News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Hi I am new to the MASM community I am looking to learn m64

Started by SkylerAk, July 04, 2023, 03:23:09 PM

Previous topic - Next topic

SkylerAk

oh good to know, bad idea I guess lol, I just wanted to see how low level I could go Cx
Hello World!

zedd151

Quote from: SkylerAk on July 05, 2023, 10:14:45 PM
oh good to know, bad idea I guess lol, I just wanted to see how low level I could go Cx
We will never know without seeing your code. See my last reply here.

SkylerAk

Quote from: phyisio on July 05, 2023, 10:10:11 PM
Are yopu tring to make syscalls on windows10? I think the syscalls change with every new build of windows10 so you dont usually want to call them directly like on linux.

I was trying to translate some c and remove security cookies to deobfuscate the actual assembly figured it out tho ty for others wondering the c ++ flag is /GS much easier to read

for those curious I am just using syscalls to read data not write, e.g. call nf-sysinfoapi-getsysteminfo and write the data returned in rax to a lpSystemInfo

equivalent c code


SYSTEM_INFO sysinfo;
GetSystemInfo(&sysinfo);

here's how I did it

lea rcx, [rsp + 8]
call GetSystemInfo


Hello World!

jj2007

Quote from: zedd151 on July 05, 2023, 10:14:12 PM
Quote from: SkylerAk on July 05, 2023, 09:57:13 PM
I am trying to make system calls but when I run a system call it returns ffffffffh
It would help others to assist you if you posted at least the piece of code that is giving you problems, if not the full source code. This will aid in spotting any possible errors in the source code.

SkylerAk,

You can zip your *.asm file (plus other necessary stuff) and attach it to your posts. Members here want complete code and projects, as they want to build your source and see what's wrong.

If you don't do that, members will quickly categorise you under "useless script kiddie trying to hack his way through".

SkylerAk

been using this documentationhttps://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture
lpSystemInfo is in rax after that call,

I have one question tho is there a way I can store my pointer so that it can be access this struct that kinda looks like this


;---structdef---;
SystemInfo struct
    dwOemId dd ?
    wProcessorArchitecture dw ?
    wReserved dw ?
    dwPageSize dd ?
    lpMinimumApplicationAddress dq ?
    lpMaximumApplicationAddress dq ?
    dwActiveProcessorMask dd ?
    dwNumberOfProcessors dd ?
    dwProcessorType dd ?
    dwAllocationGranularity dd ?
    wProcessorLevel dw ?
    wProcessorRevision dw ?
SystemInfo ends
;---struct data---;
lpSystemInfo label SystemInfo
     dwOemId dd ?
    wProcessorArchitecture dw ?
    wReserved dw ?
    dwPageSize dd ?
    lpMinimumApplicationAddress dq ?
    lpMaximumApplicationAddress dq ?
    dwActiveProcessorMask dd ?
    dwNumberOfProcessors dd ?
    dwProcessorType dd ?
    dwAllocationGranularity dd ?
    wProcessorLevel dw ?
    wProcessorRevision dw ?

Hello World!

SkylerAk

Quote from: jj2007 on July 05, 2023, 10:32:37 PM
Quote from: zedd151 on July 05, 2023, 10:14:12 PM
Quote from: SkylerAk on July 05, 2023, 09:57:13 PM
I am trying to make system calls but when I run a system call it returns ffffffffh
It would help others to assist you if you posted at least the piece of code that is giving you problems, if not the full source code. This will aid in spotting any possible errors in the source code.

SkylerAk,

You can zip your *.asm file (plus other necessary stuff) and attach it to your posts. Members here want complete code and projects, as they want to build your source and see what's wrong.

If you don't do that, members will quickly categorise you under "useless script kiddie trying to hack his way through".

here is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros

another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)

Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)
Hello World!

jj2007

Quote from: SkylerAk on July 05, 2023, 10:47:35 PMhere is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros

Thank you. I try to build it, and get the following:

Assembling: Tmp_File.asm
*** linking hello.obj - no resources ***
POLINK: error: Unresolved external symbol '__imp_GetSystemInfo'.
POLINK: error: Unresolved external symbol '_entry_point'.
POLINK: fatal error: 2 unresolved external(s).


Your Hello.asm starts with:
.data

;-----------constants------------;


The examples in the Masm64 SDK, which build without errors, start typically with:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    include \masm64\include64\masm64rt.inc

    .code

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

entry_point proc


I suggest you become familiar with the Masm64 SDK. Nobody here is keen to learn which idiosyncratic environment or "tool chain" you are using.

Quote from: SkylerAk on July 05, 2023, 10:47:35 PM
another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)

Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)

These are good intentions, thanks. Using MS VS is an overkill for little assembly proggies, and requires that those who help you have VS installed, the right environment variables set, etc - don't count on that. I avoid VS like the plague. Few of us use it, mostly those who come from a C/C++ background. Many here use QEditor or Notepad++ instead. I use RichMasm.

If you want help, make sure your code builds with this forum's "toolchain(s)". Otherwise you will be happily ignored - promised :cool:

SkylerAk

Quote from: jj2007 on July 05, 2023, 11:00:58 PM
Quote from: SkylerAk on July 05, 2023, 10:47:35 PMhere is my hello.asm file, it's the only file in my project right now, I am new to asm in general so I am just trying to get an idea of how to use the macros

Thank you. I try to build it, and get the following:

Assembling: Tmp_File.asm
*** linking hello.obj - no resources ***
POLINK: error: Unresolved external symbol '__imp_GetSystemInfo'.
POLINK: error: Unresolved external symbol '_entry_point'.
POLINK: fatal error: 2 unresolved external(s).


Your Hello.asm starts with:
.data

;-----------constants------------;


The examples in the Masm64 SDK, which build without errors, start typically with:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    include \masm64\include64\masm64rt.inc

    .code

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

entry_point proc


I suggest you become familiar with the Masm64 SDK. Nobody here is keen to learn which idiosyncratic environment or "tool chain" you are using.

Quote from: SkylerAk on July 05, 2023, 10:47:35 PM
another thing to note I am using MS VS so I run my assembly source from there I can send you my linker options or even make a bat file to run it for you if you want,
I am using ml64.exe so calling convention uses first 4 params in registers (rcx, rdx, r8, and r9) if there are more than 4 they are on the stack and return values are return in registers (rax, xmm0)

Thanks for reminding me to post my code I will do that in the future and also think out my posts a little more beforhand (and RTFM)

These are good intentions, thanks. Using MS VS is an overkill for little assembly proggies, and requires that those who help you have VS installed, the right environment variables set, etc - don't count on that. I avoid VS like the plague. Few of us use it, mostly those who come from a C/C++ background. Many here use QEditor or Notepad++ instead. I use RichMasm.

If you want help, make sure your code builds with this forum's "toolchain(s)". Otherwise you will be happily ignored - promised :cool:

Thanks for the advice, linking errors are because lnk.exe flags are not set for /DYNAMICBASE "examplename.dll", and /ENTRY:"main"
this program wouldn't output anything anyway I have manually been inspecting the output through debug breakpoints and a memory viewer anyway

TODO check out Masm64 SDK :D


Thanks again for the help, got to go to work now but nice talking to you
Hello World!

HSE

Quote from: SkylerAk on July 04, 2023, 03:23:09 PM
I was inspired by a video I watched:

Obviously you are following hard style used in that programs, but most of us like to make things more easy  :biggrin::include \masm64\include64\masm64rt.inc

.data?

    MySystemInfo SYSTEM_INFO <>

.code

main proc
    invoke GetSystemInfo, ADDR MySystemInfo
    ret
main endp
end


Equations in Assembly: SmplMath

jj2007

Mine is almost identical:
include \masm64\include64\masm64rt.inc

.data?
align 16
SysInfo SYSTEM_INFO <>

.code
entry_point proc
  conout chr$(13, 10, 10, "--- calling GetSystemInfo ---", 13, 10)
  invoke GetSystemInfo, addr SysInfo
  conout "returned: ", hex$(rax), chr$(13, 10)
  conout "lpMinimumApplicationAddress=", hex$(SysInfo.lpMinimumApplicationAddress), chr$(13, 10)
  conout "lpMaximumApplicationAddress=", hex$(SysInfo.lpMaximumApplicationAddress), chr$(13, 10)
  conout "dwNumberOfProcessors=", str$(SysInfo.dwNumberOfProcessors), chr$(13, 10)
  conout "dwProcessorType=", str$(SysInfo.dwProcessorType), chr$(13, 10)
  conout "dwAllocationGranularity=", hex$(SysInfo.dwAllocationGranularity), chr$(13, 10)
  invoke ExitProcess, 0
  ret
entry_point endp

END


It runs fine, but I wonder why it returns such crap:
--- calling GetSystemInfo ---
returned: 50002
lpMinimumApplicationAddress=FFFEFFFF00000000
lpMaximumApplicationAddress=F000007FF
dwNumberOfProcessors=8664
dwProcessorType=65536
dwAllocationGranularity=2A070006


Here's what I get with JBasic:
This program was assembled with AsmC in 64-bit format.
SysInfo
x:SysInfo.lpMinimumApplicationAddress   10000h
x:SysInfo.lpMaximumApplicationAddress   7fffffeffffh
x:SysInfo.dwNumberOfProcessors  4h
x:SysInfo.dwProcessorType       21d8h
x:SysInfo.dwAllocationGranularity       10000h
x:SysInfo.dwPageSize    1000h


Source:
include \Masm32\MasmBasic\Res\JBasic.inc ; ## console demo, builds in 32- or 64-bit mode with UAsm, ML, AsmC ##
usedeb=1 ; 1=use the deb macro
.data?
SysInfo SYSTEM_INFO <>
.code
Init ; OPT_64 1 ; put 0 for 32 bit, 1 for 64 bit assembly
  Cls 8
  PrintLine Chr$("This program was assembled with ", @AsmUsed$(1), " in ", jbit$, "-bit format.")
  jinvoke GetSystemInfo, addr SysInfo
  deb 4, "SysInfo", x:SysInfo.lpMinimumApplicationAddress, x:SysInfo.lpMaximumApplicationAddress, x:SysInfo.dwNumberOfProcessors, x:SysInfo.dwProcessorType, x:SysInfo.dwAllocationGranularity, x:SysInfo.dwPageSize
EndOfCode

HSE

Quote from: jj2007 on July 06, 2023, 02:13:10 AM
It runs fine, but I wonder why it returns such crap:

It's what you are asking  :biggrin:

str$ and hex$ are calling vc__i64toa, but some structure members are dword and word.
Equations in Assembly: SmplMath

phyisio

Same as you Skyler im new and didnt use the masm64 sdk before. Guess we will have to learn it to be able to learn from the guys here.
Just remember to test it in a vm first  :eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:

About windows syscalls, i actually learned today you an resolve them dynamically by looking into the ntdll.dll functions that wrap around them. So i take back what i said earlier. A project exists that does this in c: https://github.com/jthuraisamy/SysWhispers2
Would be cool to implement in assembly if  it hasnt already ben done..

Caché GB

Quote from: phyisio on July 06, 2023, 03:12:46 AM
  :eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:

@phyisio - now play nice.


Caché GB's 1 and 0-nly language:MASM

zedd151

Quote from: phyisio on July 06, 2023, 03:12:46 AM
this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:

This forum has been around since 2012. Before that there was a forum, also run by hutch since 2005 and until 2012 when this forum was created, before that I do not have any details but know that hutch has been working with assembly language since the days of MSDOS. Some of the long-time members (from way, way back) might be able to fill in more details.
I highly doubt that you will find any malware within the pages of this forum, nor in either the Masm32 SDK or the Masm64 SDK (regardless of what crappy AV software may try to lead you to believe).

Quote from: Caché GB on July 06, 2023, 04:08:30 AM
Quote from: phyisio on July 06, 2023, 03:12:46 AM
  :eusa_naughty: this whole forum might be a big scheme to make us download malware! :rolleyes: :eusa_dance:

@phyisio - now play nice.
Yes, be nice.   :thumbsup:



phyisio