flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > Large address aware

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 13 Feb 2009, 10:06
Would it be beneficial to add a LARGEADDRESSAWARE switch to fasm 32bit PEs ?

In fact is there any reason why the flag could not be permanent by changing
Code:
;from FORMATS.INC
     mov dword [edx+16h],10B010Eh; flags and magic value
to
     mov       dword [edx+16h],10B012Eh; flags and magic value    
ie is there any reason our code should not be large address aware, will it break anything?
Post 13 Feb 2009, 10:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 13 Feb 2009, 11:11
I get no problems on my XP box with that.

Curiously, Olly does not know what the flag means, it just displays "20" and leaves it at that.
Post 13 Feb 2009, 11:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 13 Feb 2009, 13:23
I've done some searching around and found a number of applications that always use this flag. It seems that there is no downside to doing this. If you boot in 3GB mode then the flag is used, if you boot normally then the flag is ignored.

Although, not all versions of Windows support 3GB mode so if your app requires a large memory space then just putting this switch won't help you unless the user has also configured the OS for it.
Post 13 Feb 2009, 13:23
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8354
Location: Kraków, Poland
Tomasz Grysztar 13 Feb 2009, 13:37
Well, I think it won't do any harm to have this flag always on.
Post 13 Feb 2009, 13:37
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 13 Feb 2009, 14:55
Tomasz Grysztar wrote:
Well, I think it won't do any harm to have this flag always on.

It is harm! Think how much use jg instead of ja in their 32bit apps. That will be run under x64 with 4GiB of memory. The flas should be set on demand the same way like format PE... L_A_Aware or shorter just aware in header.

_________________
Any offers?
Post 13 Feb 2009, 14:55
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8354
Location: Kraków, Poland
Tomasz Grysztar 13 Feb 2009, 15:00
Well, I was not aware of people using JG when comparing addresses. Wink

But that's some point.
Post 13 Feb 2009, 15:00
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 13 Feb 2009, 15:27
Nobody needs to compare addresses like that. Windows still allocates memory at 0x7FFxxxxx for itself so it is not like you get a contiguous block of RAM to use that straddles the boundary to 0x80000000. You have to allocate separate regions to be able to use the high RAM. Doing an address comparison across different regions would not really make sense.
Post 13 Feb 2009, 15:27
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 13 Feb 2009, 22:10
Pushing the Limits of Windows: Virtual Memory
Quote:
Since the high bit of a pointer referencing an address below 2GB is always zero, they would use the high bit in their pointers as a flag for their own data, clearing it of course before referencing the data. If they ran with a 3GB address space they would inadvertently truncate pointers that have values greater than 2GB, causing program errors including possible data corruption.

So if you write your own code, you should be OK.

Quote:
That will be run under x64 with 4GiB of memory.

32-bit apps still only have 4G of addresses, so DLLs and stuff still get loaded below 4G - you could have 16TiB of RAM, but your 32-bit app still has a 32-bit address space.
Post 13 Feb 2009, 22:10
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 14 Feb 2009, 01:57
I have some code that uses spare bits in an address pointer to store data. But I've never used the high bits. The low bits (usually the lower two) are always zero for pointers to dword aligned structures and dword data. A simple masking can extract the lower data bits and/or the higher address bits.
Post 14 Feb 2009, 01:57
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 14 Feb 2009, 09:30
[q]32-bit apps still only have 4G of addresses, so DLLs and stuff still get loaded below 4G - you could have 16TiB of RAM, but your 32-bit app still has a 32-bit address space.[/q]
yes you are right.
[q]That will be run under x64 with 4GiB of memory.[/q]
it was about virtual memory availability to 32bit UM app.
Post 14 Feb 2009, 09:30
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 14 Feb 2009, 09:48
OK, but 32-bit apps work exactly the same under 64-bit windows, no matter where the actual 4KiB page comes from, but the app can only address 4Gib of address space.
I can't think of a time I've used 'jg' instead of 'ja' - signed dwords are (for me) a pain in the arse...
Post 14 Feb 2009, 09:48
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 14 Feb 2009, 13:06
4KiB, 2MiB or 1GiB pages.
Anyway this flag sould be set with caution to unsigned vs signed arithmetic with addresses. Good that you write right code, then you can set this flag for sure.
Post 14 Feb 2009, 13:06
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 14 Feb 2009, 18:48
So I guess as there is a very small chance it might cause problems it would be best to leave it as it is (not enabled) and those who code such that its not a problem could easily modify the package themselves to use it. Does that sound about right?
Post 14 Feb 2009, 18:48
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 14 Feb 2009, 18:57
Would it be too cumbersome to add a new directive or perhaps a new option to the assembler? Something like "format pe [gui|console] [version] [dll] [at address] [on file] [large]" (perhaps I'm missing some components but I think you can get the idea Wink)
Post 14 Feb 2009, 18:57
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 15 Feb 2009, 11:00
Do you mean something like this...

LAE= Large Address Enabled ???

Code:
;TABLES.INC
.
.
symbols_3:                                   ;3 character symbols
.
.
      db 'gui',1Bh,2
    db 'lae',1Bh,82h                      ;<-- add LAE symbol, is 82h free/okay?
   db 'mm0',10h,0B0h                     
.
.
    
Can change name LAE to something else if not liked

Code:
;FORMATS.INC
.
.
      pe_settings:
.
.
   cmp     al,80h
      je      dll_flag
    cmp     al,81h
      je      wdm_flag
    cmp     al,82h                          ;<-- check for LAE 
      je      lae_flag                        ;
   jmp     pe_settings
.
.
      wdm_flag:
        bts     [format_flags],9
    jc      setting_already_specified
   jmp     pe_settings
      lae_flag:                                      ;<--
     bts     [format_flags],13               ;is bit 13 free/okay ?
      jc      setting_already_specified       ;
   jmp     pe_settings      
      subsystem_setting:
.
.
 mov     dword [edx+14h],0E0h    ; size of optional header
   mov     dword [edx+16h],10B010Eh; flags and magic value
     mov     eax,[format_flags]              ;<--
     and     eax, 1 shl 13                   ;    ugly code by
   or      byte [edx+16h],ah               ;    alphonso the butcher !
 mov     eax,[image_base]                ;
.
.
    
...In that case I really think it should be up to Tomasz how it should be done.

PS don't be surprised if the above code breaks something or does not work. Wink

EDIT : Forgot to add, use as for example
Code:
format PE GUI 4.0 LAE 
entry start 
.
.    


Last edited by Alphonso on 15 Feb 2009, 11:05; edited 1 time in total
Post 15 Feb 2009, 11:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 15 Feb 2009, 11:04
Alphonso: Good job. I like it when people are prepared to look into the source to see how things work.

One thing we need to convince Tomasz of is to use symbolic constants. Wink
Post 15 Feb 2009, 11:04
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 15 Feb 2009, 15:15
Yep, good one Alphonso.
Thanks Very Happy
Post 15 Feb 2009, 15:15
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8354
Location: Kraków, Poland
Tomasz Grysztar 19 Feb 2009, 10:37
revolution wrote:
If you boot in 3GB mode then the flag is used, if you boot normally then the flag is ignored.

The flag appears also to be used in WoW64 - well, it seemed quite obvious.
And in WoW64 your application may actually get to use the whole 4 GB space, not only 3 GB.

So you have any suggestions for the name of the flag? Maybe something like "largeaddr"?
Post 19 Feb 2009, 10:37
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 21 Feb 2009, 10:42
Judging by the responses it looks as if its going to be left up to you Tomasz Wink
Post 21 Feb 2009, 10:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20344
Location: In your JS exploiting you and your system
revolution 21 Feb 2009, 14:46
The name is not really important. So sure, that suggestion is fine.
Post 21 Feb 2009, 14:46
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.