noob questions about uasm64 usage

[aw27]

We can always create a program to convert or lookup GUID/IID from uuid.lib.

It can also look in
dxguid.lib
d2d1.lib
d3d11.lib
dxgi.lib
ole32.lib
windowscodecs.lib
dwrite.lib

if no success make a Google search.

And if does not find report "Sorry, I could not find"

[sinsi]

We can always create a program to convert or lookup GUID/IID from uuid.lib.

It can also look in
dxguid.lib
d2d1.lib
d3d11.lib
dxgi.lib
ole32.lib
windowscodecs.lib
dwrite.lib

if no success make a Google search.

And if does not find report "Sorry, I could not find"

Just use https://www.magnumdb.com/

[jj2007]

Great link, Sinsi :t

Code Select Expand

ITextDocument

1 IID_ITextDocument2 Guid c241f5e0-7206-11d8-a2c7-00a0d1d6c6b3
2 IID_ITextDocument2Old Guid 01c25500-4268-11d1-883a-3c8b00c10000
3 IID_ITextDocument Guid beee4ddb-90b2-408c-a2f6-0a0ac31e33e4
4 IID_ITextDocument Guid 8cc497c0-a1df-11ce-8098-00aa0047be5d

[morgot]

Try to compile Win64_4.asm

Have error in string "  lea rsi, CStr("Hello, world",13,10) "
Win64_4.asm(29) : Error A2227: Missing right parenthesis in expression

Delete Cstr (what is it? macro?), edit string for

Code Select Expand

.DATA
cstrr db "Hello, world",13,10,0
lea rsi, cstrr

Then link /subsystem:console /Libpath:d:\uasm\UASM-SDK-master\lib\x64 Win64_4.obj
but again error
LINK : fatal error LNK1171: unable to load mspdbst.dll (error code: 126)

[fearless]

check that mspdbst.dll exists in your uasm\bin folder
check if file was unblocked. https://winaero.com/blog/how-to-unblock-files-downloaded-from-internet-in-windows-10/
Make sure the entire zip was unblocked - ideally you downloaded it as Source code (zip) from release section and unblocked the zip.

[morgot]

So, I have next error
'\uasm\UASM-SDK-master\lib\x64\kernel32.lib : warning LNK4003: invalid library format; library ignored'

[TimoVJL]

What that UASM-SDK-master is ?

Something wrong with that linker, as in my test link.exe don't even need that mspdbst.dll, and i don't even have a it in test folder.

[fearless]

Could be the library is corrupt or trying to link an x86 program with an x64 library or vice versa.

I used the following to build Win64_4.asm, (where I installed UASM in my M: drive):

Code Select Expand

uasm64 -c -win64 -Zp8 -I"M:\UASM\Include" Win64_4.asm
link /subsystem:console /Libpath:"M:\UASM\Lib\x64" Win64_4.obj
Im guessing the library is blocked or is corrupt though

@TimeVJL - probably referring to my unofficial uasm sdk on github: https://github.com/mrfearless/UASM-SDK - which combines some of the visual studio 2013 (v12) linker, lib and other bin tools, the wininc includes and libraries, along with uasm (2.46 i think at the time it was uploaded) - if you clone/download from the repo it will download it all as UASM-SDK-master.zip

[aw27]

The example should build fine with the correct paths, correct link.exe paths etc.

However, there is a bug in UASM I noticed after looking at something mentioned above:
In some cases we can assemble instructions in the DATA section when we should not.

Extract from Win64_4.asm:

Code Select Expand


.CODE
main proc FRAME uses rbx rsi rdi

local dwWritten:DWORD

    invoke GetStdHandle,STD_OUTPUT_HANDLE
    mov rbx,rax
.DATA  ; We are in the data section now but it will assemble happily the intel instructions
    cstrr db "Hello, world",13,10,0
    lea rsi, cstrr
    lea rdi, CStr("Hello, world",13,10)
    invoke lstrlen, rsi
    mov edi, eax
    invoke WriteConsoleA, rbx, rsi, edi, addr dwWritten, 0
    ret

main endp



If we comment out
; lea rdi, CStr("Hello, world",13,10)
it will produce an error. Not the expected error but some error anyway.

[morgot]

Maybe some lib files are corrupted. So, where I can get normal lib for x64 ? For 32 bit I get from masm.

[aw27]

Maybe some lib files are corrupted. So, where I can get normal lib for x64 ? For 32 bit I get from masm.

You can use the masm32\64bit kernel32.lib or you can build the UASM libs by downloading Wininc from the UASM website. There are instructions in the Wininc on how to build the libs. kernel32.lib is also available in Windows kits and a few other places.

[fearless]

Yes, Wininc build the libs with polib, or PellesC libraries from Lib\Win64or Windows SDK/Kits (Windows Kits\8.1\Lib\winv6.3\um\x64, Microsoft SDKs\Windows\v7.1A\Lib\x64 etc)

[morgot]

I don't want to create it myself, I can do something wrong (I'm a noob). Took libs from PellesС, it seems to work.
But it's still difficult to code x64... I will still ask.

As example - what prototype must be for x64? QWORD or DWORD? Or what? This code fails with Acess violation

Code Select Expand

.x64                ; -pe requires to set cpu, model & language
    .model flat, fastcall

    option casemap:none
    option frame:auto   ; generate SEH-compatible prologues and epilogues
    option win64:3      ; init shadow space, reserve stack at PROC level

    option dllimport:<kernel32>
ExitProcess      proto :dword

    option dllimport:<shell32>
ShellExecuteA proto :dword, :dword, :dword, :dword, :dword

    option DLLIMPORT:<urlmon>
URLDownloadToFileA  proto :qword, :qword, :qword, :dword, :qword
    option dllimport:none

    .data

ClassName db "https://forum.pellesc.de/index.php?topic=3253.0",0
AppName  db "PellesC.htm",0


    .code

WinMainCRTStartup proc FRAME
invoke URLDownloadToFileA,0,addr ClassName,addr AppName,0,0

xor eax,eax

invoke ExitProcess, eax

WinMainCRTStartup endp
end WinMainCRTStartup


This is modifiyed TimoVJL C sample

[morgot]

Open C sample in IDA dizasm, it say me that prototype is URLDownloadToFileA  proto :dword, :qword, :qword, :qword, :qword
(first parametr is ECX - 32 bit register, another is 64 bit). But why? I mean, that in x64 all pointers are 64 bit values..

[hutch--]

Win 64 uses 64 bit aligned locations for all arguments between BYTE and QWORD.