News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Binary to displayable text, any base

Started by ahsat, March 31, 2024, 04:37:00 AM

Previous topic - Next topic

NoCforMe

Quote from: ahsat on April 05, 2024, 11:50:31 AM
Quote from: NoCforMe on April 05, 2024, 11:08:33 AMIt's AI,man; the assembler is so smart it knows you haven't touched RSI so it doesn't bother saving and restoring it. It's a mind reader.
I just made sure for myself, and that is not true.

Are you sure?

Hint: I don't use smileys or emojis. Context, man, context.
Assembly language programming should be fun. That's why I do it.

ahsat


jj2007

Quote from: NoCforMe on April 05, 2024, 11:08:33 AMthe assembler is so smart it knows you haven't touched RSI so it doesn't bother saving and restoring it. It's a mind reader

I know that was irony, but being a curious guy, I tried it:

option prologue:prologuedef
option epilogue:epiloguedef
MyAlgo proc uses rsi arg1, arg2
  mov rsi, 789h
  invoke GetTickCount
  ret
MyAlgo endp

0000000140001000 <su | 55                              | push rbp                  |
0000000140001001     | 48:8BEC                         | mov rbp,rsp               |
0000000140001004     | 56                              | push rsi                  |
0000000140001005     | 48:C7C6 89070000                | mov rsi,789               |
000000014000100C     | FF15 BE110000                   | call [<GetTickCount>]     |
0000000140001012     | 5E                              | pop rsi                   |
0000000140001013     | C9                              | leave                     |
0000000140001014     | C3                              | ret                       |

That's lovely: ML64.exe performs an API call with a misaligned stack! Compliments, Microsoft :thumbsup:

So ML64 is indeed a mind reader, but a very dumb one :cool:

sinsi

ML64 does what you tell it to do.
It doesn't know about the MS x64 ABI, or the Intel x64 ABI, or even the Linux x64 ABI  :biggrin:

Nothing to get in your way of pure ASM code.
🍺🍺🍺

ahsat

What version of ml64.exe are you using? I get the following with your code. No "push esi" or "pop esi".

    22: .CODE
    23:
C8 80 00 00          enter       80h,0 
48 83 EC 60          sub         rsp,60h 
48 89 4D 10          mov         qword ptr [arg1],rcx 
48 89 55 18          mov         qword ptr [arg2],rdx 
    25:   mov rsi, 789h
48 C7 C6 89 07 00 00 mov         rsi,789h 
    26:   invoke GetTickCount
FF 15 B3 3F 00 00    call        qword ptr [__imp_GetTickCount (0D95000h)] 
C9                   leave 
C3                   ret 
    27:   ret
    28: MyAlgo endp

jj2007

Quote from: ahsat on April 06, 2024, 01:00:09 AMWhat version of ml64.exe are you using?

Microsoft (R) Macro Assembler (x64) Version 14.30.30705.0

ahsat

Quote from: jj2007 on April 06, 2024, 01:14:06 AMMicrosoft (R) Macro Assembler (x64) Version 14.30.30705.0
Microsoft (R) Macro Assembler (x64) Version 14.39.33522.0

The above is my version of my version of ML64.exe. There is obviously a big difference. Mine never produces any code for "uses" no matter what I do. I will look for an older copy of ml64.

ahsat

Quote from: jj2007 on April 05, 2024, 07:29:38 PMThat's lovely: ML64.exe performs an API call with a misaligned stack!
What are you talking about here? What is wrong with the stack?

zedd151

Quote from: ahsat on April 06, 2024, 03:20:25 AMWhat are you talking about here? What is wrong with the stack?
The stack must be aligned to 16 for ml64. Pushing a single 64 bit register misaligns the stack by 8. Two 64 bit registers may be pushed to keep the 16 byte alignment, but don't forget to pop two in that case.

NoCforMe

In my book, yet another reason to just avoid 64-bit programming altogether ...
Assembly language programming should be fun. That's why I do it.

ahsat

Quote from: sudoku on April 06, 2024, 04:11:49 AM
Quote from: ahsat on April 06, 2024, 03:20:25 AMWhat are you talking about here? What is wrong with the stack?
The stack must be aligned to 16 for ml64. Pushing a single 64 bit register misaligns the stack by 8. Two 64 bit registers may be pushed to keep the 16 byte alignment, but don't forget to pop two in that case.
Thank you. That seems odd, do you know why?

zedd151

#86
It's a requirement for the intel win64 abi.
When you call a function, it requires the 16 byte stack alignment.

Do a google search for "win64 abi stack alignment" for better explanation... I can get a link later, I'm on my iPad at the moment. (Hard to copy and paste links from the iPad)

Later:

info on 64 bit stack alignment from Microsoft

jj2007

Quote from: ahsat on April 06, 2024, 07:32:22 AMThat seems odd, do you know why?

The 16-byte alignment is required by Windows. Why exactly is not well documented (to my knowledge), but there are many SIMD instructions like movaps which fail miserably if the address is not aligned to 16 bytes; that could be the underlying reason.

sinsi

Quote from: ahsat on April 06, 2024, 01:00:09 AMWhat version of ml64.exe are you using? I get the following with your code. No "push esi" or "pop esi".

    22: .CODE
    23:
C8 80 00 00          enter      80h,0 
48 83 EC 60          sub        rsp,60h 
48 89 4D 10          mov        qword ptr [arg1],rcx 
48 89 55 18          mov        qword ptr [arg2],rdx 
    25:  mov rsi, 789h
48 C7 C6 89 07 00 00 mov        rsi,789h 
    26:  invoke GetTickCount
FF 15 B3 3F 00 00    call        qword ptr [__imp_GetTickCount (0D95000h)] 
C9                  leave 
C3                  ret 
    27:  ret
    28: MyAlgo endp
You can tell that's hutch's prologue, and as I've said numerous times, his prologue doesn't use USES.
To see how ML64 does it, use the default prologue
option prologue:prologuedef
option epilogue:epiloguedef
🍺🍺🍺

ahsat

Quote from: sinsi on April 06, 2024, 08:35:10 AM
Quote from: ahsat on April 06, 2024, 01:00:09 AMWhat version of ml64.exe are you using? I get the following with your code. No "push esi" or "pop esi".

    22: .CODE
    23:
C8 80 00 00          enter      80h,0 
48 83 EC 60          sub        rsp,60h 
48 89 4D 10          mov        qword ptr [arg1],rcx 
48 89 55 18          mov        qword ptr [arg2],rdx 
    25:  mov rsi, 789h
48 C7 C6 89 07 00 00 mov        rsi,789h 
    26:  invoke GetTickCount
FF 15 B3 3F 00 00    call        qword ptr [__imp_GetTickCount (0D95000h)] 
C9                  leave 
C3                  ret 
    27:  ret
    28: MyAlgo endp
You can tell that's hutch's prologue, and as I've said numerous times, his prologue doesn't use USES.
To see how ML64 does it, use the default prologue
option prologue:prologuedef
option epilogue:epiloguedef


Finally, something that I understand, thank you. I am sorry I didn't understand if/when you told me previously. I will try to find the masm64 SDK docs to see what else hutch is doing for me.