Hi,
probably another bug, source without a bug ...
; lea rbx,[_cuCtxCreate]
;cuCtxCreate PROTO pctx:XMASM ,flags:DWORD ,dev:DWORD
invoke cuCtxCreate,CudaContext,CU_CTX_SCHED_SPIN+CU_CTX_MAP_HOST,CudaDevice ; this context associates the device with this cpu thread
test eax,eax
jnz Error
; lea rbx,[_cuMemAlloc]
nop
;cuMemAlloc PROTO dptr:XMASM ,bytesize:DWORD
invoke cuMemAlloc,CudaNumberArray, CudaDevice;1024;256*4 <- CudaDevice - Dummy
test eax,eax
jnz Error
Bin ...
0000000000401029 | 48:8B0D 94290000 | MOV RCX, QWORD PTR DS:[<CudaContext>] | mywindow1.asm:229, rcx:PEB.InheritedAddressSpace
0000000000401030 | BA 09000000 | MOV EDX, 9 | edx:WinMainCRTStartup, 9:'\t'
0000000000401035 | 44:8B05 84290000 | MOV R8D, DWORD PTR DS:[<CudaDevice>] | r8d:PEB.InheritedAddressSpace
000000000040103C | E8 92040000 | CALL <mywindow1.cuCtxCreate_v2> |
0000000000401041 | 85C0 | TEST EAX, EAX | mywindow1.asm:230, eax:WinMainCRTStartup
0000000000401043 | 0F85 C4020000 | JNE mywindow1.40130D | mywindow1.asm:231
0000000000401049 | 90 | NOP | mywindow1.asm:234
000000000040104A | 48:8B0D 8B290000 | MOV RCX, QWORD PTR DS:[<CudaNumberArray>] | mywindow1.asm:236, rcx:PEB.InheritedAddressSpace
0000000000401051 | 8B15 69290000 | MOV EDX, DWORD PTR DS:[<CudaDevice>] | edx:WinMainCRTStartup <- CudaDevice - Dummy
0000000000401057 | E8 95040000 | CALL <mywindow1.cuMemAlloc_v2> | <- there is no bug
000000000040105C | 85C0 | TEST EAX, EAX | mywindow1.asm:237, eax:WinMainCRTStartup
000000000040105E | 0F85 A9020000 | JNE mywindow1.40130D | mywindow1.asm:238
source having a bug
; lea rbx,[_cuCtxCreate]
;cuCtxCreate PROTO pctx:XMASM ,flags:DWORD ,dev:DWORD
invoke cuCtxCreate,CudaContext,CU_CTX_SCHED_SPIN+CU_CTX_MAP_HOST,CudaDevice ; this context associates the device with this cpu thread
test eax,eax
jnz Error
; lea rbx,[_cuMemAlloc]
nop
;cuMemAlloc PROTO dptr:XMASM ,bytesize:DWORD
invoke cuMemAlloc,CudaNumberArray,1024;1024;256*4 <- bug with 1024
test eax,eax
jnz Error
Bin ...
0000000000401029 | 48:8B0D 94290000 | MOV RCX, QWORD PTR DS:[<CudaContext>] | mywindow1.asm:229, rcx:PEB.InheritedAddressSpace
0000000000401030 | BA 09000000 | MOV EDX, 9 | edx:WinMainCRTStartup, 9:'\t'
0000000000401035 | 44:8B05 84290000 | MOV R8D, DWORD PTR DS:[<CudaDevice>] | r8d:PEB.InheritedAddressSpace
000000000040103C | E8 82040000 | CALL <mywindow1.cuCtxCreate_v2> |
0000000000401041 | 85C0 | TEST EAX, EAX | mywindow1.asm:230, eax:WinMainCRTStartup
0000000000401043 | 0F85 C3020000 | JNE mywindow1.40130C | mywindow1.asm:231
0000000000401049 | 90 | NOP | mywindow1.asm:234
000000000040104A | 48:8B0D 8B290000 | MOV RCX, QWORD PTR DS:[<CudaNumberArray>] | mywindow1.asm:236, rcx:PEB.InheritedAddressSpace
0000000000401051 | BA 00040000 | MOV EDX, 400 | edx:WinMainCRTStartup <- bug with 1024
0000000000401056 | E8 86049000 | CALL msvcp_win.D014E1 | <- bug with 1024
000000000040105B | 85C0 | TEST EAX, EAX | mywindow1.asm:237, eax:WinMainCRTStartup
Bin without dummy "nop" ...
0000000000401029 | 48:8B0D 94290000 | MOV RCX, QWORD PTR DS:[<CudaContext>] | mywindow1.asm:229, rcx:PEB.InheritedAddressSpace
0000000000401030 | BA 09000000 | MOV EDX, 9 | edx:WinMainCRTStartup, 9:'\t'
0000000000401035 | 44:8B05 84290000 | MOV R8D, DWORD PTR DS:[<CudaDevice>] | r8d:PEB.InheritedAddressSpace
000000000040103C | E8 82040000 | CALL <mywindow1.cuCtxCreate_v2> |
0000000000401041 | 85C0 | TEST EAX, EAX | mywindow1.asm:230, eax:WinMainCRTStartup
0000000000401043 | 0F85 C2020000 | JNE mywindow1.40130B | mywindow1.asm:231
0000000000401049 | 48:8B0D 8C290000 | MOV RCX, QWORD PTR DS:[<CudaNumberArray>] | mywindow1.asm:235, rcx:PEB.InheritedAddressSpace
0000000000401050 | BA 00040000 | MOV EDX, 400 | edx:WinMainCRTStartup <- bug with 1024
0000000000401055 | E8 87040090 | CALL [b]FFFFFFFF904014E1[/b] | <- bug with 1024
000000000040105A | 85C0 | TEST EAX, EAX | mywindow1.asm:236, eax:WinMainCRTStartup
000000000040105C | 0F85 A9020000 | JNE mywindow1.40130B | mywindow1.asm:237
here you can see in the code that calling api is a broken instruction ...I could not find another explanation for this .. UASM 2.48.2 - I compiled a new one from here .. https://github.com/Terraspace/UASM/tree/v2.48.1 (https://github.com/Terraspace/UASM/tree/v2.48.1)
Could you possibly create a small re-producable test-case that I can assemble and check ?
Thanks
Quote from: johnsa on May 13, 2019, 08:04:48 PM
Could you possibly create a small re-producable test-case that I can assemble and check ?
Thanks
Hi johnsa,
the bug is somehow related to the stack and calling INVOKE functions, when I simplify everything, the bug disappears, the StackFrame also disappears ...
0000000000401000 <mywindowtestbug.WinMainCRTStartup> | 33C9 | XOR ECX, ECX | mywindowTestBug.asm:205, ecx:PEB.InheritedAddressSpace
0000000000401002 | E8 7A040000 | CALL <mywindowtestbug.cuInit> |
0000000000401007 | 85C0 | TEST EAX, EAX | mywindowTestBug.asm:213, eax:WinMainCRTStartup
0000000000401009 | 0F85 E6020000 | JNE mywindowtestbug.4012F5 | mywindowTestBug.asm:214
vs
0000000000401000 <mywindow1.WinMainCRTStartup> | 48:83EC 28 | SUB RSP, 28 | mywindow1.asm:212
0000000000401004 | 33C9 | XOR ECX, ECX | mywindow1.asm:217, ecx:PEB.InheritedAddressSpace
0000000000401006 | E8 FC040000 | CALL <mywindow1.cuInit> |
000000000040100B | 85C0 | TEST EAX, EAX | mywindow1.asm:218, eax:WinMainCRTStartup
000000000040100D | 0F85 45030000 | JNE mywindow1.401358 | mywindow1.asm:219
in both cases
.686
.MMX
.XMM
.x64
option casemap:none
option win64:15;win64:11
option frame:auto;NOAUTO
option stackbase:rsp
option dotname
;option evex:1
option proc:private
;option LITERALS:ON
option PROCALIGN:16
OPTION FIELDALIGN:16; 1|2|4|8|16|32 - The default value is 1 or the value set by cmdline switch -Zp
I use my set of SDK, but it does not affect the behavior .. Even two different file names, but the same source code, cause different assembly. I will try to make a working example ..
:biggrin: :biggrin: :biggrin: :t
Everything is clear now, this is x64dbg tricks, x64dbg does not understand what is encoded there, randomly inserting some strange code. I compared using another debugger, everything is fine! Last fix fixed bug with "mov byte ptr [rax]". Thanks for the support!!!
Glad to hear it :) there are a few more fixes to commit into 2.48.1 then it should be ready.. I'm still procrastinating any effort on PLT/GOT.. it is a total pita..
I have half a mind to tell Linux kernel devs to change Linux rather hahah..