flat assembler
Message board for the users of flat assembler.

Index > Main > The examples section

Goto page Previous  1, 2, 3, 4  Next
Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 14 Dec 2006, 21:42
allright, here is the finished (i hope) example. You can post it Tomasz.

arafael: what exactly is "lib/ld-linux.so.2"? Are you sure it doesn't need initialization, like Windoze's "libcmt.obj"?

Maybe we could also add instructions to dynamically link to win32 libc, and statically link to linux libc.

EDIT - nasty bug in example fixed. I was using STDCALL Embarassed Laughing

EDIT 2 - one more incosistency with signed/unsigned numbers fixed


Description:
Download
Filename: flibc.zip
Filesize: 2.72 KB
Downloaded: 834 Time(s)



Last edited by vid on 15 Dec 2006, 12:09; edited 6 times in total
Post 14 Dec 2006, 21:42
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 14 Dec 2006, 23:17
vid wrote:
allright, here is the finished (i hope) example. You can post it Tomasz.

arafael: what exactly is "lib/ld-linux.so.2"? Are you sure it doesn't need initialization, like Windoze's "libcmt.obj"?

Maybe we could also add instructions to dynamically link to win32 libc, and statically link to linux libc.


You can load libraries/modules during run-time with Linux aswell, using dlopen( ) if my memory serves me. Unless that requires libc, in which case there is probably an interrupt for it.

_________________
redghost.ca
Post 14 Dec 2006, 23:17
View user's profile Send private message AIM Address MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 14 Dec 2006, 23:46
no, i meant statical linking to libc for linux. But i think there is no reason to do that...
Post 14 Dec 2006, 23:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH 15 Dec 2006, 01:09
Follow up to detour_example.exe problem

RedGhost

Below are the disassembly of the functions in user32.dll for both Windows XP with and without SP2. As you can see
MessageBoxA calls MessageBoxExA which does the work. Unfortunately MessageBoxA can not be used in Windows XP without SP2.
I changed your example to point to MessageBoxExA and everything works as expected. Whether you want to change your code is up to you but it would be good if all worked. Great example, thank you very much.

Vid I think this thread needs it's own forum. Can you split all the different programs into there own threads. A lot of work I know but it's really needed as thing are already out of control in this thread.



Windows XP SP2

Code:
* Export: MessageBoxA, 01DD

77D8050B: 8BFF                 mov edi, edi
77D8050D: 55                   push ebp
77D8050E: 8BEC                 mov ebp, esp
...........


Export: MessageBoxExA, 01DE

77D8057D: 8BFF                 mov edi, edi
77D8057F: 55                   push ebp
77D80580: 8BEC                 mov ebp, esp
77D80582: 6AFF                 push FFFFFFFF
77D80584: FF7518               push dword ptr [ebp+18]
77D80587: FF7514               push dword ptr [ebp+14]
77D8058A: FF7510               push dword ptr [ebp+10]
77D8058D: FF750C               push dword ptr [ebp+0C]
77D80590: FF7508               push dword ptr [ebp+08]
77D80593: E8505A0100           call 77D95FE8
77D80598: 5D                   pop ebp
77D80599: C21400               ret 0014

77D8059C: 90                   nop 
77D8059D: 90                   nop 
77D8059E: 90                   nop 
77D8059F: 90                   nop 
77D805A0: 90                   nop 
    


Windows XP NO SP

Code:
* Export: MessageBoxA, 01DD

77D6ADD7: 833DC4D3D97700       cmp dword ptr [77D9D3C4], 00000000
77D6ADDE: 0F85377E0100         jne 77D82C1B

* Jump:
 77D82C33(C), 77D82C43(U) 

77D6ADE4: 6A00                 push 00000000
77D6ADE6: FF742414             push dword ptr [esp+14]
77D6ADEA: FF742414             push dword ptr [esp+14]
77D6ADEE: FF742414             push dword ptr [esp+14]
77D6ADF2: FF742414             push dword ptr [esp+14]
77D6ADF6: E803000000           call 77D6ADFE
77D6ADFB: C21000               ret 0010

* Call:
 77D6ADF6 

* Export: MessageBoxExA, 01DE

77D6ADFE: 55                   push ebp
77D6ADFF: 8BEC                 mov ebp, esp
77D6AE01: 6AFF                 push FFFFFFFF
77D6AE03: FF7518               push dword ptr [ebp+18]
77D6AE06: FF7514               push dword ptr [ebp+14]
77D6AE09: FF7510               push dword ptr [ebp+10]
77D6AE0C: FF750C               push dword ptr [ebp+0C]
77D6AE0F: FF7508               push dword ptr [ebp+08]
77D6AE12: E804000000           call 77D6AE1B
77D6AE17: 5D                   pop ebp
77D6AE18: C21400               ret 0014
    
Post 15 Dec 2006, 01:09
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 01:28
MichaelH: i can move releated posts to new thread in Windows section
Post 15 Dec 2006, 01:28
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH 15 Dec 2006, 01:53
OK


I think this idea of Thomasz is excellient. Wouldn't it be cool if we had a system like http://www.codeproject.com/ where you can vote on the value of articles/code?
Post 15 Dec 2006, 01:53
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 02:01
well, it's true that we still lack something for articles... you could post idea in feedback section
Post 15 Dec 2006, 02:01
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
arafel



Joined: 29 Aug 2006
Posts: 131
Location: Jerusalem, Israel
arafel 15 Dec 2006, 02:13
vid wrote:
what exactly is "lib/ld-linux.so.2"? Are you sure it doesn't need initialization, like Windoze's "libcmt.obj"?

ld-linux.so.2 is a default dynamic linker which initializes all the stuff need by the application. It's required for dynamically linked ELFs.
For static linking the '-static' switch (+ linking against crt0.o and such) will probably do the trick. Though I never did this directly with ld, so I am not sure about the exact command line.
Post 15 Dec 2006, 02:13
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 02:16
someone could write example using win32 SEH. I haven't seen such.
Post 15 Dec 2006, 02:16
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak 15 Dec 2006, 05:35
No more giving back...


Last edited by kohlrak on 07 Aug 2008, 15:04; edited 1 time in total
Post 15 Dec 2006, 05:35
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 15 Dec 2006, 05:46
MichaelH, thanks, but I polled about 30 people, from #fasm, to #CSharp, to #C and I could not find a single person with XP pre-SP2 (as it's highly unsafe), and the only other OS I could find was Windows 2000, so I added support for that. I updated the source to include disassembly from both versions and what it's been tested on, the only way to make it work for every kernel is via a length disassembly engine. Thanks for the post.

_________________
redghost.ca
Post 15 Dec 2006, 05:46
View user's profile Send private message AIM Address MSN Messenger Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 15 Dec 2006, 08:14
vid wrote:
someone could write example using win32 SEH. I haven't seen such.


FASM SEH example. Adds an exception handler, breakpoints, handles the exception and continues execution, then creates a fatal exception. The exception handler displays all the exception info to the user.

Edit: Updated to also create a hardware breakpoint with the Debug registers.
Edit: New thread http://board.flatassembler.net/topic.php?p=49484#49484


Description:
Download
Filename: seh_example.zip
Filesize: 3.5 KB
Downloaded: 882 Time(s)


_________________
redghost.ca


Last edited by RedGhost on 15 Dec 2006, 19:45; edited 4 times in total
Post 15 Dec 2006, 08:14
View user's profile Send private message AIM Address MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 11:55
thanks RedGhost.

I changed it slightly - added few comments, changed imports to ones using macros (importing without macros can be separate example more focusing on this), and changed formatting string for nicer output.

If you dislike any of changes just let me know, i will change it back.

by the way: what is "SetUnhandledExceptionFilter" to [fs:0] structure? is it same?


Description:
Download
Filename: seh.zip
Filesize: 3.13 KB
Downloaded: 856 Time(s)

Post 15 Dec 2006, 11:55
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 12:12
kohlrak: you have some misconception about "executable" flag in your example
Post 15 Dec 2006, 12:12
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 15 Dec 2006, 14:49
vid, I updated with the nicer text formatting, should have done from the start, thanks. I also added hardware breakpointing to one of the exception examples (Debug registers). About the imports, as Tomasz said in the start of the thread he wants examples on new things as well as other styles. My style uses no macros besides "struc", building the import table yourself produces the same result, and you see the exact generation, so this is my preference.

Yes [fs:$0] which is the start of the TEB contains the SEH chain which SetUnhandledExceptionFilter modifies. try / catch block override this filter. This is why AddVectoredExceptionHandler was introduced.

_________________
redghost.ca


Last edited by RedGhost on 15 Dec 2006, 16:15; edited 1 time in total
Post 15 Dec 2006, 14:49
View user's profile Send private message AIM Address MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 15:48
RedGhost: i thought that about imports. I just think that every example should focus on just one thing, and keep others simple (standard). But yes, it's your preference.
Post 15 Dec 2006, 15:48
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 18:10
tomasz: one more: http://board.flatassembler.net/topic.php?t=6371

it's mixing C and ASM. This has been questioned and answered many times, but there was no centralized info on this. So here is at least an example.
Post 15 Dec 2006, 18:10
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak 15 Dec 2006, 20:56
vid wrote:
kohlrak: you have some misconception about "executable" flag in your example


I put that in there the way that i saw the executable flag. Irregardless, it works just fine without the flag. And because of that, i really don't understand the point in the flag, and i consider it a hinderance if you want your variables to be in the same section (which i'm guession each seperate section counts as a seperage segment, so i'd personally prefer keeping it all one section to prevent having to use far pointers).
Post 15 Dec 2006, 20:56
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Dec 2006, 22:01
it works ON YOUR PROCESSOR! It might not work on different processor, which supports protecting page against execution.

Another misconception is that you need far pointer to access different section. No you don't. There are no far pointers at all in win32, it's flat model.
Post 15 Dec 2006, 22:01
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY 16 Dec 2006, 03:02
What about an examples/tutorials wiki for FASM?
Post 16 Dec 2006, 03:02
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.