flat assembler
Message board for the users of flat assembler.
Index
> Macroinstructions > somewhat complex masm struct Goto page 1, 2 Next |
Author |
|
vid 20 Apr 2006, 21:07
i think you should also post declarations of inner structures, no?
|
|||
20 Apr 2006, 21:07 |
|
okasvi 20 Apr 2006, 21:22
vid wrote: i think you should also post declarations of inner structures, no? that was just example, and beleive me, almost every structure references to another... i'd have to post like 10pages of structs to get it all here http://www.freewebs.com/four-f/ for full kit with all includes btw. im not asking for anyone to get me struct that compiles, just to show what kind of compromises i need to do to get it working... (tho, i would be more than happy if someone decides to help me converting KmdKit for fasm ) _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
20 Apr 2006, 21:22 |
|
shism2 21 Apr 2006, 01:10
What the heck man ... you come back and don't even tell me?
|
|||
21 Apr 2006, 01:10 |
|
madmatt 21 Apr 2006, 02:14
Here is my stab at the conversion. You'll need to convert all the sub-structs If you havn't already. Some of them look like kernel structs.
Here it is. Code: struct _IRP ; sizeof = 70h _Type dw ? ; 00h (original field name Type) _Size dw ? ; 02h (original field name Size) MdlAddress dd ? ; 04h PMDL Flags dd ? ; 08h union AssociatedIrp MasterIrp dd ? ; 0Ch PIRP IrpCount dd ? ; 0Ch SystemBuffer dd ? ; 0Ch ends ; AssociatedIrp ThreadListEntry LIST_ENTRY ; 10h IoStatus IO_STATUS_BLOCK ; 18h RequestorMode db ? ; 20h KPROCESSOR_MODE PendingReturned db ? ; 21h BOOLEAN StackCount db ? ; 22h CurrentLocation db ? ; 23h Cancel db ? ; 24h BOOLEAN CancelIrql db ? ; 25h KIRQL ApcEnvironment db ? ; 26h AllocationFlags db ? ; 27h UserIosb PIO_STATUS_BLOCK ; 28h UserEvent PKEVENT ; 2Ch union Overlay ; 30h struct AsynchronousParameters ; 30h UserApcRoutine dd ? ; 30h PIO_APC_ROUTINE UserApcContext dd ? ; 34h ends ; AsynchronousParameters AllocationSize dq ? ;(LARGE_INTEGER) 30h ends ; Overlay CancelRoutine dd ? ; 38h PDRIVER_CANCEL UserBuffer dd ? ; 3Ch union Tail ; 40h struct Overlay ; 40h union DeviceQueueEntry KDEVICE_QUEUE_ENTRY ; 40h struct DriverContext dd 4 dup(?) ; 40h ends ends Thread dd ? ; 50h PETHREAD AuxiliaryBuffer dd ? ; 54h struct ListEntry LIST_ENTRY ; 58h union CurrentStackLocation dd ? ; 60h PTR IO_STACK_LOCATION PacketType dd ? ; 60h ends ends OriginalFileObject PFILE_OBJECT ; 64h ends ; Overlay Apc KAPC ; 40h CompletionKey dd ? ; 40h ends ;Tail ends |
|||
21 Apr 2006, 02:14 |
|
okasvi 21 Apr 2006, 02:25
shism2 wrote: What the heck man ... you come back and don't even tell me? after i came back(in 15days like i told you) i hanged on msn for days didnt see you there and ive been active on boards also and even replied your topics, and been wondering that why are you so silent |: _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
21 Apr 2006, 02:25 |
|
okasvi 21 Apr 2006, 02:27
madmatt wrote: Here is my stab at the conversion. You'll need to convert all the sub-structs If you havn't already. Some of them look like kernel structs. yep they are does named unions work? i thought they didnt _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
21 Apr 2006, 02:27 |
|
madmatt 21 Apr 2006, 06:19
Your right. named union or named sub-structs don't work.
And, here we go again: Code: struct _IRP ; sizeof = 70h _Type dw ? ; 00h (original field name Type) _Size dw ? ; 02h (original field name Size) MdlAddress dd ? ; 04h PMDL Flags dd ? ; 08h union MasterIrp dd ? ; 0Ch PIRP IrpCount dd ? ; 0Ch SystemBuffer dd ? ; 0Ch ends ; AssociatedIrp ThreadListEntry LIST_ENTRY ; 10h IoStatus IO_STATUS_BLOCK ; 18h RequestorMode db ? ; 20h KPROCESSOR_MODE PendingReturned db ? ; 21h BOOLEAN StackCount db ? ; 22h CurrentLocation db ? ; 23h Cancel db ? ; 24h BOOLEAN CancelIrql db ? ; 25h KIRQL ApcEnvironment db ? ; 26h AllocationFlags db ? ; 27h UserIosb PIO_STATUS_BLOCK ; 28h UserEvent PKEVENT ; 2Ch union ; 30h struct ; 30h UserApcRoutine dd ? ; 30h PIO_APC_ROUTINE UserApcContext dd ? ; 34h ends ; AsynchronousParameters AllocationSize dq ? ;(LARGE_INTEGER) 30h ends ; Overlay CancelRoutine dd ? ; 38h PDRIVER_CANCEL UserBuffer dd ? ; 3Ch union ; 40h struct ; 40h union DeviceQueueEntry KDEVICE_QUEUE_ENTRY ; 40h struct DriverContext dd 4 dup(?) ; 40h ends ends Thread dd ? ; 50h PETHREAD AuxiliaryBuffer dd ? ; 54h struct ListEntry LIST_ENTRY ; 58h union CurrentStackLocation dd ? ; 60h PTR IO_STACK_LOCATION PacketType dd ? ; 60h ends ends OriginalFileObject PFILE_OBJECT ; 64h ends ; Overlay Apc KAPC ; 40h CompletionKey dd ? ; 40h ends ;Tail ends |
|||
21 Apr 2006, 06:19 |
|
Madis731 21 Apr 2006, 07:17
I love your enthusiasm - you remind me of Steven Segal in a movie - he won't get *good* aswers from a bad guy so he gives one more go , saying: "Here we go again!".
and here you GO - the testcase: Code: include 'macro/struct.inc' struct LIST_ENTRY ;Seems funny that structs are named as constants dummy rd 1 ends struct IO_STATUS_BLOCK dummy rd 1 ends struct PIO_STATUS_BLOCK dummy rd 1 ends struct PKEVENT dummy rd 1 ends struct KDEVICE_QUEUE_ENTRY dummy rd 1 ends struct PFILE_OBJECT dummy rd 1 ends struct KAPC dummy rd 1 ends struct _IRP ; sizeof = 70h _Type dw ? ; 00h (original field name Type) _Size dw ? ; 02h (original field name Size) MdlAddress dd ? ; 04h PMDL Flags dd ? ; 08h union MasterIrp dd ? ; 0Ch PIRP IrpCount dd ? ; 0Ch SystemBuffer dd ? ; 0Ch ends ; AssociatedIrp ThreadListEntry LIST_ENTRY ; 10h IoStatus IO_STATUS_BLOCK ; 18h RequestorMode db ? ; 20h KPROCESSOR_MODE PendingReturned db ? ; 21h BOOLEAN StackCount db ? ; 22h CurrentLocation db ? ; 23h Cancel db ? ; 24h BOOLEAN CancelIrql db ? ; 25h KIRQL ApcEnvironment db ? ; 26h AllocationFlags db ? ; 27h UserIosb PIO_STATUS_BLOCK ; 28h UserEvent PKEVENT ; 2Ch union ; 30h struct ; 30h UserApcRoutine dd ? ; 30h PIO_APC_ROUTINE UserApcContext dd ? ; 34h ends ; AsynchronousParameters AllocationSize dq ? ;(LARGE_INTEGER) 30h ends ; Overlay CancelRoutine dd ? ; 38h PDRIVER_CANCEL UserBuffer dd ? ; 3Ch union ; 40h struct ; 40h union DeviceQueueEntry KDEVICE_QUEUE_ENTRY ; 40h struct DriverContext dd 4 dup(?) ; 40h ends ends Thread dd ? ; 50h PETHREAD AuxiliaryBuffer dd ? ; 54h struct ListEntry LIST_ENTRY ; 58h union CurrentStackLocation dd ? ; 60h PTR IO_STACK_LOCATION PacketType dd ? ; 60h ends ends OriginalFileObject PFILE_OBJECT ; 64h ends ; Overlay Apc KAPC ; 40h CompletionKey dd ? ; 40h ends ;Tail ends |
|||
21 Apr 2006, 07:17 |
|
okasvi 21 Apr 2006, 09:33
Thank you both for helpful replies
|
|||
21 Apr 2006, 09:33 |
|
madmatt 21 Apr 2006, 11:59
|
|||
21 Apr 2006, 11:59 |
|
okasvi 21 Apr 2006, 23:47
i thought it would be better not to open up a new thread...
this time its complex macro i have absolutely no idea how to convert that... i did take a look at EXITM in masm.hlp without really understanding anything Code: CTL_CODE MACRO DeviceType:=<0>, Function:=<0>, Method:=<0>, Access:=<0> EXITM %(((DeviceType) SHL 16) OR ((Access) SHL 14) OR ((Function) SHL 2) OR (Method)) ENDM it is used like this: Code: FILE_DEVICE_UNKNOWN equ 00000022h METHOD_BUFFERED equ 0 FILE_READ_ACCESS equ 1 ; file & pipe FILE_WRITE_ACCESS equ 2 ; file & pipe SOMETHING equ CTL_CODE(FILE_DEVICE_UNKNOWN, 800h, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) edit: i thought that i could use something like this: Code: SOMETHING equ (FILE_DEVICE_UNKNOWN shl 16) or ((FILE_READ_ACCESS or FILE_WRITE_ACCESS) shl 14) or (800h shl 14) or METHOD_BUFFERED would that work identically to macro? _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
21 Apr 2006, 23:47 |
|
madmatt 22 Apr 2006, 00:54
Found the C-version of the macro, this will make it easier for me to convert:
Code: #define CTL_CODE( DeviceType, Function, Method, Access ) ( \ ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \ ) And now the FASM version Code: macro CTL_CODE, DeviceType, Function, Method, Access { VALUE = (DeviceType shl 16) or (Access shl 14) or (Function shl 2) or (Method) } mov [var], VALUE |
|||
22 Apr 2006, 00:54 |
|
okasvi 22 Apr 2006, 06:26
(again,) Thanks alot
edit: eh, AGAIN I ran into something I cant solve myself... Code: ULONG sum=0; PULONG p=(PULONG)buf; int i; for (i=0;i<(int)(size/sizeof(ULONG));i++) sum+=p[i]; for (int j=0;j<(int)(size%sizeof(ULONG));j++) sum+=*((UCHAR*)&p[i]+j); size and buf are arguments for proc... i tried using .while but sum+=whatever got me confused, i++ = inc [i], right? is % = mod? |
|||
22 Apr 2006, 06:26 |
|
Borsuc 22 Apr 2006, 09:28
okasvi wrote: i tried using .while but sum+=whatever got me confused, i++ = inc [i], sum+=whatever is the same as add sum, whatever, but of course, you use registers. Or, if you prefer, it's the same as sum=sum+whatever i++ is inc [i], right. but shouldn't you use registers? % is mod, correct |
|||
22 Apr 2006, 09:28 |
|
okasvi 22 Apr 2006, 11:17
The_Grey_Beast wrote:
inc [i] etc. is just for easier understanding, i mean to see which one is which etc. i try to use regs.. edit: doesnt look good, im still tired as i just woke up: Code: push [buf] pop esi ;p xor ecx, ecx ; i mov edx, [_size] mov eax, 4 div edx ;size/4, im lost with div xor eax, eax ; sum .while ecx < edx add eax, [esi+ecx] ;eh? inc ecx .endw im not even sure if im dividing correctly _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
22 Apr 2006, 11:17 |
|
Borsuc 22 Apr 2006, 12:12
Hey, you can use shr instead of div since 4 is a power of 2 (2^2 = 4). so you can simply use shr edx, 2 and remove that mov eax, 4 line
|
|||
22 Apr 2006, 12:12 |
|
okasvi 22 Apr 2006, 12:21
thanks for good tip
edit: but would that work otherwise like supposed? (for first for()'s part...) |
|||
22 Apr 2006, 12:21 |
|
Borsuc 22 Apr 2006, 13:07
why not? it's correct.
personally, in C I usually don't use arrays, but rather something like "p+i", since it is more clear (i like to think low-level). tip for modulo: Modulus by power of 2 is also simple. For example, you want to do modulus with 4. You can use the "and" operator, like: "and size, 4-1". You have to put the -1, since that's how it works (note, only on powers of 2). of course, replace "size" with the register. in fact, modulus by power of 2 is: "a mod b = a and (b-1)", where b is a power of 2 number |
|||
22 Apr 2006, 13:07 |
|
Madis731 22 Apr 2006, 13:48
Hei,
Code: ; ULONG sum=0; ; PULONG p=(PULONG)buf; ; int i; ; for (i=0;i<(int)(size/sizeof(ULONG));i++) sum+=p[i]; ; for (int j=0;j<(int)(size%sizeof(ULONG));j++) sum+=*((UCHAR*)&p[i]+j); xor eax,eax ; sum mov esi,[buf] ; p xor ecx,ecx ; i round1: cmp ecx,[_size] jnc exitround1 add eax,[esi+ecx] xor edx,edx ; lets use edx as j mov edi,[_size] and edi,11b ; s%4 push esi ; We reassign esi because lea esi,[esi+ecx] ; [esi+ecx+edx] is not allowed round2: cmp edx,edi jnc exitround2 movzx ebx,byte[esi+edx] add eax,ebx add edx,1 jmp round2 exitround2: pop esi add ecx,4 ; usually a DWORD so =4 jmp round1 exitround1: buf dd another_buffer another_buffer rd 100 ; _size dd 4*100 or should it be: Code: xor eax,eax ; sum mov esi,[buf] ; p xor ecx,ecx ; i round1: cmp ecx,[_size] jnc exitround1 add eax,[esi+ecx] add ecx,4 ; usually a DWORD so =4 jmp round1 exitround1: xor edx,edx ; lets use edx as j mov edi,[_size] and edi,11b ; s%4 lea esi,[esi+ecx] ; We reassign esi because ; [esi+ecx+edx] is not allowed round2: cmp edx,edi jnc exitround2 lea ebx,[esi+edx] ;This version is when *(UCHAR*) is a pointer add eax,ebx add edx,1 jmp round2 exitround2: buf dd another_buffer another_buffer rd 100 ; _size dd 4*100 PS Would anyone be kind enough to decrypt this easy-to-read C-code for me: sum+=*((UCHAR*)&p[i]+j); I can see that if the size is not multiple of four like 7, they need to take care of the rest 3 bytes one-by-one. But the others add DWORDs, this one adds bytes why is this useful? &p[i] is the address of the buffer+index, but which takes place first, the "+"-sign, or the character pointer. And why is this additional pointer needed? Last edited by Madis731 on 22 Apr 2006, 14:34; edited 1 time in total |
|||
22 Apr 2006, 13:48 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.