| |
| |
| |
|
Page: 1 2
<worm_> Where can I find documentation on ntdll, kernel32, and msvcrt dll files?
<worm_> Like their functions
<brad_mssw> what's the best way to define a constant, like an offset, in MASM-like ***emblers (specifically using WASM [watcom], but supposedly mostly compatible) ...
<brad_mssw> basically, i've got something like mov edx, DWORD PTR [8+eax] but it would be more convenient to specify as mov edx, DWORD PTR [oSS_SP+eax]
<brad_mssw> #define's don't work :/
<brad_mssw> .set doesn't work either ...
<xark> brad_mssw: Hmm, MASM supports structs IIRC (where each member is the offset into the struct).
<xark> brad_mssw: I think you can also do MYOFFSET = 8 and then use MYOFFSET (similar to #define).
<brad_mssw> yeah MYOFFSET = 8 worked, thanks
<brad_mssw> any idea how to replicate something like this '#define FUNCNAME(name) _##name
<brad_mssw> '
<brad_mssw> wish the c preprocessor for watcom could be run independantly ... so I could use it on ASM ... sure would make this easier
<brad_mssw> had to convert all this AT&T style asm to intel, what a PITA
<xark> brad_mssw: I am sure you _could_ run the C preprocessor on it if you wanted, but you would need to do the two steps manually (might not be worth it).
<xark> brad_mssw: I think MASM macros are probably what you want instead of #define macros.
<diutes> quick IA-32 question: how can I move the content of a register into the memory address that is at another register?
<xark> diutes: Something like (Intel syntax) mov [edi], eax to store eax to the address pointed to by edi.
<cp1134> on x86 with gcc, i'm noticing local arrays of a function are getting more space reserved for them than just the amount requested adjusted to the nearest word size. anyone know whats going on?
<slope> hi... if I want to be able to read a struct off a stack. all I need to do is to push the fields onto the stack in reverse order... is that correct?
<d1me0> yes
<samwise5281> asm=evil!
<samwise5281> evil!
<samwise5281> evil i say!
<samwise5281> can some1 teach me to be evil?
<d1me0> try the book on the topic (didn't read it but seems good) or try http://webster.cs.ucr.edu/ wich is good (but long)
<d1me0> see ya in a couple of months ;-)
<d1me0> wrong timing :) (and asm is definetly not for people without patience... :) )
<iojkl> hello
<d1me0> hi
<looth> I really need some brain help here:
<looth> http://pastebin.com/390045
<looth> why the crash?
<Robert> pop dword [esp+4]
<looth> yes?
<Robert> What are you trying to do?
<looth> The point is to store the flags in the parameter
<looth> disableInterrupts(&flags);
<Robert> Ah, you're one level of indirection short.
<looth> would lead to EFLAGS beeing stored in the flags parameter
<looth> oh?
<Robert> You're storing it in the parameter, that is, you're overwriting the pointer to "flags".
<Robert> Also, how does the 386 handle pop dword [esp+4] ?
<looth> [epb+4] means "the location pointed to by the first parameter" in NASM parlace?
<Robert> You should set up a stack frame pointer, really.
<Robert> Like this:
<Robert> disableInterrupts:
<Robert> push ebp
<Robert> mov ebp,esp
<Robert> pushf
<Robert> mov eax,[ebp+8]
<Robert> pop dword[eax]
<Robert> pop ebp
<Robert> ret
<looth> +8 because you pushed the base pointer?
<Robert> Yes.
<looth> How about the enableInterrupts? That's the one that crash...
<looth> stack frame there too?
<Robert> You don't HAVE to, I just used it in my example because it's more general, conventional, and easier to understand.
<Robert> push dword[esp+4] <-- this, for example, is far from obvious what it does.
<looth> ok
<looth> Why "pop dword [eax]" instead of just "pop dword [ebp+8]" directly?
<Robert> Because that both modifies esp and uses esp. But which comes first?
<looth> i c
<Robert> The behaviour of that changed after the 8086 iirc, but I don't remember which way.
<Robert> Because [ebp+8] is a pointer.
<Robert> ebp+8 is a pointer to a pointer.
<Robert> The actual value is in [[ebp+8]]
<Robert> But you can't address that directly, so you need to go via some register.
<looth> so "pop dword [[ebp+8]]" is impossible
<Robert> Yes.
<looth> How would you write restoreInterrupts?
<Robert> restoreInterrputs:
<Robert> mov eax,[esp+4] ; OK, just to make it a bit shorter...
<Robert> push dword[eax]
<Robert> popf
<Robert> ret
<looth> heh... now it crashes "occationally" :-) well, one step further
<looth> thanks
<Robert> Heh.
<Robert> OK, I'll go outside for a little while. Good luck.
<looth> thx
<dustyC> m
<mxatone> hmm I can't find which register influence a jne, cs ss es etc .. ?
<Robert> Could you rephrase that?
<lumpster> i think you want cs
<mxatone> which register work with jne
<Robert> jne reads the EFLAGS register.
<mxatone> ok
<mxatone> thxs
<Robert> http://nasm.sourceforge.net/doc/html/nasmdoc0.html
<Robert> For a reference.
<lumpster> the asm for _exit takes ebp + 8 as an arg. can i rewrite this as mov arg, ebx...followed by the exit asm?
<Robert> You can use the exit() syscall directly, yes.
<Robert> mov eax,1
<Robert> mov ebx,argument
<Robert> int 0x80
<lumpster> thats what i was wondering
<lumpster> thanks
<iojkl> hello
<Robert> Hi.
<rutski89> Some hexadecimal numbers are indistinguishable from a decimal number (to both humans and computers). Therefore, some convention is usually used to flag them.
<rutski89> In typeset text, the indication is often a subscripted suffix such as 5A316, 5A3SIXTEEN, or 5A3HEX.
<rutski89> In computer programming languages (which are nearly always plain text without such typographical distinctions as subscript and superscript) a wide variety of ways of marking hexadecimal numbers have appeared. These are also seen even in typeset text especially if that text relates to a programming language.
<rutski89> Some of the more common textual representations:
<rutski89> * Ada and VHDL enclose hexadecimal numerals in based "numeric quotes", e.g. "16#5A3#". (Note: Ada accepts this notation for all bases from 2 through 16 and for both integer and real types.)
<rutski89> * C and languages with a similar syntax (such as C++, C# and Java)
<rutski89> bleh!, what was that! heh, sry, wacked out KDE clipboard O.o
<rutski89> what i meant to copy-paste was "I'd like to learn ASM, does anyone have any good online resources to suggest?"
<wobster> see the topic
<Robert> Trial-and-error, and a good reference manual.
<Robert> http://nasm.sourceforge.net/doc/html/nasmdoc0.html -- such as this one, ihmo.
<Robert> Not extremely detailed, but contains most things you want to know.
<rutski89> Robert: heh, i was kind of hoping for a starters guide
<Robert> Well... there are a bunch around.
<Robert> But the problem is that it's very machine/system-dependant.
<rutski89> Robert: yea, the stuff in /topic is perfect acutally
<rutski89> yea :(
<wobster> uh .. there's art of ***embly. you can google for it. I think it's crap but I like to make people read it to make them go away for some weeks :p
<rutski89> well, I'd need to learn x86 nasm
<rutski89> linux based
<Robert> www.linux***embly.org
<rutski89> Robert: yea, i've been there
<archivist> and look at yasm on sourceforge
<cp1134> if i have a local char foo[4]; in a function i notice that gcc will "subl $4, %esp" but, if the array is bigger say 8 it subtracts more. why is that?
<Robert> Because that's how it allocates space for the local variables.
<cp1134> right, but in the first case (foo is 4 bytes) i notice exactly 4 being subtracted, but if i make foo 16 bytes i see it "subl $24, %esp", i wondering why it wouldn't "subl $16, %esp"
<Robert> Could be for alignment issues.
<libero> i thought of that
<libero> but doesn't seem the case
<libero> 16 is divisble by 4
<cp1134> Robert: if it's an alignment issue would i be able to notice a pattern to predict what it will subtract with a given number of bytes?
<libero> cp1134: can you check that biffer content during run time?
<Robert> libero: Some stuff needs to be aligned to 8 or 16 bytes.
<libero> see what's inside
<libero> right, but he tried 4 & 16
Return to asm
or
Go to some related
logs:
radiostyrd bil metanol
poker
metal
VB.NET "if statement" "with an and"
fete din romania
+engineer +teleport +wow
|
|