I was inspired by a video I watched:
youtube.com/watch?v=AQERQd4RreA (http://youtube.com/watch?v=AQERQd4RreA)
I think his demo was inspired by:
codeproject.com/Articles/1190931/Direct-X-and-Pure-Assembly-Language-Doing-What-Can (http://codeproject.com/Articles/1190931/Direct-X-and-Pure-Assembly-Language-Doing-What-Can)
I checked out the project and was inspired by how cool it was, it didn't build on my system but after following the procedures in his follow up video tutorial:
youtube.com/watch?v=aw6L6feBKrc&t=217s (http://youtube.com/watch?v=aw6L6feBKrc&t=217s)
I was able to successfully get it to build!
I am now looking to learn more about m64 (I would learn m32 as I have heard it is easier but I think in the long run it may be deprecated)
I have taken a look at the intel programming guide volume 2(a) and have programmed with directx in the past but I want to learn more about assembly and setting up a nice workflow for it
I also do not have much experience with batch programs or cmd.exe so I personally would use MS VS community but am looking for other options suggested by community members
Documentation on m64 seems to be quite lacking on MSDN, any good resources by community members on alternatives would be greatly appreciated
I guess my 4 main questions are:
1. Good starter projects, even something basic like writing out hello world to console subsystem, and resources to accomplish that task
2. Better documentation on x86 that is FREE (I know there is a book linked, I know it is a good resource but I am not sure about spending $40 on it right now)
3. Suggestions for programming environment
4. Documentation on m64 especially preproccessors
any replies are appreciated cheers! :biggrin:
Welcome to The Masm Forum, nice to meet you. :thumbsup:
zedd
Thanks zedd, btw I read the pinned thread but I am not sure how to set pfp or url can you help me out? TY in advance :D
Do you mean for your signature?
Nevermind figured it out :biggrin: thanks for the help! :D
Ah, okay. Your avatar.... :biggrin:
And your "Hello World"... :tongue:
For some examples in Masm64 you can look through the posts here:
https://masm32.com/board/index.php?board=54.0 (https://masm32.com/board/index.php?board=54.0)
by Mikl__ He has some tutorials there. I usually only work with Masm32...
Hi SkylerAk
If you like watching videos, here is one for you.
https://masm32.com/board/index.php?topic=10837
Thanks guys Ill check them out!
Quote from: Caché GB on July 04, 2023, 03:56:29 PM
Hi SkylerAk
If you like watching videos, here is one for you.
https://masm32.com/board/index.php?topic=10837
I already checked out your video earlier even posted a reply in your youtube comments, super impressive stuff!
Hi SkylerAk,
Check first the Masm64 SDK board (https://masm32.com/board/index.php?board=53.0). Once you have installed the SDK, preferably to ?:\Masm64 (?=C, D, ...Z), there will be plenty of examples in \Masm64\Examples
You can use ?:\Masm64\qeditor.exe to build these examples, or use the batch files supplied.
Don't hesitate to ask for help if you are stuck. We need such feedback to make the process simpler.
Welcome to the forum :thup:
Hi SkylerAk,
Welcome to the Forum. Here is a quick console example for you. It displays the traditional hello world message :
include \masm64\include64\masm64rt.inc
.data
string db 'Hello world!',0
.code
entry_point PROC
invoke StdOut,ADDR string
invoke ExitProcess,0
entry_point ENDP
END
Quote from: SkylerAk on July 04, 2023, 03:23:09 PM
I was inspired by a video I watched:
youtube.com/watch?v=AQERQd4RreA (http://youtube.com/watch?v=AQERQd4RreA)
:thumbsup: That also build without problems (ASM)
Quote from: SkylerAk on July 04, 2023, 03:23:09 PM
4. Documentation on m64 especially preproccessors
You can find preprocessor information in old "Programmer's Guide Microsoft® MASM" because never changed.
A little obvious, Microsoft Macro Assembler reference (https://learn.microsoft.com/en-us/cpp/assembler/masm/microsoft-macro-assembler-reference?view=msvc-170) is mostly about ml64.exe
I got MASM up and running and am learning the syntax really fast, however I am trying to make system calls but when I run a system call it returns ffffffffh, I checked and I am not getting write access violation, I think it might be a security measure like security cookies, is there a specific way to ensure the linker implements security them in my assembled code?
Are yopu tring to make syscalls on windows10? I think the syscalls change with every new build of windows10 so you dont usually want to call them directly like on linux.
Quote from: SkylerAk on July 05, 2023, 09:57:13 PM
I am trying to make system calls but when I run a system call it returns ffffffffh
It would help others to assist you if you posted
at least the piece of code that is giving you problems, if not the full source code. This will aid in spotting any
possible errors in the source code.
oh good to know, bad idea I guess lol, I just wanted to see how low level I could go Cx
Quote from: SkylerAk on July 05, 2023, 10:14:45 PM
oh good to know, bad idea I guess lol, I just wanted to see how low level I could go Cx
We will never know without seeing your code. See my last reply here.
Quote from: phyisio on July 05, 2023, 10:10:11 PM
Are yopu tring to make syscalls on windows10? I think the syscalls change with every new build of windows10 so you dont usually want to call them directly like on linux.
I was trying to translate some c and remove security cookies to deobfuscate the actual assembly figured it out tho ty for others wondering the c ++ flag is /GS much easier to read
for those curious I am just using syscalls to read data not write, e.g. call nf-sysinfoapi-getsysteminfo and write the data returned in rax to a lpSystemInfo
equivalent c code
SYSTEM_INFO sysinfo;
GetSystemInfo(&sysinfo);
here's how I did it
lea rcx, [rsp + 8]
call GetSystemInfo
Quote from: zedd151 on July 05, 2023, 10:14:12 PM
Quote from: SkylerAk on July 05, 2023, 09:57:13 PM
I am trying to make system calls but when I run a system call it returns ffffffffh
It would help others to assist you if you posted at least the piece of code that is giving you problems, if not the full source code. This will aid in spotting any possible errors in the source code.
SkylerAk,
You can zip your *.asm file (plus other necessary stuff) and attach it to your posts. Members here want
complete code and projects, as they want to build your source and see what's wrong.
If you don't do that, members will quickly categorise you under "useless script kiddie trying to hack his way through".
been using this documentationhttps://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture (https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture)
lpSystemInfo is in rax after that call,
I have one question tho is there a way I can store my pointer so that it can be access this struct that kinda looks like this
;---structdef---;
SystemInfo struct
dwOemId dd ?
wProcessorArchitecture dw ?
wReserved dw ?
dwPageSize dd ?
lpMinimumApplicationAddress dq ?
lpMaximumApplicationAddress dq ?
dwActiveProcessorMask dd ?
dwNumberOfProcessors dd ?
dwProcessorType dd ?
dwAllocationGranularity dd ?
wProcessorLevel dw ?
wProcessorRevision dw ?
SystemInfo ends
;---struct data---;
lpSystemInfo label SystemInfo
dwOemId dd ?
wProcessorArchitecture dw ?
wReserved dw ?
dwPageSize dd ?
lpMinimumApplicationAddress dq ?
lpMaximumApplicationAddress dq ?
dwActiveProcessorMask dd ?
dwNumberOfProcessors dd ?
dwProcessorType dd ?
dwAllocationGranularity dd ?
wProcessorLevel dw ?
wProcessorRevision dw ?
Quote from: jj2007 on July 05, 2023, 10:32:37 PM
Quote from: zedd151 on July 05, 2023, 10:14:12 PM
Quote from: SkylerAk on July 05, 2023, 09:57:13 PM
I am trying to make system calls but when I run a system call it returns ffffffffh
It would help others to assist you if you posted at least the piece of code that is giving you problems, if not the full source code. This will aid in spotting any possible errors in the source code.
SkylerAk,
You can zip your *.asm file (plus other necessary stuff) and attach it to your posts. Members here want complete code and projects, as they want to build your source and see what's wrong.
If you don't do that, members will quickly categorise you under "useless script kiddie trying to hack his way through".
here is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros
another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)
Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)
Quote from: SkylerAk on July 05, 2023, 10:47:35 PMhere is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros
Thank you. I try to build it, and get the following:
Assembling: Tmp_File.asm
*** linking hello.obj - no resources ***
POLINK: error: Unresolved external symbol '__imp_GetSystemInfo'.
POLINK: error: Unresolved external symbol '_entry_point'.
POLINK: fatal error: 2 unresolved external(s).Your Hello.asm starts with:
.data
;-----------constants------------;The examples in the Masm64 SDK, which build without errors, start typically with:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm64\include64\masm64rt.inc
.code
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
entry_point procI suggest you become familiar with the Masm64 SDK (https://masm32.com/board/index.php?board=53.0). Nobody here is keen to learn which idiosyncratic environment or "tool chain" you are using.
Quote from: SkylerAk on July 05, 2023, 10:47:35 PM
another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)
Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)
These are good intentions, thanks. Using MS VS is an overkill for little assembly proggies, and requires that those who help you have VS installed, the right environment variables set, etc - don't count on that. I avoid VS like the plague. Few of us use it, mostly those who come from a C/C++ background. Many here use QEditor or Notepad++ instead. I use RichMasm.
If you want help, make sure your code builds with
this forum's "toolchain(s)". Otherwise you will be happily ignored - promised :cool:
Quote from: jj2007 on July 05, 2023, 11:00:58 PM
Quote from: SkylerAk on July 05, 2023, 10:47:35 PMhere is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros
Thank you. I try to build it, and get the following:
Assembling: Tmp_File.asm
*** linking hello.obj - no resources ***
POLINK: error: Unresolved external symbol '__imp_GetSystemInfo'.
POLINK: error: Unresolved external symbol '_entry_point'.
POLINK: fatal error: 2 unresolved external(s).
Your Hello.asm starts with:
.data
;-----------constants------------;
The examples in the Masm64 SDK, which build without errors, start typically with:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm64\include64\masm64rt.inc
.code
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
entry_point proc
I suggest you become familiar with the Masm64 SDK (https://masm32.com/board/index.php?board=53.0). Nobody here is keen to learn which idiosyncratic environment or "tool chain" you are using.
Quote from: SkylerAk on July 05, 2023, 10:47:35 PM
another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)
Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)
These are good intentions, thanks. Using MS VS is an overkill for little assembly proggies, and requires that those who help you have VS installed, the right environment variables set, etc - don't count on that. I avoid VS like the plague. Few of us use it, mostly those who come from a C/C++ background. Many here use QEditor or Notepad++ instead. I use RichMasm.
If you want help, make sure your code builds with this forum's "toolchain(s)". Otherwise you will be happily ignored - promised :cool:
Thanks for the advice, linking errors are because lnk.exe flags are not set for /DYNAMICBASE "examplename.dll", and /ENTRY:"main"
this program wouldn't output anything anyway I have manually been inspecting the output through debug breakpoints and a memory viewer anyway
TODO check out Masm64 SDK :D
Thanks again for the help, got to go to work now but nice talking to you
Quote from: SkylerAk on July 04, 2023, 03:23:09 PM
I was inspired by a video I watched:
Obviously you are following hard style used in that programs, but most of us like to make things more easy :biggrin::
include \masm64\include64\masm64rt.inc
.data?
MySystemInfo SYSTEM_INFO <>
.code
main proc
invoke GetSystemInfo, ADDR MySystemInfo
ret
main endp
end
Mine is almost identical:
include \masm64\include64\masm64rt.inc
.data?
align 16
SysInfo SYSTEM_INFO <>
.code
entry_point proc
conout chr$(13, 10, 10, "--- calling GetSystemInfo ---", 13, 10)
invoke GetSystemInfo, addr SysInfo
conout "returned: ", hex$(rax), chr$(13, 10)
conout "lpMinimumApplicationAddress=", hex$(SysInfo.lpMinimumApplicationAddress), chr$(13, 10)
conout "lpMaximumApplicationAddress=", hex$(SysInfo.lpMaximumApplicationAddress), chr$(13, 10)
conout "dwNumberOfProcessors=", str$(SysInfo.dwNumberOfProcessors), chr$(13, 10)
conout "dwProcessorType=", str$(SysInfo.dwProcessorType), chr$(13, 10)
conout "dwAllocationGranularity=", hex$(SysInfo.dwAllocationGranularity), chr$(13, 10)
invoke ExitProcess, 0
ret
entry_point endp
END
It runs fine, but I wonder why it returns such crap:
--- calling GetSystemInfo ---
returned: 50002
lpMinimumApplicationAddress=FFFEFFFF00000000
lpMaximumApplicationAddress=F000007FF
dwNumberOfProcessors=8664
dwProcessorType=65536
dwAllocationGranularity=2A070006
Here's what I get with JBasic:
This program was assembled with AsmC in 64-bit format.
SysInfo
x:SysInfo.lpMinimumApplicationAddress 10000h
x:SysInfo.lpMaximumApplicationAddress 7fffffeffffh
x:SysInfo.dwNumberOfProcessors 4h
x:SysInfo.dwProcessorType 21d8h
x:SysInfo.dwAllocationGranularity 10000h
x:SysInfo.dwPageSize 1000h
Source:
include \Masm32\MasmBasic\Res\JBasic.inc ; ## console demo, builds in 32- or 64-bit mode with UAsm, ML, AsmC ##
usedeb=1 ; 1=use the deb macro
.data?
SysInfo SYSTEM_INFO <>
.code
Init ; OPT_64 1 ; put 0 for 32 bit, 1 for 64 bit assembly
Cls 8
PrintLine Chr$("This program was assembled with ", @AsmUsed$(1), " in ", jbit$, "-bit format.")
jinvoke GetSystemInfo, addr SysInfo
deb 4, "SysInfo", x:SysInfo.lpMinimumApplicationAddress, x:SysInfo.lpMaximumApplicationAddress, x:SysInfo.dwNumberOfProcessors, x:SysInfo.dwProcessorType, x:SysInfo.dwAllocationGranularity, x:SysInfo.dwPageSize
EndOfCode
Quote from: jj2007 on July 06, 2023, 02:13:10 AM
It runs fine, but I wonder why it returns such crap:
It's what you are asking :biggrin:
str$ and hex$ are calling
vc__i64toa, but some structure members are dword and word.
Same as you Skyler im new and didnt use the masm64 sdk before. Guess we will have to learn it to be able to learn from the guys here.
Just remember to test it in a vm first :eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:
About windows syscalls, i actually learned today you an resolve them dynamically by looking into the ntdll.dll functions that wrap around them. So i take back what i said earlier. A project exists that does this in c: https://github.com/jthuraisamy/SysWhispers2 (https://github.com/jthuraisamy/SysWhispers2)
Would be cool to implement in assembly if it hasnt already ben done..
Quote from: phyisio on July 06, 2023, 03:12:46 AM
:eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:
@phyisio - now play nice.
Quote from: phyisio on July 06, 2023, 03:12:46 AM
this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:
This forum has been around since 2012. Before that there was a forum, also run by hutch since 2005 and until 2012 when this forum was created, before that I do not have any details but know that hutch has been working with assembly language since the days of MSDOS. Some of the long-time members (from way, way back) might be able to fill in more details.
I highly doubt that you will find any malware within the pages of this forum, nor in either the Masm32 SDK or the Masm64 SDK (regardless of what crappy AV software may try to lead you to believe).
Quote from: Caché GB on July 06, 2023, 04:08:30 AMQuote from: phyisio on July 06, 2023, 03:12:46 AM
:eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:
@phyisio - now play nice.
Yes, be nice. :thumbsup:
Just a joke
Quote from: phyisio on July 06, 2023, 05:04:11 AM
Just a joke
:greenclp:
Ok. :biggrin: We do not really know you yet, so hard to tell that you were joking. Sorry about the misunderstanding.
Quote from: HSE on July 06, 2023, 02:58:50 AMstr$ and hex$ are calling vc__i64toa, but some structure members are dword and word.
One day I will have a look at these macros. Str$() (https://www.jj2007.eu/MasmBasicQuickReference.htm#Mb1186) swallows any size correctly.