flat assembler
Message board for the users of flat assembler.

Index > Windows > win64 64 bit source samples, executables

Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
r22: maybe there is some replacement for explorer.exe? there were many for 32bit windoze, written in C so replacement to 64bit shouldn't be THAT hard
Post 23 Apr 2006, 10:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Garthower



Joined: 21 Apr 2006
Posts: 158
Location: Ukraine
Garthower
To all: tell please, who used what debuggers for debugging drivers?
Post 15 May 2006, 10:10
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Hello Garthower,
you need windbg for debug drivers (free for DL from ms) or numega driver studio (commercial). As I read from windbg manuals, you need 2 connected PC.
Personally, I made some simple drivers without debugging in my early fasm64 begins, and I got about 50 reboots (crashes is better word) - so I knew that something was wrong (I hadn't asm kernel structures for win64, I had to recalculate them handly from 64-bit DDK or 32-bit KMD.inc). I had windbg, but only 1 PC. I didn't want to pay terrible money for numega stuff which is maybe able to use 1 PC only for debugging drivers.
Today I'm able to recalculate structures without errors, I know rules (pointers and handles are qwords and must be aligned 8. Everything else stay as in 32-bit structures).
Post 16 May 2006, 05:38
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Garthower



Joined: 21 Apr 2006
Posts: 158
Location: Ukraine
Garthower
I have simply thought, that there are any other debuggers, except for these two... It is a pity, that there is no alternative, because at me too only one PC and not money on numega stuff.

About alignment of structures - looking what API and from what DLL you use. For example, if you use ShellExecuteEx from SHELL32. DLL the structure should be aligned 10h. Besides RSP should be multiple 10h too... One week ago I have spent one hour for finding-out of this problem while a debugger has not entered into a code most API and have not seen, that for zeroing a stack is used command SSE MOVDQA. I think, in the future we are still with more many opening with this OS, as pleasant, and not so Wink
Post 16 May 2006, 14:51
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
There were more APIs in release canditates of win64 than todays.
I wonder the method how win64 patch movdqa - this is transparent for executing exe program - program cause exception, win64 replace movdqa with movdqu and resume exe program. Instruction stays patched until you reboot OS. If you run program before this in debugger, debugger stops at this instruction in API (in DLL). If you then execute program outside debugger, win64 patches instruction and you notice anything in debugger until reboot.
drivers debugging
I don't know why windbg needs 2 connected PC. For debugging drivers loaded when OS boots - before loading graphics card drivers, of course this is the only way to send informations e.g. through COM port by small routine in kernel.
But debugging drivers after switching into graphics mode... why is this so big problem to simply catch kernel exception and notice user sitting in front of monitor connected to this PC ?
If I know how to catch kernel exceptions, then I'll add kernel debugging into fdbg, but today I think this is too complicated for me to do because I don't know how to do it.
Please don't take my advices as 100%, I never debugged any driver, everything here are my deductions only. Please download the latest version of windbg and manuals again...
The win64 debuggers know to me:
ms windbg - free
numega softice - commercial, very expensive for assembler fans
maybe IDA (interactive disassembler) - has debugger, but I don't know if not for i386 only - commercial, very expensive for assembler fans
fdbg - free... and very small
Post 17 May 2006, 05:38
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
peter



Joined: 09 May 2006
Posts: 63
peter
Hope this will be useful for someone: Calling Convention for x64 64-Bit Environments paper from Microsoft:
http://msdn.microsoft.com/library/en-us/Kernel_d/hh/Kernel_d/64bitAMD_6ec00b51-bf75-41bf-8635-caa8653c8bd9.xml.asp
It also contains information about exception handling.
Post 02 Jun 2006, 03:05
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
in projects and ideas section
http://board.flatassembler.net/topic.php?p=39504#39504
direct editing by clicking on ListViews (easier than through Menu->Change->...)
moving ListViews with rat by some ugly array of pressing and releasing shift and left rat's paw, see !_news.txt

I have an idea how to resize ListViews with rat move, I'am going to try it.

I haven't tried MDI child windows yet... I have 1024x768 resolution (old monitor). If every ListView have its own win, they don't fit into this small screen (wasted space with win titles used only for move win). In case of win titles, decreasing of font size and ListView sizes is necessary, and font size is already small enough... 0 and D differ badly (D is as 0 - dif is only 1 pixel in left up corner).
And there are people with screen resolution even smaller than 1024x768.
I hope once you rearrange ListViews, you need to reaarange them rarely only.

Thanx Peter for link !
I think, a driver will be necessary for interact with ring0 drivers and their exceptions from fdbg running in user mode ring3
Post 02 Jun 2006, 09:18
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
peter, that link is outdated. Final release of those documents are here:

http://msdn2.microsoft.com/en-us/library/7kcdt6fy.aspx
Post 02 Jun 2006, 10:17
View user's profile Send private message Visit poster's website Reply with quote
peter



Joined: 09 May 2006
Posts: 63
peter
Thank you, MazeGen! Updated version is far better; finally, they clarified Floating-Point Support in Win64 (the earlier version said floating point was not supported at all).
Post 02 Jun 2006, 13:34
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Out of topic, but Vista 64 beta is for free download. A lot of people have AMD64 and run win32 on it and don't want to waste extra money on win64. If they don't mind downloading of 4 GB and spending 20 GB free partition, let try it !
(a bit wasting hardware/software resources for run 2-3 kB assembler app...)
http://www.microsoft.com/windowsvista/getready/preview.mspx

Download demand has already decreased to the level when downloading is possible.
Post 23 Jun 2006, 11:33
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
lilljocke



Joined: 28 Dec 2004
Posts: 34
Location: Sweden
lilljocke
Hi i have just installed a Windows XP 64 Bit Edition on my computer and i'm quite disepointed becouse olly stops in NTDLL all the time and i can not code Win 64 apps i don't use FASM but does someone know where i can find ml64.exe i think it is a compiler to MASM 64 bit
Post 27 Jun 2006, 22:44
View user's profile Send private message Visit poster's website Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
lilljocke, you can't use OllyDbg for debugging 64-bit apps since it is 32-bit debugger only.

As for ml64.exe, you can get version 8.00.40310.49 for free with DDK or PSDK. Too bad, this version is still very buggy. Newest version 8.00.50727.42 is included in VS2005. You can get free evaluation version here: http://www.microsoft.com/emea/msdn/visualstudio/getthetrials/

edit: The newest version fixes some important bugs, but there are still some annoying issues. I don't want to discuss more here since it is FASM forum.

Note that MASM is not included in VS2005 Express, which is completely for free.

If you have more questions about ml64, you should go to specialized subforum: http://www.masm32.com/board/index.php?board=43.0


Last edited by MazeGen on 28 Jun 2006, 10:47; edited 1 time in total
Post 28 Jun 2006, 06:37
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Hello lilljocke and welcome in 64-bit world !

Quick rules for coding:

params in rcx, rdx, r8, r9, [rsp+8*4], [rsp+8*5], [rsp+8*6], ... [rsp+...]

structures porting from win32 - handles, memory pointers are qwords and must be aligned 8
sample:
something0 db ?
times 7 db ? ; padding
handle dq ?
something1 dd ?
dd ? ; padding
mem_pointer dq ?

allways keep rsp aligned 16 (because win64 grabs values from stack with movdqa xmm... sometimes)
so prolog's samples:

exe_entry_point:
sub rsp,8*(4+1) ; or 4+3, 4+5, 4+7, ...
; this leave 4 qwords [rsp+8*0]...[rsp+8*3] for API use - never use this 4 qwords for your things because API may use and destroy them !

exe_entry_point_sample_1:
push rbx ; save rbx and align stack 16
sub rsp,8*(4+0) ; reserve 4 qwords of stack for API

prologue_sample_2:
push rcx
push rdx
push r8
push r9
sub rsp,8*(4+3); reserve 4 qw for API, 3 for us and align stack 16
; use 4+3 even you need only 2 qwords becase subtracting nonparity power of 8 make stack aligned 16 - rsp is nonparity power of 8 at exe entry point and procedure start

Back 32-bit compactibility isn't perfect (WOW64), especially win32 debuggers hang when debugging win32 apps (TD32, GoBug)
Debuggers for true win64 apps: windbg free for DL from microsoft, IDA (terrible expensive), fdbg from Projects and ideas section (include sources - huge and not much clear for start coding, but better than nothing).
Compilers: I suggest FASM because none of bugs and miscompiled instructions (I checked every instruction during developping disasm engine of fdbg, then I checked compiled instruction with 2 different manuals, windbg, biew - biew had a lot of misdissassmebled, windbg a bit in SSE/SSE2/SSE3).
Jeremy Gordon reported to me a few of misassembled instructions in win64 MASM (ml64.exe), some of them are very common and often used, but they should have been fixed already... (but you know the speed of ms fixing)
The highest disadvantage of MASM is necessity of about 30 MB of libs (kernel32.lib, user32.lib, ... for link files). Size of FASM with macros and structures is much smaller.
I got MASM64 by ordering DDK (price was 1 US $ only, but shipping was about 10-20 US $, paid by credit card, delivered fast in about 5-7 days). Try download file like asm_amd64_win64.zip from my homepage, ml64.exe, link.exe, kernel32.lib, user32.lib are there, but are about 3 years old). If you are interested, I'm able to try to find newer (about 1-1,5 years old) in my home PC and send them to you.

Don't hesitate to ask question to prevent wasting a lot of time to find solutions. I have got some basic experiences but it costed a lot of time (a lot of debugging to find how to translate structures from win32 into win64, howto put and get params, unexpected behaviour when rsp not aligned 16...)
Post 28 Jun 2006, 08:48
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
times 7 db ? ; padding
dd ? ; padding
...

rather use "align 8", it's more readable and more straightforward.

also i remember MazeGen mentioned MASM64 is too buggy to be usable, i will point him here to describe it more deeply, when he is online.
Post 28 Jun 2006, 09:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
Feryno, the Windows DDK can be downloaded for free, no need to order and pay something. And I'm sure the DDK doesn't contain older version than 1 year old.
Post 28 Jun 2006, 11:02
View user's profile Send private message Visit poster's website Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
And one important thing, both FASM and GoAsm doesn't support x64 exception handling. If your code doesn't contain exception frames and an exception arises, windows kill silently your app without any crash informations so you can't trace up your bug.
Post 28 Jun 2006, 11:13
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
MazeGen: it can (and should!) be solved by "proc" macros Razz
Post 28 Jun 2006, 12:56
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
vid: yeah, now just find somebody who knows x64 exception handling and whois able and disposed to do that.
Post 29 Jun 2006, 06:41
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
I played a bit with exception handling and I did something, but not everything what I expected.
1. Installing exception handler - no problemo... (1 API with 2 params)
2. Using handler procedure input - no problemo... (displaying type of exception, address of opcode causing exception, exception flag continuable/noncontinuable)
3. End of exception handler - I don't know how to skip instruction and continue execution. There isn't problem to jump to safe place in app or to call ExitProcess. I had a dream about simple skipping of instruction which caused exception, but it stays in phase of dream jet.
You need to terminate a00.exe by kill it (Task manager).

I added option 'Ignore exception' (= pass it to app exception handler instead of debugger handler) into fdbg
latest version:
http://board.flatassembler.net/topic.php?p=40817#40817

For Vista Beta2 x64 players:
It is beta jet, and if you don't want to change boot manager - My method of installing and booting:
1. create floppy boot disk to boot winxp (for safe)
2. prepare primary partition with 20 GB or more
3. set 20 GB partition active (this makes Vista installer to install its new OS boot manager into this partition and preserves changes of previous loader which isn't on newly activated partition)
4. install Vista into 20 GB
5. create vista floppy boot disk (for safe)
6. save partition records
7. set winxp partition active
8. boot into winxp and add boot menu into boot.ini
see attached file for utils and ideas for 1., 5., 6., 8.
in 3. and 7. you should need other OS, like Linux of floppy with freeDOS

edit 2011-11-30 deleted the attachment vista_sectors_boot.zip because of quota limit


Description: exception handling in win64
very early first plays, nothing great...

Download
Filename: exception.zip
Filesize: 4.84 KB
Downloaded: 43 Time(s)



Last edited by Feryno on 30 Nov 2011, 12:10; edited 1 time in total
Post 03 Jul 2006, 12:40
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Garthower



Joined: 21 Apr 2006
Posts: 158
Location: Ukraine
Garthower
Hi.
I have a problem with resources in PE64. As by means of the macroowls who are being delivery FASM to dialogue it's impossible to appoint a class, I used purposes for section of resources from a file using "section '.rsrc ' resource from ' myfile.res' ". In PE32 all works, but in PE64 function CreateDialogParam returns a mistake " Resource not found ". I used this sources:

File SignForm64.RC:
Code:
1 ICON "SignForm64.ico"

SignFormat64 DIALOG 0, 0, 388, 162
STYLE DS_MODALFRAME | DS_3DLOOK | DS_CONTEXTHELP | WS_POPUP | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX
CLASS "SignatureFormat64"
CAPTION ""
FONT 8, "MS Serif"
{
 CONTROL "Close",6, "button", BS_PUSHBUTTON | BS_CENTER | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 332, 145, 50, 14
}
    


ASM Source:
Code:
format PE64 GUI

.....

include 'struct.inc'

struct WNDCLASSEX
  cbSize                dd ?
  style                 dd ?
  lpfnWndProc           dq ?
  cbClsExtra            dd ?
  cbWndExtra            dd ?
  hInstance             dq ?
  hIcon                 dq ?
  hCursor               dq ?
  hbrBackground         dq ?
  lpszMenuName          dq ?
  lpszClassName         dq ?
  hIconSm               dq ?
ends

.....

invoke CreateDialogParam,[wc.hInstance],DlgName,0,0,0

.....

section '.data' data readable writeable

.....

DlgName                 db 'SignFormat64',0
ClassName                               db 'SignatureFormat64',0

wc_start:
wc                      WNDCLASSEX wc_end-wc_start,CS_HREDRAW or CS_VREDRAW,/
                                  WndProc,0,0,0,0,0,COLOR_WINDOW,0,ClassName,0
wc_end:

.....

section '.rsrc' resource from 'SignForm64.res'
    


To compile .RC file I used GoRC v.0.90.0 beta, to compile ASM source I user FASM v.1.67.3. Perhaps, somebody will prompt, where is a bug and in what it?
Post 04 Jul 2006, 08:11
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.