News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

NEW to 32 bit MASM First time Post

Started by ROBOSPOOK, June 01, 2014, 08:08:37 AM

Previous topic - Next topic

ROBOSPOOK

GE all,
  New to 32 Bit MASM and the forum.  I have been looking around and I have hopes of contributing some.
ALthought I am new to 32 bit programming I am not a new programmer and have programmed in 16 bit ASM and C.  Most of the programs I have written operate below the operating system and manipulate INT 32 or access a port such as 1F7 and the hard drive buffers. Back then I was writing program that allowed me to do computer forensics and thought it was the neatest thing.. many of the programs were written with Turbo C or Turbo ASM.

As soon as I get the hang of 32bit ASM I will be looking to write asm routines for inline assembly in C++ programs so that I can again access the hardware level with C.. Evidently Microsoft has decided they dont want anyone doing that now.. go figure.

In any even thanks to the forum owner and the admins for their hard work this looks like a super place to learn

ROBOSPOOK

jj2007

Quote from: ROBOSPOOK on June 01, 2014, 08:08:37 AMmanipulate INT 32

Hi robospook,

Welcome to the Forum :icon14:

Are you sure that interrupts work in Win32 userland?

ROBOSPOOK

actually I am not sure about access to interrupts.  I know its not easy in C and probably Basic but I suspect you can access it in ASM as long as you don't invoke any of the windows functions and just use straight ASM... we shall see as I gain experience


and thanks for the reply

dedndave

welcome to the forum   :t

INT 32 ?
you probably meant INT 13h
the software interrupt is a 16-bit DOS mechanism
won't work for win32

if you want to continue working on low-level drive code, you have a few hurdles to overcome
to perform direct hardware I/O, i suspect you'll need some sort of "kernel mode driver"
not sure you really need to do direct I/O, though
it's a bit of a pain in the ass, with WHQL
you'll have a lot of reading to do on NTFS drives, namespace objects, ACL, and so on

start out with some basic win32 code, first - then worry about drives

Gunther

Hi ROBOSPOOK,

welcome to the forum. Interrupt manipulating won't work under Windows. Download the MASM32 package. It contains a lot of help files, examples and tutorials. Good luck.

Gunther
You have to know the facts before you can distort them.

hutch--

Hi Robo,

When the OS design changed from 16 bit real mode DOS the functionality contained in the two main system files, MSDOS.SYS and IO.SYS which was normally accessed by interrupts was replaced by functionality in the Window API functions which are also system files, its just that they are part of a different system that is much larger and for what its worth, much more powerful.

The address range for 16 bit was no longer valid as the addressing changed from 16 bit to 32 bit, a shift from 1 meg addressing to 4 gig addressing. Direct hardware access is excluded by the operating system design and it was done for a reason, in the DOS days you had different techniques for every different form of hardware where under a modern protected mode operating system the hardware is abstracted so that the interface is uniform across many different hardware forms.

Where once you loaded the address of data into registers then called a DOS interrupt to write to disk, now you directly call a Windows API to write to disk, the logic is the same but the interface is different.

Vortex

Hello Robospook,

Welcome to the forum.

ROBOSPOOK

dedndave,
   Yes I meant INT 13   But thanks for pointing out my error.

Hutch--
  I hear what your saying and knew most of it Hutch but there is still some of this I am missing..  How do you get in to RING 0 to manipulate the hardware directly.  It must be able to be done otherwise you could not write drivers for the hardware and we all know people are doing that. 

Let me make my intentions clear.. so that you don't think I am a quack or doing something that is not appropriate... In a past life I worked in the computer forensics arena and created a lot of tools that.. you guessed it... wont work now because they are 16 bit programs.  SOOOO I want to redo them in 32 bit/64 bit assembly and C.. probably mixed mode meaning C with inline asm or linkable modules of asm that are called when needed. 

So I intend to read raw sectors so that I can rebuild sector level data structures like absolute sector 1 on the disk.  Or be able to manually walk the directory chain and look for anomalies.... or even to a total ... forensic/government overwrite of all disk sectors.

So there is where I am headed.. and before you say it... I have a large learning curve ahead of me because this is 32 bit and not 16 bit code anymore but I am retired and have some medical problems that prevent me from working in the real world so this is a way to keep my mind occupied and off of my problems.

Thanks for the help and encouragement guys


ROBOSPOOK

geee I almost forgot the most important question
If your right and I can not access interrupts.. then how do I find out all the gory details about the methods to access raw sectors.. what file or what site or who knows.. etc..

R

hutch--

Hi Robo,

It sounds like you need to be able to work in driver development. If you have a good climb over the available ring3 API functions you can get some of what you want done but ring0 access is only available at the driver level. It used to be easier but more and more true low level methods have been closed off because of the idiot fringe who write viruses and trojans. In Win64 OS versions, (Win7 64 bit and 64 bit Win8) the drivers are 64 bit and generally written in C/C++ and they usually require Microsoft libraries as well to get them built.

ASM code has less to do with hardware access these days in Win32 and Win64 than it had back in the DOS days, the main gain in asm code is performance and algorithm design where freedom from compiler assumptions allow you to design more or less what you want. It would be very rare these days to see drivers written in asm as there is no real gain in access or performance.

ROBOSPOOK

well damn er a I mean darn.. but now we know why the stupid drivers are so bloated!  What is a guy to do?  Hummmm  ok but I am convinced that there is still a way to do it in asm even if you have to write some kind of driver in C... Oh geeze I hate visual C++  it is so crappy. 

Anyhow thanks for the info Hutch.. I can see this is going to be a long process.. and I had such beautiful programs in 16 bit C too.. oh well..


sinsi

Welcome!
It's easy enough to get direct access to a physical drive or a volume from user land,with a couple of things to remember - for a few functions you will need admin access (especially writing low-level to disks) and it can be tricky to lock a disk for exclusive access (because of multitasking), in particular the Windows system volume.

ROBOSPOOK

sinsi,
  How easy .. can you point me in the correct direction.. a web site or something?  I am a like the proverbial fish... sorta out of water here. 

THanks

Gee this is a really great site

sinsi

Look on MSDN for CreateFile. I don't really have a simple example but here's one I was playing around with for copying a CD/DVD.
This is the old original code - I was also looking at error messages and threading so it's a bit of a mess.

MichaelW

There is an example here that reads the master boot record and boot sector.
Well Microsoft, here's another nice mess you've gotten us into.