x64 Input question

[vogelsang]

I have written x64 code, that takes input from user it is based on masm32 StdIn procedure(watched it under olly). I have complied it with ml64 and it works but i'm not sure is everything fine. I don't know system inside. I need to be certain, that it's OK. Could some one look at it?

Code: [Select]

includelib /masm64/lib/kernel32.lib
includelib /masm64/lib/user32.lib

WriteConsoleA proto :ptr, :ptr, :dword, :ptr, :dword
ReadConsoleA proto :ptr, :ptr, :dword, :ptr, :dword
GetStdHandle  proto :dword
ExitProcess    proto :dword
SetConsoleMode proto :dword, :dword
ReadFile proto :dword, :dword,  :dword, :dword

STD_OUTPUT_HANDLE equ -11
STD_INPUT_HANDLE equ -10

.data
tMsg db "Hello x64 world",13,10
.data?
btText db 4 dup (?)
hStdOut dq ?
hStdIn dq ?
qWritten dq ?
qRead dq ?
.code
start proc
mov rax, 1
mov rax,2

mov rcx, STD_OUTPUT_HANDLE
call GetStdHandle
mov hStdOut, rax

mov rcx, rax
mov rdx, offset tMsg
mov r8, lengthof tMsg
mov r9, offset qWritten
mov qword ptr [rsp + 8 * 4], 0
call WriteConsoleA

mov rcx, STD_INPUT_HANDLE
call GetStdHandle
mov hStdIn, rax

mov rcx, rax
mov rdx, 7 ;ENABLE_ECHO_INPUT or ENABLE_LINE_INPUT or ENABLE_PROCESSED_INPUT
call SetConsoleMode

mov rcx, hStdIn
mov rdx, offset btText
mov r8, sizeof btText
mov r9, offset qRead
mov qword ptr [rsp + 8 * 4], 0 ;Is it fifth proc arg???
call ReadFile

mov rcx, hStdOut
mov rdx, offset btText
mov r8, sizeof btText
mov r9, offset qWritten
mov qword ptr [rsp + 8 * 4], 0
call WriteConsoleA

xor rcx, rcx
call ExitProcess

start endp
end

and other question:

mov   qword ptr [rsp + 8 * 4], 0

is it fifth arg of WriteConsoleA?

thanks in advance

[qWord]

The allocation of the 5 stack arguments + alignment is missing. Also the prototypes are formally wrong: the handles are declared as DWORDs, instead of QWORDs. The rest look OK.

Other thoughts: XOR ECX,ECX == XOR RCX,RCX , the first one is shorter and formal correct.
EDIT: the same for some other moves. e.g. mov rcx, STD_OUTPUT_HANDLE

[vogelsang]

Other thoughts: XOR ECX,ECX == XOR RCX,RCX , the first one is shorter and formal correct.
EDIT: the same for some other moves. e.g. mov rcx, STD_OUTPUT_HANDLE

that means that for function is important low half of e.g. RCX not the whole reg?

[qWord]

that means that for function is important low half of e.g. RCX not the whole reg?

(theoretically) yes. However, as said, there is not difference because 32 bit results (of an operation) are zero extended to 64 bit in registers.
Therefore MOV rax,imm32 is equal to mov eax,imm32.

[vogelsang]

thanks qWord for explaining it. I'm new to x64. Good to know.

[qWord]

sorry, a small mistake in the last post: MOV rax,imm32 is signed extended and not zero extended. However, for XOR and most other instruction it applies.