flat assembler
Message board for the users of flat assembler.

Index > Windows > what the hell is STATUS_DATATYPE_MISALIGNMENT ?!

Author
Thread Post new topic Reply to topic
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 19 Apr 2008, 00:48
why it return me 80000002?
whats aligment, why it is?
Code:
format pe console
section '' readable executable
push eax
mov ebp,esp
mov eax,0x7A;ZwOpenThread
push CLIENT_ID
push OBJECT_ATTRIBUTES
push 0x001F0FFF
push ebp
mov edx,esp
int 0x2E
push dword [ebp]
push eax
push f
call [printf]
add esp,32
ret
f db 'Returned: %p',13,10,'Handle: %p',13,10,0
OBJECT_ATTRIBUTES:
dd 24,0,0,0,0,0,0,0
CLIENT_ID:
dd 1384;this is correct
dd 0
section '' import readable
dd 0,0,0,RVA msvcrt_name, RVA msvcrt_table
dd 0,0,0,0,0
msvcrt_table:
printf dd RVA _printf
dd 0
msvcrt_name db 'msvcrt.dll',0
_printf db 0,0,'printf',0    
Post 19 Apr 2008, 00:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 19 Apr 2008, 01:07
You are using int 0x2e, an undocumented interface to the OS. So how do you expect us to help you? I don't think there are any MS kernel programmers on this board.
Post 19 Apr 2008, 01:07
View user's profile Send private message Visit poster's website Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 19 Apr 2008, 02:03
i used int cuz im too lazy to import from ntdll.
when i modify EFL (xor eax,eax) it works fine.
I wana know whats this magic alginment
Post 19 Apr 2008, 02:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 19 Apr 2008, 02:17
asmrox wrote:
... im too lazy ...
But you expect help from others? The mind boggles.

ntdll is also an undocumented interface. If you want to use the standard kernel32 (or any documented) interface then you will have a much higher chance of finding help for your problem.
Post 19 Apr 2008, 02:17
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 19 Apr 2008, 07:20
asmrox you're smart enough to use 2eh|sysenter but not enough to align structures as last error demands... verdict return to 'hello world'.
PS your trojan must die.
Post 19 Apr 2008, 07:20
View user's profile Send private message Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 20 Apr 2008, 01:03
i still dont know whats align and why to do that =/
Post 20 Apr 2008, 01:03
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4330
Location: Now
edfed 20 Apr 2008, 01:13
align is due to the bus width of the µP

if the data bus width is 16 bits for example, reading a dword(32) will take 2 read cycles. one for the first part (16), and one for the second (16)part...

if the data is 2 bytes (16), and aligned on the bus, it will take only one (16) read cycle.

and if the data is 2 bytes(16) but misaligned, it will take 2 read (8 + Cool cycles.

ask to the web site of revolution, it will explain better than me.
Post 20 Apr 2008, 01:13
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.