Author Topic: NEW to 32 bit MASM First time Post  (Read 4351 times)

ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
NEW to 32 bit MASM First time Post
« on: June 01, 2014, 08:08:37 AM »
GE all,
  New to 32 Bit MASM and the forum.  I have been looking around and I have hopes of contributing some.
ALthought I am new to 32 bit programming I am not a new programmer and have programmed in 16 bit ASM and C.  Most of the programs I have written operate below the operating system and manipulate INT 32 or access a port such as 1F7 and the hard drive buffers. Back then I was writing program that allowed me to do computer forensics and thought it was the neatest thing.. many of the programs were written with Turbo C or Turbo ASM.

As soon as I get the hang of 32bit ASM I will be looking to write asm routines for inline assembly in C++ programs so that I can again access the hardware level with C.. Evidently Microsoft has decided they dont want anyone doing that now.. go figure.

In any even thanks to the forum owner and the admins for their hard work this looks like a super place to learn

ROBOSPOOK

jj2007

  • Member
  • *****
  • Posts: 7756
  • Assembler is fun ;-)
    • MasmBasic
Re: NEW to 32 bit MASM First time Post
« Reply #1 on: June 01, 2014, 10:28:35 AM »
manipulate INT 32

Hi robospook,

Welcome to the Forum :icon14:

Are you sure that interrupts work in Win32 userland?

ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
Re: NEW to 32 bit MASM First time Post
« Reply #2 on: June 01, 2014, 11:23:07 AM »
actually I am not sure about access to interrupts.  I know its not easy in C and probably Basic but I suspect you can access it in ASM as long as you don't invoke any of the windows functions and just use straight ASM... we shall see as I gain experience


and thanks for the reply

dedndave

  • Member
  • *****
  • Posts: 8751
  • Still using Abacus 2.0
    • DednDave
Re: NEW to 32 bit MASM First time Post
« Reply #3 on: June 01, 2014, 01:28:40 PM »
welcome to the forum   :t

INT 32 ?
you probably meant INT 13h
the software interrupt is a 16-bit DOS mechanism
won't work for win32

if you want to continue working on low-level drive code, you have a few hurdles to overcome
to perform direct hardware I/O, i suspect you'll need some sort of "kernel mode driver"
not sure you really need to do direct I/O, though
it's a bit of a pain in the ass, with WHQL
you'll have a lot of reading to do on NTFS drives, namespace objects, ACL, and so on

start out with some basic win32 code, first - then worry about drives

Gunther

  • Member
  • *****
  • Posts: 3517
  • Forgive your enemies, but never forget their names
Re: NEW to 32 bit MASM First time Post
« Reply #4 on: June 01, 2014, 07:21:13 PM »
Hi ROBOSPOOK,

welcome to the forum. Interrupt manipulating won't work under Windows. Download the MASM32 package. It contains a lot of help files, examples and tutorials. Good luck.

Gunther
Get your facts first, and then you can distort them.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4934
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: NEW to 32 bit MASM First time Post
« Reply #5 on: June 01, 2014, 08:18:39 PM »
Hi Robo,

When the OS design changed from 16 bit real mode DOS the functionality contained in the two main system files, MSDOS.SYS and IO.SYS which was normally accessed by interrupts was replaced by functionality in the Window API functions which are also system files, its just that they are part of a different system that is much larger and for what its worth, much more powerful.

The address range for 16 bit was no longer valid as the addressing changed from 16 bit to 32 bit, a shift from 1 meg addressing to 4 gig addressing. Direct hardware access is excluded by the operating system design and it was done for a reason, in the DOS days you had different techniques for every different form of hardware where under a modern protected mode operating system the hardware is abstracted so that the interface is uniform across many different hardware forms.

Where once you loaded the address of data into registers then called a DOS interrupt to write to disk, now you directly call a Windows API to write to disk, the logic is the same but the interface is different.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Vortex

  • Member
  • *****
  • Posts: 1733
Re: NEW to 32 bit MASM First time Post
« Reply #6 on: June 02, 2014, 04:11:26 AM »
Hello Robospook,

Welcome to the forum.

ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
Re: NEW to 32 bit MASM First time Post
« Reply #7 on: June 02, 2014, 01:04:53 PM »
dedndave,
   Yes I meant INT 13   But thanks for pointing out my error.

Hutch--
  I hear what your saying and knew most of it Hutch but there is still some of this I am missing..  How do you get in to RING 0 to manipulate the hardware directly.  It must be able to be done otherwise you could not write drivers for the hardware and we all know people are doing that. 

Let me make my intentions clear.. so that you don't think I am a quack or doing something that is not appropriate... In a past life I worked in the computer forensics arena and created a lot of tools that.. you guessed it... wont work now because they are 16 bit programs.  SOOOO I want to redo them in 32 bit/64 bit assembly and C.. probably mixed mode meaning C with inline asm or linkable modules of asm that are called when needed. 

So I intend to read raw sectors so that I can rebuild sector level data structures like absolute sector 1 on the disk.  Or be able to manually walk the directory chain and look for anomalies.... or even to a total ... forensic/government overwrite of all disk sectors.

So there is where I am headed.. and before you say it... I have a large learning curve ahead of me because this is 32 bit and not 16 bit code anymore but I am retired and have some medical problems that prevent me from working in the real world so this is a way to keep my mind occupied and off of my problems.

Thanks for the help and encouragement guys


ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
Re: NEW to 32 bit MASM First time Post
« Reply #8 on: June 02, 2014, 01:09:02 PM »
geee I almost forgot the most important question
If your right and I can not access interrupts.. then how do I find out all the gory details about the methods to access raw sectors.. what file or what site or who knows.. etc..

R

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4934
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: NEW to 32 bit MASM First time Post
« Reply #9 on: June 02, 2014, 01:14:23 PM »
Hi Robo,

It sounds like you need to be able to work in driver development. If you have a good climb over the available ring3 API functions you can get some of what you want done but ring0 access is only available at the driver level. It used to be easier but more and more true low level methods have been closed off because of the idiot fringe who write viruses and trojans. In Win64 OS versions, (Win7 64 bit and 64 bit Win8) the drivers are 64 bit and generally written in C/C++ and they usually require Microsoft libraries as well to get them built.

ASM code has less to do with hardware access these days in Win32 and Win64 than it had back in the DOS days, the main gain in asm code is performance and algorithm design where freedom from compiler assumptions allow you to design more or less what you want. It would be very rare these days to see drivers written in asm as there is no real gain in access or performance.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
Re: NEW to 32 bit MASM First time Post
« Reply #10 on: June 02, 2014, 01:28:01 PM »
well damn er a I mean darn.. but now we know why the stupid drivers are so bloated!  What is a guy to do?  Hummmm  ok but I am convinced that there is still a way to do it in asm even if you have to write some kind of driver in C... Oh geeze I hate visual C++  it is so crappy. 

Anyhow thanks for the info Hutch.. I can see this is going to be a long process.. and I had such beautiful programs in 16 bit C too.. oh well..


sinsi

  • Member
  • *****
  • Posts: 1006
Re: NEW to 32 bit MASM First time Post
« Reply #11 on: June 02, 2014, 01:39:16 PM »
Welcome!
It's easy enough to get direct access to a physical drive or a volume from user land,with a couple of things to remember - for a few functions you will need admin access (especially writing low-level to disks) and it can be tricky to lock a disk for exclusive access (because of multitasking), in particular the Windows system volume.
I can walk on water but stagger on beer.

ROBOSPOOK

  • Regular Member
  • *
  • Posts: 25
Re: NEW to 32 bit MASM First time Post
« Reply #12 on: June 02, 2014, 02:05:34 PM »
sinsi,
  How easy .. can you point me in the correct direction.. a web site or something?  I am a like the proverbial fish... sorta out of water here. 

THanks

Gee this is a really great site

sinsi

  • Member
  • *****
  • Posts: 1006
Re: NEW to 32 bit MASM First time Post
« Reply #13 on: June 02, 2014, 02:35:47 PM »
Look on MSDN for CreateFile. I don't really have a simple example but here's one I was playing around with for copying a CD/DVD.
This is the old original code - I was also looking at error messages and threading so it's a bit of a mess.
I can walk on water but stagger on beer.

MichaelW

  • Global Moderator
  • Member
  • *****
  • Posts: 1209
Re: NEW to 32 bit MASM First time Post
« Reply #14 on: June 02, 2014, 04:08:54 PM »
There is an example here that reads the master boot record and boot sector.
Well Microsoft, here’s another nice mess you’ve gotten us into.