Author Topic: Disable procedure prolog?  (Read 317 times)

morgot

  • Member
  • **
  • Posts: 57
Disable procedure prolog?
« on: February 25, 2020, 05:27:08 AM »
Hello,
I have code
Code: [Select]
   _GetFileVersionInfoA proc
             mov rax,dwGetFileVersionInfoA
             jmp rax
    _GetFileVersionInfoA endp

That compiles to:
Code: [Select]

    GetFileVersionInfoA proc near   
    enter   80h, 0
    sub     rsp, 40h
    mov     rax, cs:qword_1800033F0
    jmp     rax
    GetFileVersionInfoA endp


Can I disable commands enter and sub rsp (my program crashes with it) ? Can I do this without labels , in procedure only?
Sorry for the bad English

Vortex

  • Member
  • *****
  • Posts: 2104
Re: Disable procedure prolog?
« Reply #1 on: February 25, 2020, 05:47:38 AM »
Hello,

Assuming that you are using ml64, you would like to try the STACK_FRAME macro defined in \masm32\macros64\macros64.inc :

Code: [Select]
include \masm32\include64\masm64rt.inc

.code

STACK_FRAME OFF

myfunc PROC

   mov  rax,1 ; just a quick example
   jmp  rax   ; for demonstration purpose

myfunc ENDP

STACK_FRAME ON

END

jj2007

  • Member
  • *****
  • Posts: 10094
  • Assembler is fun ;-)
    • MasmBasic
Re: Disable procedure prolog?
« Reply #2 on: February 25, 2020, 06:00:43 AM »
Can I disable commands enter and sub rsp (my program crashes with it) ? Can I do this without labels , in procedure only?

What's wrong with labels...?
Code: [Select]
SayHi:
  push rax ; API calls want align 16
  jinvoke MessageBox, 0, rcx, Chr$("Hi"), MB_OK or MB_SETFOREGROUND
  pop rdx
  ret
...
  mov rcx, Chr$("Wow, it works!!!!")
  call SayHi

morgot

  • Member
  • **
  • Posts: 57
Re: Disable procedure prolog?
« Reply #3 on: February 25, 2020, 06:08:07 AM »
Vortex, thanks it works! But I use NOSTACKFRAME , because my masm don't recognize STACK_FRAME OFF. I get ml64 from VC2015

jj2007, because I cannot export Labels.. This is DLL and def files don't work with labels
Code: [Select]
LIBRARY version
EXPORTS
GetFileVersionInfoA=_GetFileVersionInfoA
...
Sorry for the bad English

Vortex

  • Member
  • *****
  • Posts: 2104
Re: Disable procedure prolog?
« Reply #4 on: February 25, 2020, 07:47:45 AM »
Hi morgot,

My setup is VS2010 Express + Windows 7 SDK. Ml Version : 10.00.40219.01

jj2007

  • Member
  • *****
  • Posts: 10094
  • Assembler is fun ;-)
    • MasmBasic
Re: Disable procedure prolog?
« Reply #5 on: February 25, 2020, 08:46:54 AM »
def files don't work with labels

They do.

Code: [Select]
LIBRARY "CallTheLabel"
EXPORTS
Mul100

Code: [Select]
ExternDef Mul100:QWORD
Mul100 LABEL QWORD
  xchg rax, rcx
  mov rdx, 100
  mul rdx
  ret

Code: [Select]
  jinvoke LoadLibraryEx, Chr$("CallTheLabel.dll"), 0, DONT_RESOLVE_DLL_REFERENCES
  deb 4, "ResLL", rax 
  .if rax
push rax
push rax
jinvoke GetProcAddress, rax, Chr$("Mul100")
deb 4, "PA", rax
.if rax
mov rcx, 123
call qword ptr rax
Print Str$("The result is %i\n", rax)
.endif
pop rax
pop rcx
jinvoke FreeLibrary, rcx
  .endif

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 7036
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Disable procedure prolog?
« Reply #6 on: February 25, 2020, 10:11:34 AM »
morgot,

If you are using the masm64 add in for 64 bit, get the most up to date version of it at the following URL.

http://masm32.com/board/index.php?topic=8090.0

Once this is done, check the free standing help file "MasmHelp.exe" under the heading "Stackframes" and you have a very flexible set of options in how you set up a stack frame. For the code you posted above, try the PROCALIGN macro that aligns the stack so you can call API functions. Using NOSTACKFRAME is fine for pure mnemonics but is misaligned by 8 for external function calls.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

Vortex

  • Member
  • *****
  • Posts: 2104
Re: Disable procedure prolog?
« Reply #7 on: February 26, 2020, 05:59:08 AM »
Hi morgot,

The 64-bit fastcall calling convention does not require function decoration \ name mangling. Any reason to specify a leading underscore symbol?

Code: [Select]
LIBRARY version
EXPORTS
GetFileVersionInfoA=_GetFileVersionInfoA

Code: [Select]
polib.exe /MACHINE:x64 /DEF:version.def /OUT:version.lib

podump.exe /EXPORTS version.lib

Dump of version.lib

File type: LIB
version.dll: GetFileVersionInfoA (GetFileVersionInfoA)

SUMMARY
      14 .idata$2
      14 .idata$3
       8 .idata$4
       8 .idata$5
       C .idata$6

morgot

  • Member
  • **
  • Posts: 57
Re: Disable procedure prolog?
« Reply #8 on: February 26, 2020, 06:01:55 PM »
Hi morgot,

My setup is VS2010 Express + Windows 7 SDK. Ml Version : 10.00.40219.01
Hi Vortex,
i use masm64 from Hutch, and ml64.exe from VS2015.

def files don't work with labels

They do.
Thank you for the example.

morgot,

If you are using the masm64 add in for 64 bit, get the most up to date version of it at the following URL.

Once this is done, check the free standing help file "MasmHelp.exe" under the heading "Stackframes" and you have a very flexible set of options in how you set up a stack frame. For the code you posted above, try the PROCALIGN macro that aligns the stack so you can call API functions. Using NOSTACKFRAME is fine for pure mnemonics but is misaligned by 8 for external function calls.
Yes, I use your masm64. I will read this manual,thank you. I know 64bit bad, early I code only 32 bit, this is simplier.


Hi morgot,

The 64-bit fastcall calling convention does not require function decoration \ name mangling. Any reason to specify a leading underscore symbol?
There is one reason - i don't know 64bit good, and copy-paste def file from my 32 bit DLL.
Why no function decoration in 64bit? Because we don't use stack? But sub rsp is used..
Sorry for the bad English

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 7036
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Disable procedure prolog?
« Reply #9 on: February 26, 2020, 06:34:01 PM »
What happens when you call a procedure address is the CALL mnemonic writes the return address to the stack which adds 8 bytes to the stack and while this is OK for pure mnemonic code, if you try and call another procedure from the misaligned proc, the app will crash. When you use SUB RSP by 8 you are ensuring the stack is correctly 16 byte aligned for the current proc. Before exit from the proc you have to align the stack back to the calling proc by adding 8 bytes.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

Vortex

  • Member
  • *****
  • Posts: 2104
Re: Disable procedure prolog?
« Reply #10 on: February 27, 2020, 06:09:21 AM »
Hi morgot,

It's OK, don't worry about 64-bit programming. Doing exercises will help all of us to learn new things.

Quote
Note that in a 64-bit environment, functions are not decorated.

https://docs.microsoft.com/en-us/cpp/build/reference/decorated-names?view=vs-2019

Here is a quick 64-bit DLL sample for you:
Code: [Select]
include \masm32\include64\masm64rt.inc

LibMain proc instance:QWORD,reason:QWORD,unused:QWORD

    mov     rax,1
    ret

LibMain endp

sum PROC x:QWORD,y:QWORD

    mov     rax,x
    add     rax,y
ret

sum ENDP

subst PROC x:QWORD,y:QWORD

    mov     rax,x
    sub     rax,y
ret

subst ENDP

END