flat assembler
Message board for the users of flat assembler.

Index > Windows > not compiling correctly

Author
Thread Post new topic Reply to topic
oobie-noobie



Joined: 01 Apr 2008
Posts: 10
oobie-noobie
Hi,

I was compiling this part of code through FASM
Code:
format PE GUI 4.0
entry start

include '%fasminc%\win32axp.inc'

section '.code' code readable executable

  start:
        mov     eax, 10
        imul    eax, sizeof.MY_INFO
        mov     [myPtr], eax
        mov     eax, [myPtr]
        push    dword 3
        pop     dword [my_array+eax+MY_INFO.data10]
        mov     ebx, 3
        cmp     ebx, 2
        jne     .notGood
        mov     dword [my_array+eax+MY_INFO.data11], TRUE
        jmp     @f
    .notGood:
        mov     dword [my_array+eax+MY_INFO.data11], FALSE
    @@:



section '.data' data readable writeable

struct MY_INFO
        data1           dd 0
        data2           dd 0
        data3           dd 0
        data4           db 0
        data5           db 0
        data6           db 0
        data7           db 0
        data8           dd 0
        data9           dd 0
        data10          dd 0
        data11          dd 0
ends                    

my_array      rb 256*sizeof.MY_INFO
myPtr         dd ?
    


and my app was running incorrectly.
On putting the app through a decompiler, the above code (without data) is compiled as
Code:
:00401000 mov eax, 0000000A
:00401005 imul eax, 00000020
:00401008 mov dword ptr [00404000], eax
:0040100D mov eax, dword ptr [00404000]
:00401012 push 00000003
:00401017 pop dword ptr [eax+00402018]
:0040101D mov ebx, 00000003
:00401022 cmp ebx, 00000002
:00401025 jne 00401033
:00401027 mov dword ptr [ebx+0040201C], 00000001
:00401031 jmp 0040103D
:00401033 mov dword ptr [ebx+0040201C], 00000000
    


so the reason for the app is misbehaving appears obvious.

Decompiled code line 401027 is
Code:
mov dword ptr [ebx+0040201C], 00000001
    

whereas my code was
Code:
mov     dword [my_array+eax+MY_INFO.data11], TRUE
    

and similarly for line 401033.

My code for these 2 lines has no reference to ebx, but the compiled code does. Question

Am I doing something wrong, or is there some sort of bug somewhere?

Many thanks
Post 11 Apr 2008, 22:23
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
I compile it have don't see and ebx reference in the disassembly.

Ollydbg 1.10d
Code:
00401000 >  B8 0A000000     MOV     EAX,0A
00401005    6BC0 20         IMUL    EAX,EAX,20
00401008    A3 00404000     MOV     [404000],EAX
0040100D    A1 00404000     MOV     EAX,[404000]
00401012    68 03000000     PUSH    3
00401017    8F80 18204000   POP     [DWORD EAX+402018]               ; kernel32.7C816FD7
0040101D    BB 03000000     MOV     EBX,3
00401022    83FB 02         CMP     EBX,2
00401025    75 0C           JNZ     SHORT junk.00401033
00401027    C780 1C204000 0>MOV     [DWORD EAX+40201C],1
00401031    EB 0A           JMP     SHORT junk.0040103D
00401033    C780 1C204000 0>MOV     [DWORD EAX+40201C],0    


Maybe your disassembler is buggy?
Post 11 Apr 2008, 22:42
View user's profile Send private message Visit poster's website Reply with quote
oobie-noobie



Joined: 01 Apr 2008
Posts: 10
oobie-noobie
sigh,

I think you may just be right revolution, I tried a few other permutations of the above, some have eax, others ebx.
Extremely hard to debug with a buggy debugger, lol.

If I can't locate what the bug I have is, I'll post more code later.

I'll have to give ollyDebug a go, I'm currently using W32Dasm and have never come across this problem before.

Thanks for your help Wink
Post 11 Apr 2008, 22:53
View user's profile Send private message Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent
Quote:

71 C7803D11400001+mov dword ptr [eax+0040113D],00000001

With my debugger opening the same kind of OpCodes, I find [EAX+...], as it is seen just above!
then FASM has COMPILED CORRECTLY the very powerfull 32 memory access
==> mov dword [my_array+eax+MY_INFO.data11], TRUE

That's why i am currently programming an ASM INTERPRETOR, so you could modify yourself the ASM INTERPRETOR, and the make interpretation be exactly as the "microprocessor" matching with your needs... But I don't know if intel will distribute your own version of the opcodes...
Post 11 Apr 2008, 23:00
View user's profile Send private message Visit poster's website Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
oobie-noobie wrote:
sigh,

I think you may just be right revolution, I tried a few other permutations of the above, some have eax, others ebx.
Extremely hard to debug with a buggy debugger, lol.

If I can't locate what the bug I have is, I'll post more code later.

I'll have to give ollyDebug a go, I'm currently using W32Dasm and have never come across this problem before.

Thanks for your help Wink


Hi oobie-noobie Smile ,
There also is another disassembler similar to olly debug (in my opinion better in many respects) called IDApro. They have just released Version 49 as freeware and can disassemble EXE, DLL, ETC. with upto sse2 instruction decoding. Here's the link: http://www.hex-rays.com/idapro/idadownfreeware.htm
Post 12 Apr 2008, 13:43
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Isn't "IDApro" bloated cow software? I've used it, and it's very useful. I just don't go for large software packages.
Post 12 Apr 2008, 15:55
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
IDA Pro is very good, maybe not as good as debugger, but definitive #1 for disasming
Post 12 Apr 2008, 17:01
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
AlexP wrote:
Isn't "IDApro" bloated cow software? I've used it, and it's very useful. I just don't go for large software packages.

Naaa. For all that it does, It's size is about what I'd expect it to be.
Post 13 Apr 2008, 12:22
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.