always point to the latest beta version of GoRC, until it becomes officially published.

Eventually I will need to add automatic recognition for the appropriate VERSIONINFO constants for Win64 (VOS__WINDOWS64 etc) but they don't seem to have been published yet ..).

_________________
Author of "Go" tools
Post 04 Jul 2005, 06:47
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 07 Jul 2005, 06:57
I tried GoRC to produce resource section for win64 exe - with SUCCESS, every look nice O.K. See TrIco2.exe in attached *.zip
After a few days i completed porting trayicon demo to win64, i got very much trouble, must trace kernel dll's... maybe because i'am not real coder, but something other... For other coders documentation and study is enough, but it's look as not enough for me.
GetCursorPos API failed if data structure not aligned, that i found after few days of debugging.
Sizes in structures: handles, addresses, ... of course 64 bits quadwords.
But flags, ... is sometimes (or everytimes ?) doublewords... that i found after few hours of debugging, but i can't tell in what API qwords and what dwords, maybe everytime dwords?
You can see that after comment some lines with by ;
WindowsClassEx structure work because delete one qword and split other qword to 2 doublewords...
e.g.
section '.data' data readable writeable
WindowsClassEx
dq WindowsClassEx_size ; UINT cbSize;
; dq 2003h ;CS_HREDRAW | CS_VREDRAW; style;
dq WNDProc ; WNDPROC lpfnWndProc;
; dq 0 ; int cbClsExtra;
dq 0 ; int cbWndExtra;
this is working structure, but i can't tell where is here what param... i finded this after disassembling and debugging working 64 bit exe's.

attached zip contain more samples as well correct version of loader = patcher usefull for hacking data and code in protected file, e.g. in a demo or trials.

64 bit assembler is still wonderful for me. Se ya in assembler!

edit 2011-01-11 reached quota limit, deleted some attachments


Last edited by Feryno on 11 Jan 2011, 09:24; edited 1 time in total
Post 07 Jul 2005, 06:57
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 07 Jul 2005, 11:08
Quote:

this is working structure, but i can't tell where is here what param... i finded this after disassembling and debugging working 64 bit exe's.

Why not have a look at a 64bit PlatformSDK instead of disassembling and tracing kernel? That should save you quite some time...
Post 07 Jul 2005, 11:08
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 07 Jul 2005, 11:33
I have 64 bit SDK installed, I promise look at it. I learn.
But the pleasure of solving a problem after 4 days is bigger as after few seconds when looking to SDK.
OK, looking at SDK is better, i can devote saved time to girls.
Post 07 Jul 2005, 11:33
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 07 Jul 2005, 13:23
Quote:

OK, looking at SDK is better, i can devote saved time to girls.

Indeed - while tracing kernel can be fun, it's a bit useless having to do it for a lot of APIs... better to translate from the SDK, and devote your spare time to writing useful examples and chasing girls Smile
Post 07 Jul 2005, 13:23
View user's profile Send private message Visit poster's website Reply with quote
THEWizardGenius



Joined: 14 Jan 2005
Posts: 382
Location: California, USA
THEWizardGenius 07 Jul 2005, 18:36
Your page is not working:

MS IE said:
Quote:

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Post 07 Jul 2005, 18:36
View user's profile Send private message AIM Address Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 08 Jul 2005, 06:53
THEWizardGenius you forgot to tell which page.
my assembler page
http://feryno.host.sk
is up about 5 years and is up now, but I encountered much unavailable intervals. It's free webhosting, I don't donate it (maybe nobody), so services look like you see. Maybe (sure) it will end sometimes (when moneys for server operation drop to zero) and I'll migrate to another free webhosting.
Well, it work OK now, you can browse and download from it. But my work isn't serious material to learn, it's attempts to code something for a fun.
There is enough links on page that point to excelent materials on other pages.
I am able to send every file on my page, if you encounter problems with download. Files download isn't accessible from other pages when you put direct link to a file. You can download files only from host.sk
This is it what I have costfree. I don't plan pay serious hosting. It's no matter of moneys but principles. Everything that I have is costfree (except few US$ for microsoft DDK and more moneys for a hardware of course) and I'll give stuff to everybody costfree.
At the conclusion, internet is costfree in my job (employer pay it)...
Post 08 Jul 2005, 06:53
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 21 Jul 2005, 05:03
Here you have some samples. No one is new, everything is old samples rewrited to direct produce PE64 by FASM. For compile you need only fasm.exe 1.63.1 with size 73216 byte (included in attached file) or later, nothing more.
Is here somebody coding in FASM under win64?


Description:
Download
Filename: PE64_Samples.zip
Filesize: 73.1 KB
Downloaded: 359 Time(s)

Post 21 Jul 2005, 05:03
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 03 Aug 2005, 05:05
Last evening and night I finished driver for win64, analogy to r0pc driver for win32 posted somewhere on this forum.
I had a problem with import section so I must comile it with microsoft stuff...
But it's a thing of little of a time until produce drivers by FASM, it's thing of macros, structures, other things that I hate, don't known, don't understand.
Stuff for install, start, stop, remove driver is written in FASM. Driver in microsoft stuff.
Just run file !run_tests.bat from attached sys.zip. If you want to compile drivers, download ml64.zip and link64.zip attached here.
Source for driver - a05.asm is full of bullshits, I had not a time to clean it. I had about 20 "correct" system resets until find correct offsets for driver structures. I have DDK, but I must compute offsets by calculator, compile by DDK, disassemble by IDA, find numbers in a IDA disassembled files, IDA 4.7 produce errors by disassemble win64 code... a lot of errors and system resets until finished this.
Driver is a05.sys. You can use ring0 privileged instructions with this driver, e.g. reading and writing to a ports under win64.
Don't use driver nanoreset.sys except you realy need reset system on the fly, without correct shutdown - don't stop services, don't kill processes, don't unmount, don't flush disk buffers...
Well, producing correct import section by FASM for win64 drivers will be follow...

update from 2005-august-04:
Because MazeGen has right, I delete ml64.zip and link64.zip attached here.
Don't wory, I finished producing drivers by FASM, so microsoft compiler isn't necessary. Follow reading this forum for FASM win64 drivers.


Description: Drivers. Stuff for install, start, stop, remove driver. Use of a driver - open it, write to it.
Download
Filename: Sys.zip
Filesize: 225.08 KB
Downloaded: 374 Time(s)



Last edited by Feryno on 04 Aug 2005, 05:05; edited 2 times in total
Post 03 Aug 2005, 05:05
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 03 Aug 2005, 10:03
I much doubt MS files can't be redistributed this way.
Post 03 Aug 2005, 10:03
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 03 Aug 2005, 10:37
Mazegen, you right, MS files can't be redistributed this way. But somebody need this files for compile.
Mazegen, what about you country? Czechoslovakia don't exist a lot of years... But don't take this personaly. I come from Slovakia and live (temporary) in Czech rep.
Post 03 Aug 2005, 10:37
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 03 Aug 2005, 14:45
Feryno, check your PM.
Post 03 Aug 2005, 14:45
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.