Index
> Non-x86 architectures > FASMARM v1.43 - Cross assembler for ARM CPUsGoto page Previous 1, 2, 3 ... 5, 6, 7 ... 30, 31, 32 Next |
| Author |
|
|
vid
you can find out specific ordinal by disassembling, but it seems full list can be only obtained from winCE sources, which seem to be located only within "platform builder" tool, which seems to be very hard to get.
btw, could you explain why the brackets must be in "ldr pc,[lr]" ? |
|||
30 May 2006, 06:17 |
|
|
revolution
Quote: could you explain why the brackets must be in "ldr pc,[lr]" |
|||
|
30 May 2006, 12:54 |
|
|
vid
so i should properly return with "mov pc, lr"?
That means my "ldr pc,[lr]" caused crash or what, but CE didn't display message? |
|||
|
30 May 2006, 13:02 |
|
|
revolution
Use a debugger if you want to watch what is happening. Otherwise, if you don't have one handy, get a "print" routine working then do lots of printing of values to the screen to see where things are going. Once you build up your experience with the ARM language you should quickly get the hang of things.
|
|||
|
30 May 2006, 19:26 |
|
|
vid
there is no default console on CE
anyway, i will tru to play with it further... |
|||
|
30 May 2006, 21:02 |
|
|
vid
some basic for win32 can be found here, from what i have read, i suppose winCE uses same numbers. unfortunately i don't know ARM syntax enough to create window and everything,
[edit] link is not interesting anymore Last edited by vid on 01 Jun 2006, 07:39; edited 2 times in total |
|||
|
31 May 2006, 14:36 |
|
|
revolution
That link shows the Win32 x86 ordinals. You can get these from any x86 debugger or PE viewer. Are the ordinals really the same in WinCE? That seems unlikely since WinCE has much less functionality than even Win95.
|
|||
|
31 May 2006, 16:33 |
|
|
vid
okay, here is list of imports for ordinals from 80000000h to 8001000h, in that order, as IDA showed them.
http://student.fiit.stuba.sk/~mocko04/TOSSOFF/ce_ordinals.txt PS: if you have problem calculating the ordinal, here is the formula: (IDA_address - 17000h)/4 + 80000001h [edit] corrected [/edit] IDA_address is one shown of left. Someone could convert this to display just lower word of resulting ordinal, of even make FASM inlcude file, like: Code: SystemStarted = 80000000h InitializeCriticalSection = 80000001h DeleteCriticalSection = 80000002h ... Last edited by vid on 01 Jun 2006, 14:40; edited 1 time in total |
|||
|
31 May 2006, 18:32 |
|
|
vid
looking at the ROM dump, it seems that COREDLL does have export names. all api names are there.
but ordinals are still nicer and more hacky  |
|||
|
31 May 2006, 23:35 |
|
|
revolution
Using ordinals makes the file smaller, an important consideration in the small RAM of the devices running WinCE. I guess it depends on ones own preferences.
I think the include files equates is the most satisfying way to use the ordinals, less chance for mistakes in the code. |
|||
|
01 Jun 2006, 03:06 |
|
|
MazeGen
vid, could you reduce the looong link using BB code [url=your_link]link_description[/url]?
|
|||
|
01 Jun 2006, 07:35 |
|
|
vid
done
|
|||
|
01 Jun 2006, 07:42 |
|
|
vid
revolution: could you try to write example which just calls "MessageBoxW" and then exits? Alternatively you can try "ExitThread" API (AFAIK, there are threads instead of processes on wince)?
pleeeeaaaaaaseeeeeee |
|||
|
01 Jun 2006, 07:46 |
|
|
revolution
vid wrote: could you try to write example which just calls "MessageBoxW" and then exits? If changes are needed to make it work then don't forget to post them here for everyone else to try. When we can get this working then I will include it as an example in the download package.
Code:
format PE GUI
entry Start
section '.text' data code readable writeable executable
Start:
mov r0,0 ;window owner (NULL)
add r1,pc,Text-$-8 ;the text
add r2,pc,Caption-$-8 ;the caption
mov r3,0 ;style (MB_OK)
ldr pc,[pc,MessageBoxW-$-8] ;display message and exit
data import
dw 0,0,0,RVA core_name,RVA core_imports
dw 0,0,0,0,0
core_imports:
MessageBoxW dw 0x80000359
dw 0
core_name db 'COREDLL.DLL',0
align 4
end data
Text du 'Hello WinCE world',0
Caption du 'ARM small PE',0
align 4
|
|||
|
01 Jun 2006, 11:18 |
|
|
vid
can't test now (i am in school and don't have emulator right now)
could you explain "crypty" things like Code: add r1,pc,Text-$-8 ldr pc,[pc,MessageBoxW-$-8] ;display message and exit i don't understand why r1 = PC+label-$-8 if PC always points to next instruction, then -4 would be comprehendable. and wouldn't be "mov r1,label" enough, why not? about the call and exit - here i am totally confused :] thanks, when i'll be on my computer i will test it |
|||
|
01 Jun 2006, 12:28 |
|
|
vid
GREAAAAT here it is:
Code: format PE GUI
entry Start
section '.text' data code readable writeable executable
Start:
mov r0,0 ;window owner (NULL)
add r1,pc,Text-$-8 ;the text
add r2,pc,Caption-$-8 ;the caption
mov r3,0 ;style (MB_OK)
ldr pc,[pc,MessageBoxW-$-8] ;display message and exit
data import
dw RVA core_data,0,0,RVA core_name,RVA core_imports
dw 0,0,0,0,0
core_data:
dw 0x8000035A
dw 0
core_imports:
MessageBoxW dw 0x8000035A
dw 0
core_name db 'COREDLL.DLL',0
align 4
end data
Text du 'Hello WinCE world',0
Caption du 'ARM small PE',0
align 4 The core_data part was missing in imports, and MessageBoxW is 35A, not 359. now please explain those instructions a bit. |
|||
|
01 Jun 2006, 14:09 |
|
|
revolution
vid wrote: could you explain "crypty" things 'ldr pc,[pc,MessageBoxW-$-8]' will load PC with the value stored at MessageBoxW (the imported function) thus branching to the value it finds there for the next instruction. The return address is still in LR (we never altered it) so when MessageBoxW 'returns' with mov pc.lr it goes back to the originating OS function that started the process, thus ending our application. At least that is the theory for it all. Without testing I can't be sure that is what will happen, but it seems reasonable. NOTE: If our application was much larger then MessageBoxW might be too far{1} from PC to use relative addressing, in which case we have to store the address of MessageBoxW in a literal pool near the PC and load the address from there and subsequently load again the final destination into PC. That code looks something like this: Code: MBox: ldr r12,[pc] ;now R12=MessageBoxW ldr pc,[r12] ;now branch to imported function dw MessageBoxW {1}For LDR 'too far' means more than +-4095 bytes from PC. For ADD 'too far' means not encodeable with 8 significant bits or less. See the ARM manual for instruction encoding of immediate values, that will help you understand why such coding techniques are needed. |
|||
|
01 Jun 2006, 14:16 |
|
|
revolution
http://student.fiit.stuba.sk/~mocko04/TOSSOFF/ce_ordinals.txt wrote: .idata:00017D64 IMPORT MessageBoxW' vid wrote: (IDA_address - 17000h)/4 + 80000000h vid wrote: MessageBoxW is 35A, not 359.  |
|||
|
01 Jun 2006, 14:29 |
|
|
vid
revolution wrote: Hmm, what went wrong there? oh, i thought % counter for "times" starts with 0, but it starts with 1. So it +1 each time, i will correct it. Last edited by vid on 01 Jun 2006, 15:12; edited 1 time in total |
|||
|
01 Jun 2006, 14:39 |
|
| Goto page Previous 1, 2, 3 ... 5, 6, 7 ... 30, 31, 32 Next < Last Thread | Next Thread > |
Forum Rules:
|