masm 10 vs 11

[bomz]

Thanks

Code Select Expand

externdef syscall @IofCallDriver@8:proc
IofCallDriver textequ <@IofCallDriver@8>
what about 2 arguments?

http://msdn.microsoft.com/ru-ru/library/6xa169sk.aspx
ECX EDX

The first two DWORD or smaller arguments are passed in ECX and EDX registers; all other arguments are passed right to left.

[bomz]

BEGIN {
deffile=NAME".def";
asmfile=NAME".asm";
if (NAME == "winspool") extention = ".drv";
if (NAME == "ntoskrnl") extention = ".exe";
print "LIBRARY "NAME""extention>deffile;
print ";__NO_NOISE__\n.386\n.model flat,stdcall\noption casemap :none\n.code\nLibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD\nmov eax, 1 \nret\nLibMain endp" > asmfile;
}
/PROTO/{
procname = $1;
"if (procname ~ /^[\x20\x09]*;/ ) next;"
if (procname == "DllUnload" || procname == "DllInitialize") private= " PRIVATE";
if (procname != "LibMain") {
print "EXPORTS",procname""private>>deffile;
if ($3 != "STDCALL" && $3 != "C" && $3 != "" ) {string="";string1=$3;string_out="";} else {string=$3; string1=$4;string_out=string" ";}
i = split(string1,part,":");
for(j = 1; j < i; j++) string_out=sprintf(string_out "param%0.2d"":"part[j+1],j);
print procname " proc " string_out>>asmfile;
print "ret">>asmfile;
print procname " endp">>asmfile;
}
}
END {
print "end LibMain">>asmfile;
}

[bomz]

@ExInterlockedPushEntrySList@12 proc syscall param1:DWORD
ret
@ExInterlockedPushEntrySList@12 endp

OR

@ExInterlockedPushEntrySList@12 proc syscall param1:DWORD,param2:DWORD,param3:DWORD
ret
@ExInterlockedPushEntrySList@12 endp

???

there is any sense to leave LibMain proc in hpmon.inc and nwmon.inc?

[dedndave]

"@12" tells you there are 12 bytes of parameters (3 dwords)

Code Select Expand

ExInterlockedPushEntrySList proc syscall param1:DWORD,param2:DWORD,param3:DWORD
ret
ExInterlockedPushEntrySList endp

[bomz]

but syscall say that 2 first parametres in ecx edx. in msdn about syscall any word

[bomz]

-2 parametres

Code Select Expand

.386

.model flat, stdcall
option casemap :none

include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
include ntdll.inc
includelib ntdll.lib

.data
mestitle db "Bomz",0
form db "EAX: %x EBX: %u ECX: %u EDX: %u ESI: %u EDI: %u", 0

.data?
buffer db 512 dup(?)

.code
start:
xor eax,eax
xor ebx,ebx
xor ecx,ecx
xor edx,edx
xor esi,esi
xor edi,edi

mov ecx, 00ffh
call @RtlUshortByteSwap@4


invoke wsprintf,ADDR buffer,ADDR form,eax,ebx,ecx,edx,esi,edi

invoke MessageBox,0,ADDR buffer,ADDR mestitle,MB_ICONASTERISK
invoke ExitProcess,0
end start

[japheth]

but syscall say that 2 first parametres in ecx edx. in msdn about syscall any word

It's fastcall, and there is something at MSDN: http://msdn.microsoft.com/en-us/library/6xa169sk.aspx

[jj2007]

It's fastcall, and there is something at MSDN: http://msdn.microsoft.com/en-us/library/6xa169sk.aspx

Future compiler versions may use different registers to store parameters.

I love that one. Sounds like real fun

[bomz]

DDK_XP.iso ---> NTOSKRNL.LIB + protogen.exe = NTOSKRNL.INC

externdef syscall @InterlockedCompareExchange@12:proc
InterlockedCompareExchange textequ <@InterlockedCompareExchange@12>

http://msdn.microsoft.com/ru-ru/library/windows/desktop/ms683560%28v=vs.85%29.aspx

C++
Копировать

LONG __cdecl InterlockedCompareExchange(
  _Inout_  LONG volatile *Destination,
  _In_     LONG Exchange,
  _In_     LONG Comparand
);

syscall


windows.inc

InterlockedCompareExchange PROTO STDCALL :DWORD,:DWORD,:DWORD

Code Select Expand

mov ebx, esp
call @RtlUshortByteSwap@4
sub ebx, esp
ebx=0

[bomz]

The very last script version of Alex_Piggy , works with all masm32 inc's and inc's from DDKKits makes with protogen (except fastcall)

Code Select Expand

BEGIN {
    IGNORECASE=1;
    deffile=NAME".def";
    asmfile=NAME".asm";
    print "LIBRARY "NAME EXTENSION>deffile;
    print ";__NO_NOISE__\n.386\n.model flat,stdcall\noption casemap :none\n.code\nLibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD\nmov eax, 1 \nret\nLibMain endp" > asmfile;
}
(!/[\x20\x09]*;/) { if ($2 ~ /^PROTO$/) { if (NF >2) {
    procname = $1;
if (procname != "LibMain") {
    if (procname ~ /^DllUnload$/ || procname ~ /^DllInitialize$/) private= " PRIVATE";
print "EXPORTS "procname private>>deffile;
string1="";
string_out="";
for ( j = 3; j <= NF; j++) string1=string1" "$j;
    if (string1 ~ /[, ]:/) {
string1=gensub(/, :/,",:","g",string1);
i = split(string1,part,":");
string_out=part[1];
for(j = 1; j < i; j++) string_out=sprintf(string_out "param%0.2d"":"part[j+1],j);
    } else {
string_out=string1;
    }
    print procname " proc" string_out "\nret\n" procname " endp">>asmfile;
}}}}
END {
    print "end LibMain">>asmfile;
}

Code Select Expand

@echo off
color 9F
set "mdir=\masm32\
if "%~1"=="" exit /b
cd /d %~dp0
awk -v "NAME=%~n1" -v "EXTENSION=%~2" -f script.awk "%~1"
%mdir%bin\ml.exe /c /coff /Cp %~n1.asm
%mdir%bin\Link.exe /noentry /subsystem:windows /dll /def:%~n1.def %~n1.obj
del %~n1.dll
del %~n1.obj
del %~n1.exp
del %~n1.def
del %~n1.asm
bldlibs

Code Select Expand

call inc2lib.bat winspool.inc .drv
call inc2lib.bat ntoskrnl.inc .exe

current fastcall batch file

Code Select Expand

@ECHO OFF
COLOR 9F
cd %~dp1
echo off>%~n1.def
echo off>%~n1.asm
SetLocal EnableDelayedExpansion
set sign=:
for /f "tokens=3 delims=%sign% " %%i in (%~nx1) do (
set string=%%i
set pointer=!string:~0,1!
if !pointer!==@ (
rem echo !pointer!
echo EXPORTS %%i>>%~n1.def

set pointer=!string:~-2!

if !pointer!==@4 echo %%i proc syscall >>%~n1.asm
if !pointer!==@8 echo %%i proc syscall >>%~n1.asm
if !pointer!==12 echo %%i proc syscall param1:DWORD>>%~n1.asm
if !pointer!==16 echo %%i proc syscall param1:DWORD,param2:DWORD>>%~n1.asm
if !pointer!==20 echo %%i proc syscall param1:DWORD,param2:DWORD,param3:DWORD>>%~n1.asm
echo ret>>%~n1.asm
echo %%i endp>>%~n1.asm
)
)
pause

[japheth]

syscall

You mustn't take those things too literally. Most likely the author has used syscall because Masm doesn't know fastcall; using syscall as substitute has the advantage that it doesn't add a prefix or suffix to the name. You cannot use INVOKE to call such functions, though.

[bomz]

how do you think batch file must be or not to be

if !pointer!==@4 echo %%i proc syscall >>%~n1.asm
if !pointer!==@8 echo %%i proc syscall >>%~n1.asm
if !pointer!==12 echo %%i proc syscall param1:DWORD>>%~n1.asm
if !pointer!==16 echo %%i proc syscall param1:DWORD,param2:DWORD>>%~n1.asm
if !pointer!==20 echo %%i proc syscall param1:DWORD,param2:DWORD,param3:DWORD>>%~n1.asm

????

[japheth]

how do you think batch file must be or not to be

I'm sorry, but I have no idea what you want to achieve, so I cannot help.

If you're able to express yourself clearly in English or German ( or Schwäbisch ), I may be able to say something substantial.

[bomz]

@12 in the end of function name means

param1:DWORD,param2:DWORD,param3:DWORD

or

param1:DWORD

how many parametres ?

[japheth]

@12 in the end of function name means

param1:DWORD,param2:DWORD,param3:DWORD

or

param1:DWORD

how many parametres ?

It's the size of the "parameter list" - the value doesn't actually tell how many parameters a function has.

However, "usually" in Win32, a parameter has size 4, so the assumption that @12 is to be translated to "3 parameters" has a certain, significant probability.