flat assembler
Message board for the users of flat assembler.
Index
> Windows > NtDelayExecution |
Author |
|
asmrox 08 Feb 2008, 15:16
how sould be made call to NtDelayExecution?
I tried many ways - didnt work. |
|||
08 Feb 2008, 15:16 |
|
revolution 08 Feb 2008, 15:21
Check out my website for info on NtDelayExecution
|
|||
08 Feb 2008, 15:21 |
|
asmrox 10 Feb 2008, 01:03
2nt argument is a pointer
Code: format pe console section '.code' code readable executable writeable push large_integer push 0 call [NtDelayExecution] retn large_integer dq -1 section '.idata' import data readable dd 0,0,0,RVA ntdll_name,RVA ntdll_table dd 5 dup 0 ntdll_table: NtDelayExecution dd RVA _NtDelayExecution dd 0 ntdll_name db 'ntdll.dll',0 _NtDelayExecution db 0,0,'NtDelayExecution',0 return 0x80000002 and no sleep |
|||
10 Feb 2008, 01:03 |
|
Goplat 10 Feb 2008, 03:07
0x80000002 is STATUS_DATATYPE_MISALIGNMENT in ntstatus.h. Try aligning your LARGE_INTEGER to 8 bytes. (Windows NT used to run on multiple kinds of processors and some of them required data alignment, so it's likely that there is still some alignment-checking code in the kernel.)
|
|||
10 Feb 2008, 03:07 |
|
Alphonso 10 Feb 2008, 08:01
asmrox wrote: 2nt argument is a pointer Having a bit of a guess here, but it seems to me... 1. Delay appears to be in 100nS units, a windows thing ? 2. You need to use Two's Complement Negation for your 'large_integer', sounds like fun ! 3. You appear to want an infinite wait (-1), for that you need 8000000000000000h unlike -1 used with SleepEx. 4. Data needs to be aligned. Thanks Goplat. so... Code: neg dword [large_integer] adc dword [large_integer+4],0 neg dword [large_integer+4] ;Two's Complement Negation of large_integer push large_integer push 0 call [NtDelayExecution] retn ;I used invoke NtDelayExecution,0,large_integer ;to test etc... align 4 ;might be better to use Goplat's Align 8 here large_integer dq 50000000 ;5 seconds in 100nS units ;large_integer dq 8000000000000000h ;if you want infinite EDIT: Should add if your going to use a constant delay ie 2 Secs you can just get fasm to do the work for you.. Code: delay=20000000 ;2 seconds large_integer dq (not delay)+1 |
|||
10 Feb 2008, 08:01 |
|
asmrox 10 Feb 2008, 19:28
it work, thx. But its soo complicated, i think i stay with kernel32.
|
|||
10 Feb 2008, 19:28 |
|
f0dder 10 Feb 2008, 19:36
asmrox wrote: it work, thx. But its soo complicated, i think i stay with kernel32. Why did you even consider the ntdll version? _________________ - carpe noctem |
|||
10 Feb 2008, 19:36 |
|
asmhack 10 Feb 2008, 21:47
f0dder wrote:
it's more imba hehehe |
|||
10 Feb 2008, 21:47 |
|
f0dder 10 Feb 2008, 23:07
"imba"?
|
|||
10 Feb 2008, 23:07 |
|
asmhack 10 Feb 2008, 23:31
imbalanced
|
|||
10 Feb 2008, 23:31 |
|
asmrox 11 Feb 2008, 01:10
1. why i have to use alginment
2. why if i place it in another section i dont have to use alginment 3. wy i have to set CF (adc)? |
|||
11 Feb 2008, 01:10 |
|
vid 11 Feb 2008, 01:55
1. you should always align data on address divisible by it's size (eg dwords on 4, qwords on 8).
2. because sections in memory are automatically aligned to some pretty high value 3. ADC doesn't set CF. Grab CPU manual (http://x86asm.net/links/) and study what ADC does. You might also want to read my recent article to understand working with 64bit numbers: http://x86asm.net/articles/working-with-big-numbers-using-x86-instructions/index.html |
|||
11 Feb 2008, 01:55 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.