Jump to content
Beege

Flat assembler "g" UDF with x64

By Beege, in AutoIt Example Scripts

Recommended Posts

Beege    72

Beege
Posted (edited)

 

Here is the latest assembly engine from Tomasz Grysztar, flat assembler g as a dll which I compiled using original fasm engine. He doesn't have it compiled in the download package but it was as easy as compiling a exe in autoit if you ever have to do it yourself. Just open up the file in the fasm editor and press F5. 

You can read about what makes fasmg different from the original fasm HERE if you want . The minimum you should understand is that this engine is bare bones by itself not capable of very much. The macro engine is the major difference and it uses macros for basically everything now including implementing the x86 instructions and formats. All of these macros are located within the include folder and you should keep that in its original form.  

When I first got the dll compiled I couldn't get it to generate code in flat binary format. It was working but size of output was over 300 bytes no matter what the assembly code and could just tell it was outputting a different format than binary. Eventually I figured out that within the primary "include\win32ax.inc"', it executes a macro "format PE GUI 4.0" if x86 has not been defined. I underlined macro there because at first I (wasted shit loads of time because I) didn't realize it was a macro (adding a bunch of other includes) since in version 1 the statement "format binary" was a default if not specified and specifically means add nothing extra to the code. So long story short, the part that I was missing is including the cpu type and extensions from include\cpu folder. By default I add x64 type and SSE4 ext includes. Note that the x64 here is not about what mode we are running in, this is for what instructions your cpu supports. if you are running on some really old hardware that may need to be adjusted or if your on to more advanced instructions like the avx extensions, you may have to add those includes to your source. 

Differences from previous dll function

I like the error reporting much better in this one. With the last one we had a ton error codes and a variable return structure depending on what kind of error it had. I even had an example showing you what kind of an error would give you correct line numbers vs wouldn't. With this one the stdout is passed to the dll function and it simply prints the line/details it had a problem with to the console. The return value is the number of errors counted.

It also handles its own memory needs automatically now . If the output region is not big enough it will virtualalloc a new one and virtualfree the previous.  

Differences in Code

Earlier this year I showed some examples of how to use the macros to make writing assembly a little more familiar. Almost all the same functionality exists here but there are a couple syntax sugar items gone and slight change in other areas. 

Whats gone is FIX and PTR. Both syntax sugar that dont really matter. 

A couple changes to structures as well but these are for the better. One is unnamed elements are allowed now, but if it does not have a name, you are not allowed to initialize those elements during creation because they can only be intialized via syntax name:value . Previously when you initialized the elements, you would do by specifying values in a comma seperated list using the specific order like value1,value2,etc, but this had a problem because it expected commas even when the elements were just padding for alignment so this works out better having to specify the name and no need for _FasmFixInit function. "<" and ">" are not longer used in the initializes ether. 

OLD:
$sTag = 'byte x;short y;char sNote[13];long odd[5];word w;dword p;char ext[3];word finish'
_(_FasmAu3StructDef('AU3TEST', $sTag));convert and add definition to source
_(' tTest AU3TEST ' & _FasmFixInit('1,222,<"AutoItFASM",0>,<41,43,43,44,45>,6,7,"au3",12345', $sTag));create and initalize

New:
$sTag = 'byte x;short y;char sNote[13];long odd[5];word w;dword p;char ext[3];word finish'
_(_fasmg_Au3StructDef('AU3TEST', $sTag)) ;convert and add definition to source
_(' tTest AU3TEST x:11,y:22,sNote:"AutoItFASM",odd:41,odd+4:42,odd+8:43,w:6,p:7,ext:"au3",finish:12345');create and initalize

Extra Includes

I created a includeEx folder for the extra macros I wrote/found on the forums. Most of them are written by Thomaz so they may eventually end up in the standard library. 

 Align.inc, Nop.inc, Listing.inc

The Align and Nop macros work together to align the next statement to whatever boundary you specified and it uses multibyte nop codes to fill in the space. Filling the space with nop is the default but you can also specify a fill value if you want. Align.assume is another macro part of align.inc that can be used to set tell the engine that a certain starting point is assumed to be at a certain boundary alignment and it will do its align calculations based on that value. 

Listing is a macro great for seeing where and what opcodes are getting generated from each line of assembly code.  Below is an example of the source and output you would see printed to the console during the assembly. I picked this slightly longer example because it best shows use of align, nop, and then the use of listing to verify the align/nop code. Nop codes are instructions that do nothing and one use of them is to insert nop's as space fillers when you want a certian portion of your code to land on a specific boundary offset. I dont know all the best practices here with that (if you do please post!) but its a type of optimization for the cpu.  Because of its nature of doing nothing, I cant just run the code and confirm its correct because it didnt crash. I need to look at what opcodes the actual align statements made and listing made that easy. 

source example: 

_('procf _main stdcall, pAdd')
    _(' mov eax, [pAdd]')
    _(' mov dword[eax], _crc32')
    _(' mov dword[eax+4], _strlen')
    _(' mov dword[eax+8], _strcmp')
    _(' mov dword[eax+12], _strstr')
    _(' ret')
    _('endp')

    _('EQUAL_ORDERED        = 1100b')
    _('EQUAL_ANY            = 0000b')
    _('EQUAL_EACH           = 1000b')
    _('RANGES               = 0100b')
    _('NEGATIVE_POLARITY    = 010000b')
    _('BYTE_MASK            = 1000000b')

    _('align 8')
    _('proc _crc32 uses ebx ecx esi, pStr')
    _(' mov esi, [pStr]')
    _(' xor ebx, ebx')
    _(' not ebx')
    _(' stdcall _strlen, esi')
    _(' .while eax >= 4')
    _('     crc32 ebx, dword[esi]')
    _('     add esi, 4')
    _('     sub eax, 4')
    _(' .endw')
    _(' .while eax')
    _('     crc32 ebx, byte[esi]')
    _('     inc esi')
    _('     dec eax')
    _(' .endw')
    _(' not ebx')
    _(' mov eax, ebx')
    _(' ret')
    _('endp')

    _('align 8, 0xCC') ; fill with 0xCC instead of NOP
    _('proc _strlen uses ecx edx, pStr')
    _(' mov ecx, [pStr]')
    _(' mov edx, ecx')
    _(' mov eax, -16')
    _(' pxor xmm0, xmm0')
    _(' .repeat')
    _('     add eax, 16')
    _('     pcmpistri xmm0, dqword[edx + eax], 1000b') ;EQUAL_EACH')
    _(' .until ZERO?') ; repeat loop until Zero flag (ZF) is set
    _(' add eax, ecx') ; add remainder
    _(' ret')
    _('endp')

    _('align 8')
    _('proc _strcmp uses ebx ecx edx, pStr1, pStr2') ; ecx = string1, edx = string2'
    _(' mov ecx, [pStr1]') ; ecx = start address of str1
    _(' mov edx, [pStr2]') ; edx = start address of str2
    _(' mov eax, ecx') ; eax = start address of str1
    _(' sub eax, edx') ; eax = ecx - edx | eax = start address of str1 - start address of str2
    _(' sub edx, 16')
    _(' mov ebx, -16')
    _(' STRCMP_LOOP:')
    _('     add ebx, 16')
    _('     add edx, 16')
    _('     movdqu xmm0, dqword[edx]')
    _('     pcmpistri xmm0, dqword[edx + eax], EQUAL_EACH + NEGATIVE_POLARITY') ; EQUAL_EACH + NEGATIVE_POLARITY ; find the first *different* bytes, hence negative polarity'
    _('     ja STRCMP_LOOP') ;a         CF or ZF = 0        above
    _(' jc STRCMP_DIFF') ;c             cf=1            carry
    _(' xor eax, eax') ; the strings are equal
    _(' ret')
    _(' STRCMP_DIFF:')
    _(' mov eax, ebx')
    _(' add eax, ecx')
    _(' ret')
    _('endp')

    _('align 8')
    _('proc _strstr uses ecx edx edi esi, sStrToSearch, sStrToFind')
    _(' mov ecx, [sStrToSearch]')
    _(' mov edx, [sStrToFind]')
    _(' pxor xmm2, xmm2')
    _(' movdqu xmm2, dqword[edx]') ; load the first 16 bytes of neddle')
    _(' pxor xmm3, xmm3')
    _(' lea eax, [ecx - 16]')
    _(' STRSTR_MAIN_LOOP:') ; find the first possible match of 16-byte fragment in haystack')
    _('     add eax, 16')
    _('     pcmpistri xmm2, dqword[eax], EQUAL_ORDERED')
    _('     ja STRSTR_MAIN_LOOP')
    _(' jnc STRSTR_NOT_FOUND')
    _(' add eax, ecx ') ; save the possible match start')
    _(' mov edi, edx')
    _(' mov esi, eax')
    _(' sub edi, esi')
    _(' sub esi, 16')
    _(' @@:') ; compare the strings
    _('     add esi, 16')
    _('     movdqu xmm1, dqword[esi + edi]')
    _('     pcmpistrm xmm3, xmm1, EQUAL_EACH + NEGATIVE_POLARITY + BYTE_MASK') ; mask out invalid bytes in the haystack
    _('     movdqu xmm4, dqword[esi]')
    _('     pand xmm4, xmm0')
    _('     pcmpistri xmm1, xmm4, EQUAL_EACH + NEGATIVE_POLARITY')
    _('     ja @b')
    _(' jnc STRSTR_FOUND')
    _(' sub eax, 15') ;continue searching from the next byte
    _(' jmp STRSTR_MAIN_LOOP')
    _(' STRSTR_NOT_FOUND:')
    _('     xor eax, eax')
    _('     ret')
    _(' STRSTR_FOUND:')
    _('     sub eax, [sStrToSearch]')
    _('     inc eax')
    _('     ret')
    _('endp')

Listing Output: 

00000000:                         use32
00000000: 55 89 E5                procf _main stdcall, pAdd
00000003: 8B 45 08                mov eax, [pAdd]
00000006: C7 00 28 00 00 00       mov dword[eax], _crc32
0000000C: C7 40 04 68 00 00 00    mov dword[eax+4], _strlen
00000013: C7 40 08 90 00 00 00    mov dword[eax+8], _strcmp
0000001A: C7 40 0C D8 00 00 00    mov dword[eax+12], _strstr
00000021: C9 C2 04 00             ret
00000025:                         localbytes = current
00000025:                         purge ret?,locals?,endl?,proclocal?
00000025:                         end namespace
00000025:                         purge endp?
00000025:                         EQUAL_ORDERED = 1100b
00000025:                         EQUAL_ANY = 0000b
00000025:                         EQUAL_EACH = 1000b
00000025:                         RANGES = 0100b
00000025:                         NEGATIVE_POLARITY = 010000b
00000025:                         BYTE_MASK = 1000000b
00000025: 0F 1F 00                align 8
00000028: 55 89 E5 53 51 56       proc _crc32 uses ebx ecx esi, pStr
0000002E: 8B 75 08                mov esi, [pStr]
00000031: 31 DB                   xor ebx, ebx
00000033: F7 D3                   not ebx
00000035: 56 E8 2D 00 00 00       stdcall _strlen, esi
0000003B: 83 F8 04 72 0D          .while eax >= 4
00000040: F2 0F 38 F1 1E          crc32 ebx, dword[esi]
00000045: 83 C6 04                add esi, 4
00000048: 83 E8 04                sub eax, 4
0000004B: EB EE                   .endw
0000004D: 85 C0 74 09             .while eax
00000051: F2 0F 38 F0 1E          crc32 ebx, byte[esi]
00000056: 46                      inc esi
00000057: 48                      dec eax
00000058: EB F3                   .endw
0000005A: F7 D3                   not ebx
0000005C: 89 D8                   mov eax, ebx
0000005E: 5E 59 5B C9 C2 04 00    ret
00000065:                         localbytes = current
00000065:                         purge ret?,locals?,endl?,proclocal?
00000065:                         end namespace
00000065:                         purge endp?
00000065: CC CC CC                align 8, 0xCC
00000068: 55 89 E5 51 52          proc _strlen uses ecx edx, pStr
0000006D: 8B 4D 08                mov ecx, [pStr]
00000070: 89 CA                   mov edx, ecx
00000072: B8 F0 FF FF FF          mov eax, -16
00000077: 66 0F EF C0             pxor xmm0, xmm0
0000007B:                         .repeat
0000007B: 83 C0 10                add eax, 16
0000007E: 66 0F 3A 63 04 02 08    pcmpistri xmm0, dqword[edx + eax], 1000b
00000085: 75 F4                   .until ZERO?
00000087: 01 C8                   add eax, ecx
00000089: 5A 59 C9 C2 04 00       ret
0000008F:                         localbytes = current
0000008F:                         purge ret?,locals?,endl?,proclocal?
0000008F:                         end namespace
0000008F:                         purge endp?
0000008F: 90                      align 8
00000090: 55 89 E5 53 51 52       proc _strcmp uses ebx ecx edx, pStr1, pStr2
00000096: 8B 4D 08                mov ecx, [pStr1]
00000099: 8B 55 0C                mov edx, [pStr2]
0000009C: 89 C8                   mov eax, ecx
0000009E: 29 D0                   sub eax, edx
000000A0: 83 EA 10                sub edx, 16
000000A3: BB F0 FF FF FF          mov ebx, -16
000000A8:                         STRCMP_LOOP:
000000A8: 83 C3 10                add ebx, 16
000000AB: 83 C2 10                add edx, 16
000000AE: F3 0F 6F 02             movdqu xmm0, dqword[edx]
000000B2: 66 0F 3A 63 04 02 18    pcmpistri xmm0, dqword[edx + eax], EQUAL_EACH + NEGATIVE_POLARITY
000000B9: 77 ED                   ja STRCMP_LOOP
000000BB: 72 09                   jc STRCMP_DIFF
000000BD: 31 C0                   xor eax, eax
000000BF: 5A 59 5B C9 C2 08 00    ret
000000C6:                         STRCMP_DIFF:
000000C6: 89 D8                   mov eax, ebx
000000C8: 01 C8                   add eax, ecx
000000CA: 5A 59 5B C9 C2 08 00    ret
000000D1:                         localbytes = current
000000D1:                         purge ret?,locals?,endl?,proclocal?
000000D1:                         end namespace
000000D1:                         purge endp?
000000D1: 0F 1F 80 00 00 00 00    align 8
000000D8: 55 89 E5 51 52 57 56    proc _strstr uses ecx edx edi esi, sStrToSearch, sStrToFind
000000DF: 8B 4D 08                mov ecx, [sStrToSearch]
000000E2: 8B 55 0C                mov edx, [sStrToFind]
000000E5: 66 0F EF D2             pxor xmm2, xmm2
000000E9: F3 0F 6F 12             movdqu xmm2, dqword[edx]
000000ED: 66 0F EF DB             pxor xmm3, xmm3
000000F1: 8D 41 F0                lea eax, [ecx - 16]
000000F4:                         STRSTR_MAIN_LOOP:
000000F4: 83 C0 10                add eax, 16
000000F7: 66 0F 3A 63 10 0C       pcmpistri xmm2, dqword[eax], EQUAL_ORDERED
000000FD: 77 F5                   ja STRSTR_MAIN_LOOP
000000FF: 73 30                   jnc STRSTR_NOT_FOUND
00000101: 01 C8                   add eax, ecx
00000103: 89 D7                   mov edi, edx
00000105: 89 C6                   mov esi, eax
00000107: 29 F7                   sub edi, esi
00000109: 83 EE 10                sub esi, 16
0000010C:                         @@:
0000010C: 83 C6 10                add esi, 16
0000010F: F3 0F 6F 0C 3E          movdqu xmm1, dqword[esi + edi]
00000114: 66 0F 3A 62 D9 58       pcmpistrm xmm3, xmm1, EQUAL_EACH + NEGATIVE_POLARITY + BYTE_MASK
0000011A: F3 0F 6F 26             movdqu xmm4, dqword[esi]
0000011E: 66 0F DB E0             pand xmm4, xmm0
00000122: 66 0F 3A 63 CC 18       pcmpistri xmm1, xmm4, EQUAL_EACH + NEGATIVE_POLARITY
00000128: 77 E2                   ja @b
0000012A: 73 0F                   jnc STRSTR_FOUND
0000012C: 83 E8 0F                sub eax, 15
0000012F: EB C3                   jmp STRSTR_MAIN_LOOP
00000131:                         STRSTR_NOT_FOUND:
00000131: 31 C0                   xor eax, eax
00000133: 5E 5F 5A 59 C9 C2 08 00 ret
0000013B:                         STRSTR_FOUND:
0000013B: 2B 45 08                sub eax, [sStrToSearch]
0000013E: 40                      inc eax
0000013F: 5E 5F 5A 59 C9 C2 08 00 ret
00000147:                         localbytes = current
00000147:                         purge ret?,locals?,endl?,proclocal?
00000147:                         end namespace
00000147:                         purge endp?

 

procf and forcea macros

In my previous post I spoke about the force macro and why the need for it. I added two more macros (procf and forcea) that combine the two and also sets align.assume to the same function. As clarified in the previous post, you should only have to use these macros for the first procedure being defined (since nothing calls that procedure). And since its the first function, it should be the starting memory address which is a good place to initially set the align.assume address to. 

Attached package should include everything needed and has all the previous examples I posted updated. Let me know if I missed something or you have any issues running the examples and thanks for looking :)

fasmg 10-26-2019.zip

Previous versions:

Spoiler

fasmg 7-29-2019.zip

fasmg 8-25-2019.zip

fasmg 9-14-2019.zip

fasmg 10-14-2019.zip

 

 

Edited by Beege
Added x64 support - corrected stack alignment issues
Werty, junkew, UEZ and 2 others reacted to this

Share this post

Link to post
Share on other sites

Beege    72

Beege
Posted (edited)

I updated this with a couple new functions to make compiling and debugging variables easier.

_fasmg_CompileAu3 will generate the au3 code needed for a standalone function without the library and place it on the clipboard. It will also encode/compress the opcode and generate the required code to decode/decompress, but only if its worth it. If the amount of extra au3 code it takes to decode is more than the number of characters saved from encoding, then I dont see the point. Below is the input/output you would get from the first example where base64 would not be worth it. The base64 saves us about 20 characters in the opcode, but even with a single one liner (with length precalculated when compiled) to decode the string its about 170 character long so for this example it would pick base16. 

Input: 

_('procf _main, pConsoleWriteCB, parm1, parm2')
_('     mov edx, [parm1]')
_('     add edx, [parm2]')
_('     invoke pConsoleWriteCB, "edx = ", edx') ;
_('     ret')
_('endp')

_fasmg_compileau3($g_sFasm)

Output: 

;base16
Local Static $dBinExec = Binary('0x5589E58B550C03551052E807000000656478203D2000FF5508C9C20C00')
Local Static $tBinExec = DllStructCreate('byte[' & BinaryLen($dBinExec) & ']'), $bSet = DllStructSetData($tBinExec, 1, $dBinExec)
Local Static $aProtect = DllCall('kernel32.dll', 'bool', 'VirtualProtect', 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec), 'dword', 0x40, 'dword*', 0)
Local Static $aFlush = DllCall('kernel32.dll', 'bool', 'FlushInstructionCache', 'handle', (DllCall('kernel32.dll', 'handle', 'GetCurrentProcess')[0]), 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec))

;base64
Local Static $sBinExec = 'VYnli1UMA1UQUugHAAAAZWR4ID0gAP9VCMnCDAA='
Local Static $aDec = DllCall('Crypt32.dll', 'bool', 'CryptStringToBinary', 'str', $sBinExec, 'dword', Null, 'dword', 1, 'struct*', DllStructCreate('byte[' & 29 & ']'), 'dword*', 29, 'ptr', 0, 'ptr', 0)
Local Static $tBinExec = DllStructCreate('byte[' & $aDec[5] & ']', DllStructGetPtr($aDec[4]))
Local Static $aProtect = DllCall('kernel32.dll', 'bool', 'VirtualProtect', 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec), 'dword', 0x40, 'dword*', 0)
Local Static $aFlush = DllCall('kernel32.dll', 'bool', 'FlushInstructionCache', 'handle', (DllCall('kernel32.dll', 'handle', 'GetCurrentProcess')[0]), 'struct*', $tBinExec, 'dword_ptr', DllStructGetSize($tBinExec))

_fasmg_Debug is the other much needed function that has been added. Ive gotten annoyed with copying callbacks from script to script just to debug and wanted something native that could handle all the basics. The function inserts ptr's to callbacks directly into the code so you cant use it in a compiled function but you wouldnt want to do that anyway. This also makes it so we dont have to pass the callback as a parameter.  I have 4 callbacks setup that I think covers all my bases but let me know if not. The function excepts a comma delimited string of "type:var" parings using ":" operator to pair and will generate asm code to call the correct callback. The function excepts all autoit types allowed for dllcall and actually uses the literal string specifying the type to dynamically register a function for that variable type.  I didn't always know this (never really needed to) but apparently we can register the same autoit function multiple times with DllCallbackRegister specifying different parameter types with each registration. With that functionality Im able to just create a "wildcard" type function and register the types as needed so that one callback covers most situations. The other 3 callbacks cover dll structures, raw quoted strings (no variable specified), and lastly references (ex: int*).  For whatever reason, specifying the parameters in the callback as references doesn't work out right and doesn't deference so to get around that I send it to a function that creates a dllstruct at the pointer address and access it that way. I also added ability to specify hi/low values using the '|' operator. So "int64:eax|edx" would show you the combined 64bit value of eax and edx.  

For dll structures I made a made modified (basically a copy) version of _winapi_displaystruct  that will print the data to the console instead of showing you listview. Despite the length of that function, it was actually real easy to modify by just replacing all the GUICtrlCreateListViewItem statements with _addarray() to turn it into a 2darray. All the statements are already deliminted with '|' so that worked out nice. I then pass that 2darray to _Array2DToFormatedStr() to convert and format the alignment of all the columns based on longest element in that column before printing so we have a nice table. The dashes help out with the colors too. Here is the output from the example in the helpfile:

Console.PNG.b6092969b1f64f5e8514ae9c0664200c.PNG

 

Debug Example:       

$_dbg = _fasmg_Debug ; (shortcut)
    
    $sTag = 'byte x;short y;char sNote[13];long odd[3];word w;dword p;char ext[3];word finish'
    _(_fasmg_Au3StructDef('AU3TEST', $sTag))

    _('procf _main, parm1, parm2')
    _('     locals')
    _('         iTestSigned dd -12345')
    _('         iTestUnsigned dd 1234567')
    _('         stest db "This is a local string test",0')
    _('         sBuffer db 128 dup ?')
    _('         tTest AU3TEST x:11,y:22,sNote:"Test Msg",odd:333,odd+4:444,odd+8:555,w:77,p:6666,ext:"exe",finish:1234') ;
    _('     endl')
    _("     xor eax, eax") ; eax = 0
    _('     mov bl, 13') ; bl = 13
    _($_dbg('str:"#########################"')) ;; raw string - no variable specified
    _($_dbg('int:[iTestSigned]')) ; signed test
    _($_dbg('uint:[iTestUnsigned]')) ; unsigned test
    _("     cpuid") ; places cpuid string in ebx:ecx:edx
    _("     lea edi, [sBuffer]") ; Load address (ptr) of sBuffer into edi
    _("     mov [edi], ebx") ; first 4 chars of cpuid
    _("     mov [edi + 4], edx") ;
    _("     mov [edi + 8], ecx")
    _("     mov dword[edi + 12], 0")
    _($_dbg('str:edi')) ; will print cpuid string. Edi is holding ptr to local var "sBuffer"
    _('     mov edx, [parm1]')
    _('     add edx, [parm2]')
    _($_dbg('struct:addr tTest:' & $sTag)) ; printing structure. Only type that expects an extra ':' to specify "$sTag"
    _('     mov ebx, 77')
    _('     rdtsc')
    _($_dbg('str:"-----------------------"'))
    _($_dbg('uint*:addr iTestUnsigned')) ;testing passing a reference to it
    _($_dbg('uint:[iTestUnsigned]')) ; should be same
    _($_dbg('str:"-----------------------"'))
    _('     rdtsc') ; this places 64bit timestamp value in eax|edx
    _($_dbg('dword:ebx,uint:[iTestUnsigned],str:addr stest,dword:eax,uint64:eax|edx')); debugging multiple vars. printing 64bit timestamp stored in eax|edx
    _('     rdtsc')
    _($_dbg('uint64:eax|edx,dword:[parm1]'))
    _('     ret')
    _('endp')

Console Output: 

#########################
[iTestSigned]: -12345
[iTestUnsigned]: 1234567
edi: GenuineIntel
Struct addr tTest:
====================================================================
#    Member    Offset        Type           Size      Value       
====================================================================
-    -         0x005EF118    <struct>       0         -           
1    x         0             BYTE           1         11          
-    -         -             <alignment>    1         -           
2    y         2             short          2         22          
3    sNote     4             CHAR[13]       13        Test Msg    
-    -         -             <alignment>    3         -           
4    odd       20            long[3]        12 (4)    [1] 333     
-    -         24            -              -         [2] 444     
-    -         28            -              -         [3] 555     
5    w         32            WORD           2         77          
-    -         -             <alignment>    2         -           
6    p         36            DWORD          4         6666        
7    ext       40            CHAR[3]        3         exe         
-    -         -             <alignment>    1         -           
8    finish    44            WORD           2         1234        
-    -         -             <alignment>    2         -           
-    -         0x005EF148    <endstruct>    48        -           
====================================================================
-----------------------
iTestUnsigned*: 1234567
[iTestUnsigned]: 1234567
-----------------------
ebx: 77
[iTestUnsigned]: 1234567
stest*: This is a local string test
eax: 3773413439
eax|edx: 3154339424745535
eax|edx: 3154339424841536
[parm1]: 5

 

Update 9/14/2019:

I added some additional commenting/renaming options for _fasmg_Debug and also added a small example showing a new trick I learned recently used in position independent coding (pic) to establish where you are in memory.

For the debugging portion you can now also optionally change the name/comment of what you are printing by adding a semicolon ";" with new name/comment. Normally the function will just use the variable name. This replaces it with whatever you put after ";". Lets say here some_var = 6 

 _fasmg_Debug('dword:[some_var]') ; would print to console -> [some_var]: 6
 _fasmg_Debug('dword:[some_var];value of some_var') ; would print to console -> value of some_var: 6

 

For the trick I learned, I like this as an alternative to passing the address of the structure to your function if your using any kind of global/static variable like data reservations. Heres a partial snip from original _Ex_GlobalVars example of what Im talking about. pMem is the address of the dllstructure holding are binary code and is passed as a parameter so we can calculate the address of g_Var1: 

_('procf _main uses ebx, pMem, pConsoleWriteCB, parm1')
_('     mov ebx, [pMem]') ; This is where are code starts in memory.
_('     mov [ebx + g_Var1], 111')

 The alternative way can be done with these three lines below. Whenever the x86 instruction call is executed, the address of where the function needs to return to when finished (which will be the next line) is always pushed on to the stack. This is normally complemented with the ret instruction which pops that value off the stack and returns you back where you need to go next. Here we never execute ret and pop the address off to eax. delta is then subtracted from that address giving us the original starting point.  

_('call delta')
_('delta: pop eax');  eax now equals address of delta
_('sub eax, delta');  eax now equals start of memory

Heres the full example I added to the zip. This also shows how with fasmg, you get true namespaces and makes any data reservation inside procedures more like static variables. Here both _subfunc1 and _subfunc2 use the same names for label delta and data reservation var. I call the function 3 times just to show the variables holding on to there values between calls. In this example the life of those variables would die when the autoit function exits since I only declared $tbinary as local and not static so keep that it mind. Also notice that I defined those with a 0 and not "?". I dont have a example but without the 0 the data is just empty and there for I think it could cause the dllstructure to not have enough bytes define to hold that extra space for variables. Using 0 will always fill the data out so are BinaryLen() calculation will match up.  

Func _Ex_CurrentPOS()

    $g_sFasm = ''

    _('procf _main')
    _('     stdcall _subfunc1')
    _('     stdcall _subfunc2')
    _('     ret')
    _('endp')

    _('proc _subfunc1')
    _('     call delta'); Calling anything places the address of the next instruction on the stack. we just happen to be calling the next line
    _('     delta: pop eax');in this function the label delta is equal to value 18 which is the offset or distance in bytes from _main
    _('     sub eax, delta'); after poping the address of delta (not offset - real address) to eax we subtract delta to give us the address of _main
    _('     add [eax+var], 2')
    _('     add [eax+g_var], 2')
    _(      $_dbg('dword:[eax+var];subfunc1 var'))
    _(      $_dbg('dword:[eax+g_var];subfunc1 g_var'))
    _('     stdcall _subfunc2')
    _('     ret')
    _('     var dd 0')
    _('endp')

    _('proc _subfunc2')
    _('     call delta')
    _('     delta: pop eax');  here delta=47
    _('     sub eax, delta')
    _('     add [eax+var], 3')
    _('     add [eax+g_var], 3')
    _(      $_dbg('dword:[eax+var];subfunc2 var'))
    _(      $_dbg('dword:[eax+g_var];subfunc2 g_var'))
    _('     ret')
    _('     var dd 0')
    _('endp')

    _('g_var dd 0')

    Local $tBinary = _fasmg_Assemble($g_sFasm,1)
    If @error Then Exit (ConsoleWrite($tBinary & @CRLF))

    DllCallAddress('dword', DllStructGetPtr($tBinary))
    DllCallAddress('dword', DllStructGetPtr($tBinary))
    DllCallAddress('dword', DllStructGetPtr($tBinary))

EndFunc

 

Edited by Beege
code comments

Share this post

Link to post
Share on other sites

Beege    72

Beege
Posted (edited)

X64 Support:

The other day @UEZ gave me some motivation to get x64 working in my udf. At this time there is no fasmg.dll that runs in 64bit mode, but much like the original fasm.dll, the 32bit fasmg.dll is perfectly capable of generating x64 bit code since generating code vs executing code are two different things.  So to get x64 working, a simple method I implemented is to just pass the source over to a 32bit script, generate the code and pass it back. I tried the same thing years ago and it did work when it comes to the 64bit code generation. The problems I had were how I lost so much the debugging options I had in place when running in 32bit mode and defeated a lot of the library's purpose of making asm code writing easier. 

This time I am happy to report that I'm able to get it all working and not lose any of the debugging/format options that are all in place for 32bit. All the macros I have been showing in 32bit exist for 64bit just the same and I have added code to make the proper selection.   I've only written the one debugging example for testing purposes so far but covers a decent amount of the functionality plus took me a solid weekend to get there. 

Here are some of the basics you should know about x64 calling conventions and pitfalls that I learned a so far.  

First is fastcall. There is really only one call type and that is fastcall. With fastcall the first 4 parameters are passed in rcx,rdx,r8,r9. Space is still reserved on the stack for the first 4 parms, but they are empty at first and you can choose to transfer the variables to the space once in the function. rax, rcx, rdx, r8-r11 are all volatile registers so if you are going to be calling another function from within your function or using those registers for other purposes, then you should backup the parameter values in that space. For the other registers that are nonvolatile (rbx, rdi, rsi, r12-r15), its important to save those values using the "uses" operator if you are using them ANYWHERE in your function. x64 seems way less forgiving in that aspect then 32bit did.  

_('procf _main uses rbx rdi, parm1, parm2, parm3, parm4')
_('     mov [parm1], rcx')
_('     mov [parm2], rdx')
_('     mov [parm3], r8')
_('     mov [parm4], r9')

 Two items that tripped me up for a little bit. One is calling a function if the ptr is in rcx. I was passing a callback pointer as my first parameter discovering this. Its kinda obvious now that problem is tied in with ecx being a parameter but was not thinking about it at the time. The other issue is trying to persevere any kind of volatile register between a function call via push/pop. For whatever reason any kind of push R#X; call func; pop R#X fails with some kind of stack alignment issue. You can get around this by either backing up the values in a local variable or transfer whatever volatile register to r12-15 if not being used. If you know what the problem is there please let me know.  

;use of push/pop is ok
_(' push rdx') ; 
_(' pop rcx') ; 
_(' fastcall rax') ; call some function
_(' push rax') ; 
_(' pop rcx') ; 


;its calling a function when ever the stack is not balanced that fails
_(' push rdx') ; preserve rdx
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore

First post has been updated.  Reporting issues, questions, comments. Believe it or not these are all allowed ;)

 

Update - 10/26/2019

I got stack alignment issues figured out. The key is keeping the stack 16 byte aligned and its very easy. Just always push the values you want to preserve in mulitples of 2. In the above code when I only push rdx (1 register) so the alignment is now on 8. We just need to push the value once more or you could also add a 'sub rsp, 8' statement but a little more code.

Here we are pushing 2 registers so this is aligned ok: 

_(' push rcx') ; preserve rcx
_(' push rdx') ; preserve rdx
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore
_(' pop rcx') ; restore

Here we would have an odd number of 3 so Ill push the last one twice 

_(' push rax') ; preserve rax
_(' push rcx') ; preserve rcx
_(' push rdx') ; preserve rdx
_(' push rdx') ; preserve rdx ; <===========Extra push
_(' fastcall rax') ; call some function
_(' pop rdx') ; restore ; <===========Extra pop
_(' pop rdx') ; restore
_(' pop rcx') ; restore
_(' pop rax') ; restore

With that figured out the _fasm_debug function now properly preserves all the volatile registers so you can see whats in them without wiping other registers. First post updated

Edited by Beege
UEZ reacted to this

Share this post

Link to post
Share on other sites

UEZ    1,170

UEZ
Posted

Thanks for the update @Beege. Meanwhile I've solved my x64 addressing issue and the code seams to run properly for 15/16-bit images.

 

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post

Link to post
Share on other sites

Beege    72

Beege
Posted
5 hours ago, UEZ said:

Thanks for the update @Beege. Meanwhile I've solved my x64 addressing issue and the code seams to run properly for 15/16-bit images.

 

You got it. Good job on your x64 code! I wish it was as easy as swapping R's with E's... but that is certainly not the case! :mad2:

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing

  • Similar Content

    • Beege
      MS Classic Bounce Multithreading Example with 128 threads
      By Beege
      Here is an old goodie from ms demonstrating concepts behind multithreading and using mutexes to control sharing the screen. Its unfortunately just a console application so you have to press compile (f7) to run (can get annoying if you want to play with the code) but still pretty cool :). Each little question mark box (could be any character (used to be a smiley face in win 7)) is its own thread keeping track of its own coordinates. Each thread shares the screenmutex by kinda waiting in line for ownership of it. When the thread gains control it updates the screen, then releases the mutex for the next thread. 

       
      First I wrote it in pure autoit to confirm all working as expected. The Console functions actually threw me for a loop. They actual want the whole value of the coord structs and not a ptr to it so that "struct" without a * was a little uncommon. Below au3 code is just the lonely cell bouncing around.
      Func _BounceAU3() ;set a random starting id. we use this to rotate the colors Local $iMyID = Random(1, 15, 1) Local $tMyCell = DllStructCreate('char mc'), $tOldCell = DllStructCreate('char oc') Local $tMyAttrib = DllStructCreate('word ma'), $tOldAttrib = DllStructCreate('word oa') Local $tCoords = DllStructCreate($tagCOORD), $tOld = DllStructCreate($tagCOORD) Local $tDelta = DllStructCreate($tagCOORD) ;Random start and delta values $tCoords.X = Random(0, 119, 1) $tCoords.Y = Random(0, 29, 1) $tDelta.X = Random(-3, 3, 1) $tDelta.Y = Random(-3, 3, 1) ;set character/cell attributes $tMyCell.mc = $iMyID > 16 ? 0x01 : 0x02 ; doesnt seem to make a differnce in windows 10 $tMyAttrib.ma = BitAND($iMyID, 0x0F) ; Set the character color Do ;check the last position values DllCall('kernel32.dll', "bool", "ReadConsoleOutputCharacter", "handle", $g_hStdHandle, "struct*", $tOldCell, "dword", 1, "struct", $tOld, "dword*", 0) DllCall('kernel32.dll', "bool", "ReadConsoleOutputAttribute", "handle", $g_hStdHandle, "struct*", $tOldAttrib, "dword", 1, "struct", $tOld, "dword*", 0) ;if the last postion was this cell, blank/empty the cell. (Otherwise its been taken over by another thread) If ($tOldCell.oc = $tMyCell.mc) And ($tOldAttrib.oa = $tMyAttrib.ma) Then DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $g_hStdHandle, "byte*", 0x20, "dword", 1, "struct", $tOld, "dword*", 0) EndIf ;write the current cell DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $g_hStdHandle, "struct*", $tMyCell, "dword", 1, "struct", $tCoords, "dword*", 0) DllCall('kernel32.dll', "bool", "WriteConsoleOutputAttribute", "handle", $g_hStdHandle, "struct*", $tMyAttrib, "dword", 1, "struct", $tCoords, "dword*", 0) ;update coords $tOld.X = $tCoords.X $tOld.Y = $tCoords.Y $tCoords.X += $tDelta.X $tCoords.Y += $tDelta.Y ;change directions if we are out of bounds If $tCoords.X < 0 Or $tCoords.X >= 120 Then $tDelta.X *= -1 If $tCoords.Y < 0 Or $tCoords.Y >= 30 Then $tDelta.Y *= -1 Sleep(75) Until GUIGetMsg() = -3 EndFunc ;==>_BounceAU3  
      From there the that function converted into assembly so we can call as a thread. The only real differences are the extra parameters we passing as a structure and I also generate the random starting values in autoit instead, then pass them to the function. Here is what the main assembly function looks like. I added comments for each peice of code from au3 that we are translating:
      _('procf _Bounce uses ebx, pParms') ; ; create the local variables _(' locals') _(' BlankCell db 32') ; this first group covers the variables from the original script _(' MyCell db ?') _(' OldCell db ?') _(' MyAtt dw ?') _(' OldAtt dw ?') _(' tCoords COORD') _(' tDelta COORD') _(' tOld COORD') _(' bytesread dw ?') ; _(' iMyID dw ?') ; this group of local vars cover holding all the other paramerters we are passing in tParms _(' g_hScreenMutex dd ?') _(' g_hRunMutex dd ?') _(' g_hStdHandle dd ?') _(' pfWaitForSingleObject dd ?') _(' pfReleaseMutex dd ?') _(' pfReadChar dd ?') _(' pfReadAttr dd ?') _(' pfWriteChar dd ?') _(' pfWriteAttr dd ?') _(' endl') ; ;all of these push/pops are to transfer the rest of variables from tParms structure to the local variables we created ;first mov the structure address into ebx _(' mov ebx, [pParms]') ; ; now push and pop the values into the variables ; use _winapi_displaystruct() to view all the offsets being used in the [ebx+offset] lines _(' pushw [ebx]') ; _(' popw word[tCoords+COORD.X]') _(' pushw word[ebx+2]') ; _(' popw word[tCoords+COORD.Y]') _(' pushw word[ebx+4]') ; _(' popw word[tDelta+COORD.X]') _(' pushw word[ebx+6]') ; _(' popw word[tDelta+COORD.Y]') _(' pushw word[ebx+8]') ; _(' popw word[iMyID]') _(' push dword[ebx+12]') ; _(' pop dword[g_hScreenMutex]') _(' push dword[ebx+16]') ; _(' pop dword[g_hRunMutex]') _(' push dword[ebx+20]') ; _(' pop dword[g_hStdHandle]') _(' push dword[ebx+24]') ; _(' pop dword[pfWaitForSingleObject]') _(' push dword[ebx+28]') ; _(' pop dword[pfReleaseMutex]') _(' push dword[ebx+32]') ; _(' pop dword[pfReadChar]') _(' push dword[ebx+36]') ; _(' pop dword[pfReadAttr]') _(' push dword[ebx+40]') ; _(' pop dword[pfWriteChar]') _(' push dword[ebx+44]') ; _(' pop dword[pfWriteAttr]') _('.if word[iMyID] > 16') ; $tMyCell.mc = $iMyID > 16 ? 0x01 : 0x02 (no difference in windows 10) _(' mov word[MyCell], 1') _('.else') _(' mov word[MyCell], 2') _('.endif') ; _('pushw word[iMyID]') ; $tMyAttrib.ma = BitAND($iMyID, 0x0F) _('popw word[MyAtt]') _('and word[MyAtt], 15') ; _('.repeat') ; do ; ; Wait infinetly for the screen mutex to be available, then take ownership _(' invoke pfWaitForSingleObject, [g_hScreenMutex], -1') ; ; DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $hStdHandle, "byte*", 0x20, "dword", 1, "struct", $tOld, "dword*", 0) _(' invoke pfReadChar, [g_hStdHandle], addr OldCell, 1, dword[tOld], addr bytesread') ; _(' invoke pfReadAttr, [g_hStdHandle], addr OldAtt, 1, dword[tOld], addr bytesread') ; ; _(' mov al, byte[MyCell]') ;If ($tOldCell.oc = $tMyCell.mc) And ($tOldAttrib.oa = $tMyAttrib.ma) Then _(' mov cl, byte[MyAtt]') _(' .if (byte[OldCell] = al) & (byte[OldAtt] = cl)') _(' invoke pfWriteChar, [g_hStdHandle], addr BlankCell, 1, dword[tOld], addr bytesread') _(' .endif') ; ; DllCall('kernel32.dll', "bool", "WriteConsoleOutputCharacter", "handle", $hStdHandle, "struct*", $tMyCell, "dword", 1, "struct", $tCoords, "dword*", 0) _(' invoke pfWriteChar, [g_hStdHandle], addr MyCell, 1, dword[tCoords], addr bytesread') _(' invoke pfWriteAttr, [g_hStdHandle], addr MyAtt, 1, dword[tCoords], addr bytesread') ; _(' pushw word[tCoords+COORD.X]') ;$tOld.X = $tCoords.X _(' popw word[tOld+COORD.X]') ; _(' pushw word[tCoords+COORD.Y]') ;$tOld.Y = $tCoords.Y _(' popw word[tOld+COORD.Y]') _(' mov ax, word[tDelta+COORD.X]') ; $tCoords.X += $tDelta.X _(' add word[tCoords+COORD.X], ax') ; _(' mov ax, word[tDelta+COORD.Y]') ; $tCoords.Y += $tDelta.Y _(' add word[tCoords+COORD.Y], ax') ; ; If $tCoords.X < 0 Or $tCoords.X >= 120 Then $tDelta.X *= -1 _(' .if (word[tCoords+COORD.X] < 0 | word[tCoords+COORD.X] >= 120)') _(' neg word[tDelta+COORD.X]') _(' .endif') _(' .if (word[tCoords+COORD.Y] < 0 | word[tCoords+COORD.Y] >= 30)') _(' neg word[tDelta+COORD.Y]') _(' .endif') ; ; release the screen mutex _(' invoke pfReleaseMutex, [g_hScreenMutex]') ; ; wait 100 ms for the Runmutex to be available. _(' invoke pfWaitForSingleObject, [g_hRunMutex], 100') ; ; a return of 258 means it timed out waiting and that the run mutex (owned by the main autoit thread) is still alive. ; when the run mutex handle gets closed this will return a fail or abandonded. _('.until eax <> 258') ; ;exit thread _(' ret') _('endp')  
      And finally how we call that assembled function from autoit to create the theads:
      ;create mutex for sharing the screen thats not owned by main thread Global $g_hScreenMutex = _WinAPI_CreateMutex('', False) ; ;create mutex that tells the threads to exit that is owned by main thread Global $g_hRunMutex = _WinAPI_CreateMutex('', True) ... ... ;assemble function Local $tBinExec = _fasmg_Assemble($g_sFasm, False) ;Local $tBinExec = _fasmg_CompileAu3($g_sFasm) If @error Then Exit (ConsoleWrite($tBinExec & @CRLF)) ;this is struct is for all the values Im passing to the thread. ;this will hold are random start x,y,delta values, handles, and pointers to functions called within the thread $tParms = DllStructCreate('short start[4];word myid;dword hands[3];ptr funcs[6]') $tParms.start(1) = Random(0, 119, 1) $tParms.start(2) = Random(0, 29, 1) $tParms.start(3) = Random(-3, 3, 1) $tParms.start(4) = Random(-3, 3, 1) $tParms.myid = 1 $tParms.hands(1) = $g_hScreenMutex $tParms.hands(2) = $g_hRunMutex $tParms.hands(3) = $g_hStdHandle $tParms.funcs(1) = _GPA('kernel32.dll', 'WaitForSingleObject') $tParms.funcs(2) = _GPA('kernel32.dll', 'ReleaseMutex') $tParms.funcs(3) = _GPA('kernel32.dll', 'ReadConsoleOutputCharacterA') $tParms.funcs(4) = _GPA('kernel32.dll', 'ReadConsoleOutputAttribute') $tParms.funcs(5) = _GPA('kernel32.dll', 'WriteConsoleOutputCharacterA') $tParms.funcs(6) = _GPA('kernel32.dll', 'WriteConsoleOutputAttribute') ;create 128 threads with different start values and colors for each one For $i = 1 To 128 $tParms.myid = $i $tParms.start(1) = Random(0, 119, 1) $tParms.start(2) = Random(0, 29, 1) $tParms.start(3) = Random(-3, 3, 1) $tParms.start(4) = Random(-3, 3, 1) If $tParms.start(3) + $tParms.start(4) = 0 Then $tParms.start(3) = (Mod(@MSEC, 2) ? 1 : -1) ; adjusting non-moving (0,0) delta values.. DllCall("kernel32.dll", "hwnd", "CreateThread", "ptr", 0, "dword", 0, "struct*", $tBinExec, "struct*", $tParms, "dword", 0, "dword*", 0) Sleep(50) Next MsgBox(262144, '', '128 Threads Created') ;Close the run mutex handle. This will cause all the threads to exit _WinAPI_CloseHandle($g_hRunMutex) _WinAPI_CloseHandle($g_hScreenMutex) MsgBox(262144, '', 'Mutex handles closed. All Threads should have exited') Exit The attachment below contains both the compiled and source assembly. To play with the assembly source you need to add the fasmg udf in my sig. The compiled version should not need anything. Let me know if you have any issues.
      Special thanks to @trancexx for teaching me this with her clock example
      Bounce.zip
       
    • Beege
      BmpSearch - Search for Bitmap within Bitmap - Assembly Version
      By Beege
      Heres a function for searching for a bitmap within another bitmap. The heart of it is written assembly (source included) and working pretty quick I feel. I have included an example which is pretty basic and should be easily enough for anyone to get the concept. 
      You will be given a small blue window that will take a screencapture of that size:

       
      It will then take a full screenshot and highlight all locations that it found

      Please let me know if you have any issues or questions. Thanks!
       
      Update 8/5/2019:
      Rewrote for fasmg. Added full source with everything needed to modify
      BmpSearch_8-5-2019.7z
      BmpSearch.zip
       
      GAMERS - Asking for help with ANY kind of game automation is against the forum rules. DON'T DO IT.
    • Beege
      A new way to write FASM assembly code with Extended Headers
      By Beege
      Years ago I tried to put some functionality together to do some of this here. I started off in the right direction but it ended up getting out of control. Any new thing I learned along the way (as I was creating it), I kept trying to add in and it all became a mess. One of my primary goals with that was to make sure the code could always be pre-compiled and still run. That part did work and I was able create a couple of good projects with it, but still a lot of parts I wouldn't consider correct now and certainly not manageable. 
      Here is a redo of what I was going for there only this time I'm not going to be generating any of the assembly code. That's all going to be done using the built in macro engine already within fasm.dll and the macros written by Tomasz Grysztar (creator of fasm) so this time I don't have to worry about any of the code that gets generated. Im not going to touch the source at all. In fact there is not even going to be _fasmadd or global variables tracking anything. None of that is needed with the added basic and extended headers that you can read more about in the fasm documentation. You can use almost all of whats in the documentation section for basic/extended headers but ignore the parts about import,exports,resources,text encoding. doesn't really apply here.
      Here are examples I came up with that covers a lot of core functionality to write assembly code in a manner that you already know how. If/while using multiple conditional logic statements,  multiple functions, local variables, global variables, structures, COM interfaces, strings as parameters, nesting function calls. These are all things you dont even have to think about when your doing it in autoit and I'm hoping this helps bring some of that same comfort to fasm. 
      These 3 simple callback functions will be used through out the examples  
      Global $gConsoleWriteCB = DllCallbackRegister('_ConsoleWriteCB', 'dword', 'str;dword'), $gpConsoleWriteCB = DllCallbackGetPtr($gConsoleWriteCB) Global $gDisplayStructCB = DllCallbackRegister('_DisplayStructCB', 'dword', 'ptr;str'), $gpDisplayStructCB = DllCallbackGetPtr($gDisplayStructCB) Global $gSleepCB = DllCallbackRegister('_SleepCB', 'dword', 'dword'), $gpSleepCB = DllCallbackGetPtr($gSleepCB) Func _ConsoleWriteCB($sMsg, $iVal) ConsoleWrite($sMsg & $iVal & @CRLF) EndFunc ;==>_ConsoleWriteCB Func _DisplayStructCB($pStruct, $sStr) _WinAPI_DisplayStruct(DllStructCreate($sStr, $pStruct), $sStr, 'def=' & $sStr) EndFunc ;==>_DisplayStructCB Func _SleepCB($iSleep) Sleep($iSleep) EndFunc ;==>_SleepCB  
      proc/endp - like func and endfunc with some extra options. "uses" statement will preserve the registers specified. stdcall is the default call type if not specified. DWORD is the default parameter size if not specified. ret value is also handled for you. You don't have to worry about adjusting a number every time you throw on an extra parameter. In fact you don't ever have to specify/touch ebp/esp at all with these macros. See Basic headers -> procedures for full description.
      force - just a macro I added for creating a anonymous label for the first/primary function to ensure the code gets generated. The problem we are getting around is this: in our example, _main is never actually called anywhere within fasm code and fasm engine detects that and thinks the code is doing nothing. Because of that it wants to skip generating that code and all code that was called by it leaving you with nothing. This is actually a great feature but we obviously want to make an exception for our main/initial/primary function that starts it all off so thats all this does.
      Func _Ex_Proc() $g_sFasm = '' _('force _main') _('proc _main uses ebx, parm1, parm2') ; _('proc _main stdcall uses ebx, parm1:DWORD, parm2:DWORD'); full statement _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' mov eax, ebx') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $iAdd = DllCallAddress('dword', DllStructGetPtr($tBinary), 'dword', 5, 'dword', 5) ConsoleWrite('Parm1+Parm2=' & $iAdd[0] & @CRLF) EndFunc ;==>_Ex_Proc  
          Here Im showing you calling _ConsoleWriteCB autoit function we set up as a callback. Its how you would call any function in autoit from fasm.
          Strings - Notice Im creating and passing "edx = " string to the function on the fly. So helpful!
          invoke - same as a stdcall with brackets []. Use this for when calling autoit functions
       
      Func _Ex_Callback() $g_sFasm = '' _('force _main') _('proc _main, pConsoleWriteCB, parm1, parm2') _(' mov edx, [parm1]') _(' add edx, [parm2]') _(' invoke pConsoleWriteCB, "edx = ", edx') ; ;~ _(' stdcall [pConsoleWriteCB], "edx = ", edx') ; same as invoke _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB, 'dword', 5, 'dword', 5) EndFunc ;==>_Ex_Callback  
      Showing .while/.endw, .if/.elseif/.else/.endif usage. .repeat .until are also macros you can use. See Extended Headers -> Structuring the source. Ignore .code, .data, .end - Those are gonna be more for a full exe.
      invokepcd/invokepd - these are macros I added that are the same as invoke, just preserve (push/pop) ECX or both ECX and EDX during the call. Below is also a good example of what can happen when you don't preserve registers that are caller saved (us calling the function) vs callie saved (us creating the function). EAX,ECX,EDX are all caller saved so when we call another function like the autoit callback _ConsoleWriteCB, those registers could have very different values then what was in them before the call. This function below should do at least two loops, but it doesn't (at least on my pc) without preserving ECX because ECX is no longer zero when the function returns.
      Keep the same thought in mind for registers EBX,ESI,EDI when you are creating assembly functions (callie saved). If your functions uses those registers, You need to preserve and restore them before your code returns back to autoit or else you could cause a similar effect to autoit. "trashing" registers is a term I've seen used alot when referring to these kind of mistakes
      Func _Ex_IfElseWhile() $g_sFasm = '' _('force _main') _('proc _main uses ebx, pConsoleWriteCB') _(' xor edx, edx') ; edx=0 _(' mov eax, 99') ; _(' mov ebx, 10') _(' xor ecx, ecx') ; ecx=0 _(' .while ecx = 0') _(' .if eax<=100 & ( ecx | edx )') ; not true on first loop _(' inc ebx') _(' invokepcd pConsoleWriteCB, "Something True - ebx=", ebx') _(' ret') _(' .elseif eax < 99') ; Just showing you the elseif statement _(' inc ebx') _(' .else') ;~ _(' invokepcd pConsoleWriteCB, "Nothing True - ebx=", ebx') ; comment this and uncomment the line below _(' invoke pConsoleWriteCB, "Nothing True - ebx=", ebx') _(' inc edx') ; this will make next loop true _(' .endif') _(' .endw') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB) EndFunc ;==>_Ex_IfElseWhile  
          Sub Functions : You already understand this. Not really "sub", its just another function you call. And those functions call other functions and so on.
          fix : syntax sugar - Look how easy it was to replace invoke statement with our actual autoit function name
          ptr : more sugar - same thing as using brackets [parm1]
          Nesting : In subfunc1 we pass the results of two function calls to the same function we are calling
      Func _Ex_SubProc() $g_sFasm = '' ;replace all '_ConsoleWriteCB' statments with 'invoke pConsoleWriteCB' before* assembly _('_ConsoleWriteCB fix invoke pConsoleWriteCB') _('force _main') _('proc _main uses ebx, pConsoleWriteCB, parm1, parm2') _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' _ConsoleWriteCB, "ebx start = ", ebx') _(' stdcall _subfunc1, [pConsoleWriteCB], [parm1], [parm2]') _(' _ConsoleWriteCB, "ebx end = ", ebx') _(' ret') _('endp') ; _('proc _subfunc1 uses ebx, pConsoleWriteCB, parm1, parm2') _(' mov ebx, [parm1]') _(' _ConsoleWriteCB, " subfunc1 ebx start = ", ebx') _(' stdcall _SubfuncAdd, <stdcall _SubfuncAdd, [parm1], [parm2]>, <stdcall _SubfuncAdd, ptr parm1, ptr parm2>') ; Nesting functions _(' _ConsoleWriteCB, " _SubfuncAdd nested <5+5><5+5> = ", eax') _(' _ConsoleWriteCB, " subfunc1 ebx end = ", ebx') _(' ret') _('endp') ; _('proc _SubfuncAdd uses ebx, parm1, parm2') _(' mov ebx, [parm1]') _(' add ebx, [parm2]') _(' mov eax, ebx') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpConsoleWriteCB, 'dword', 5, 'dword', 5) EndFunc ;==>_Ex_SubProc  
      This demonstrates the struct macro. See basic headers -> Structures for more info
      _FasmAu3StructDef will create an equivalent formated structure definition. All elements already have a sizeof.#name created internally. So in this example sizeof.AUTSTRUCT.x would equal 8. sizeof.AUTSTRUCT.z would equal 16 (2*8). I have added an additional one sot.#name (sizeoftype) for any array that gets created. Below is the source of what gets generate from 'dword x;dword y;short z[8]'. Also dont get confused that in fasm data definitions,  d is for data as in db (data byte) or dw (data word). Not double like it is in autoit's dword (double word). See intro -> assembly syntax -> data definitions
         
      struct AUTSTRUCT x dd ? y dd ? z dw 8 dup ? ends define sot.AUTSTRUCT.z 2 Func _Ex_AutDllStruct() $g_sFasm = '' Local Const $sTag = 'dword x;dword y;short z[8]' _(_FasmAu3StructDef('AUTSTRUCT', $sTag)) _('force _main') _('proc _main uses ebx, pDisplayStructCB, pAutStruct') _(' mov ebx, [pAutStruct]') ; place address of autoit structure in ebx _(' mov [ebx+AUTSTRUCT.x], 1234') _(' mov [ebx+AUTSTRUCT.y], 4321') _(' xor edx, edx') _(' mov ecx, 5') ; setup ecx for loop instruction _(' Next_Z_Index:') ; set elements 1-6 (0-5 here in fasm) _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*ecx)], cx') ; cx _(' loop Next_Z_Index') _(' invoke pDisplayStructCB, [pAutStruct], "' & $sTag & '"') _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*6)], 666') _(' mov [ebx+AUTSTRUCT.z+(sot.AUTSTRUCT.z*7)], 777') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $tAutStruct = DllStructCreate($sTag) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB, 'struct*', $tAutStruct) _WinAPI_DisplayStruct($tAutStruct, $sTag) EndFunc ;==>_Ex_AutDllStruct  
      Here shows the locals/endl macros for creating local variables. See basic headers -> procedures. We create a local string and the same dll structure as above. Notice that you can initialize all the values of the structure on creation. There is a catch to this though that I will show you in next example.
      addr macro - This will preform the LEA instruction in EDX and then push the address on to the stack. This is awesome, just remember its using EDX to perform that and does not preserve it. You'll pretty much want to use that for any local variables you are passing around.
      Edit: I shouldn't say things like that so causally.  Use the addr macro as much as you want but remember that it is adding a couple of extra instuctions each time you use it so if your calling invoke within a loop and ultimate performance is one of your goals, you should probably perform the LEA instructions before the loop and save the pointer to a separate variable that your would then use in the loop. 
      Func _Ex_LocalVarsStruct() $g_sFasm = '' Local Const $sTag = 'dword x;dword y;short z[8]' _(_FasmAu3StructDef('POINT', $sTag)) _('force _main') _('proc _main, pDisplayStructCB') _(' locals') _(' sTAG db "' & $sTag & '", 0') ; define local string. the ', 0' at the end is to terminate the string. _(' tPoint POINT 1,2,<0,1,2,3,4,5,6,7>') ; initalize values in struct _(' endl') _(' invoke pDisplayStructCB, addr tPoint, addr sTAG') _(' mov [tPoint+POINT.x], 4321') _(' mov [tPoint+POINT.z+sot.POINT.z*2], 678') _(' invoke pDisplayStructCB, addr tPoint, addr sTAG') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $ret = DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB) EndFunc ;==>_Ex_LocalVarsStruct  
      Back to the catch. Alignment is the problem here but only with the initializes. I'm handling all the alignment ok so you don't have to worry about that for creating structures that need alignment, only if you are using the one liner initialize in locals. The problem comes from extra padding being defined to handle the alignment, but fasm doesn't really know its just padding so without adding extra comma's to the initiator statement, your data ends up in the padding or simply fails. The _FasmFixInit will throw in the extra commas needed to skip the padding.
      Func _Ex_LocalVarStructEx() $g_sFasm = '' $sTag = 'byte x;short y;char sNote[13];long odd[5];word w;dword p;char ext[3];word finish' _(_FasmAu3StructDef('POINT', $sTag)) _('force _main') _('proc _main, pDisplayStructCB') _(' locals') _(' tPoint POINT ' & _FasmFixInit('1,222,<"AutoItFASM",0>,<41,43,43,44,45>,6,7,"au3",12345', $sTag)) _(' endl') _(' invoke pDisplayStructCB, addr tPoint, "' & $sTag & '"') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) DllCallAddress('dword', DllStructGetPtr($tBinary), 'ptr', $gpDisplayStructCB) EndFunc ;==>_Ex_LocalVarStructEx  
      I love this one and it is really not even that hard to explain. We got multiple functions and want to be able to call them individually. Here I simply use the primary function to tell me where all the functions are. I load all the offsets (byte distance from start of code) of each each function in to a dllstruct, then once its passed back to autoit, adjust all the offsets by where they are actually located in memory (pointer to dll). From there you can call each individual function as shown previously. full code is in the zip. 
      String functions came from link below. I ended up modifying strcmp to get a value I understand. CRC32 func is all mine. Made it so easy being able to call _strlen and then use while statements like I normally would    https://www.strchr.com/strcmp_and_strlen_using_sse_4.2
      Func _Ex_SSE4_Library() $g_sFasm = '' _('force _main') _('proc _main stdcall, pAdd') _(' mov eax, [pAdd]') _(' mov dword[eax], _crc32') _(' mov dword[eax+4], _strlen') _(' mov dword[eax+8], _strcmp') _(' mov dword[eax+12], _strstr') _(' ret') _('endp') _('proc _crc32 uses ebx ecx esi, pStr') ; _('endp') _('proc _strlen uses ecx edx, pStr') ; _('endp') _('proc _strcmp uses ebx ecx edx, pStr1, pStr2') ; ecx = string1, edx = string2' ; _('endp') _('proc _strstr uses ecx edx edi esi, sStrToSearch, sStrToFind') ; _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $pBinary = DllStructGetPtr($tBinary) Local $sFunction_Offsets = 'dword crc32;dword strlen;dword strcmp;dword strstr' $tSSE42 = DllStructCreate($sFunction_Offsets) $ret = DllCallAddress('ptr', $pBinary, 'struct*', $tSSE42) _WinAPI_DisplayStruct($tSSE42, $sFunction_Offsets, 'Function Offsets') ;Correct all addresses $tSSE42.crc32 += $pBinary $tSSE42.strlen += $pBinary $tSSE42.strcmp += $pBinary $tSSE42.strstr += $pBinary $sTestStr = 'This is a test string!' ConsoleWrite('$sTestStr = ' & $sTestStr & @CRLF) $iCRC = DllCallAddress('int', $tSSE42.crc32, 'str', $sTestStr) ConsoleWrite('CRC32 = ' & Hex($iCRC[0]) & @CRLF) $aLen = DllCallAddress('int', $tSSE42.strlen, 'str', $sTestStr) ConsoleWrite('string len = ' & $aLen[0] & ' :1:' & @CRLF) $aFind = DllCallAddress('int', $tSSE42.strcmp, 'str', $sTestStr, 'str', 'This iXs a test') ConsoleWrite('+strcmp = ' & $aFind[0] & @CRLF) $aStr = DllCallAddress('int', $tSSE42.strstr, 'str', 'This is a test string!', 'str', 'test') ConsoleWrite('Strstr = ' & $aStr[0] & @CRLF) EndFunc ;==>_Ex_SSE4_Library  
      I'm extremely happy I got a com interface example working. I AM. That being said.. I'm pretty fucking annoyed I cant find the original pointer when using using built in ObjCreateInterface I've tired more than just whats commented out. It anyone has any input (I know someone here does!) that would be great. Using the __ptr__ from _autoitobject works below. Example will delete the tab a couple times.
      Edit: Got that part figured out. Thanks again trancexx!
      Func _Ex_ComObjInterface() $g_sFasm = '' ;~ _AutoItObject_StartUp() ;~ Local Const $sTagITaskbarList = "QueryInterface long(ptr;ptr;ptr);AddRef ulong();Release ulong(); HrInit hresult(); AddTab hresult(hwnd); DeleteTab hresult(hwnd); ActivateTab hresult(hwnd); SetActiveAlt hresult(hwnd);" ;~ Local $oList = _AutoItObject_ObjCreate($sCLSID_TaskbarList, $sIID_ITaskbarList, $sTagITaskbarList) Local Const $sCLSID_TaskbarList = "{56FDF344-FD6D-11D0-958A-006097C9A090}", $sIID_ITaskbarList = "{56FDF342-FD6D-11D0-958A-006097C9A090}" Local Const $sTagITaskbarList = "HrInit hresult(); AddTab hresult(hwnd); DeleteTab hresult(hwnd); ActivateTab hresult(hwnd); SetActiveAlt hresult(hwnd);" Local $oList = ObjCreateInterface($sCLSID_TaskbarList, $sIID_ITaskbarList, $sTagITaskbarList) _('interface ITaskBarList,QueryInterface,AddRef,Release,HrInit,AddTab,DeleteTab,ActivateTab,SetActiveAlt') ; _('force _main') _('proc _main uses ebx, pSleepCB, oList, pGUIHwnd') _(' comcall [oList],ITaskBarList,HrInit') _(' xor ebx, ebx') _(' .repeat') _(' invoke pSleepCB, 500') ; wait _(' comcall [oList],ITaskBarList,DeleteTab,[pGUIHwnd]') ; delete _(' invoke pSleepCB, 500') ; wait _(' comcall [oList],ITaskBarList,AddTab,[pGUIHwnd]') ; add back _(' comcall [oList],ITaskBarList,ActivateTab,[pGUIHwnd]') ; actvate _(' inc ebx') _(' .until ebx=4') _(' ret') _('endp') Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $GUI = GUICreate("_Ex_ComObjInterface ------ DeleteTab") GUISetState() ;~ DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpSleepCB, 'ptr', $oList.__ptr__, 'dword', Number($GUI)) DllCallAddress('ptr', DllStructGetPtr($tBinary), 'ptr', $gpSleepCB, 'ptr', $oList(), 'dword', Number($GUI)) EndFunc ;==>_Ex_ComObjInterface  
      Lastly here is an example of how to use a global variable. Without using the org statement, this value is just an offset like the functions in the library example. In order for your code to know that location, it needs to know where the real starting address is so we have to pass that to our functions. Once you have it, if you write your code proper and preserve registers correctly, you can just leave in EBX. From what I understand, if all functions are following stdcall rules, that register shouldn't change in less you change it. Something cool and important to remember is these variables will hold whatever values left in them till you wipe the memory (dll structure) holding your code. keep that in mind if you made your dll structure with a static keyword. If thats the case treat them like static variables
      Func _Ex_GlobalVars() $g_sFasm = '' _('_ConsoleWriteCB fix invoke pConsoleWriteCB') ; _('force _main') _('proc _main uses ebx, pMem, pConsoleWriteCB, parm1') _(' mov ebx, [pMem]') ; This is where are code starts in memory. _(' mov [ebx + g_Var1], 111') _(' add [ebx + g_Var1], 222') _(' _ConsoleWriteCB, "g_Var1 = ", [ebx + g_Var1]') _(' stdcall subfunc1, [pMem], [pConsoleWriteCB], [parm1]') _(' mov eax, g_Var1') _(' ret') _('endp') ; _('proc subfunc1 uses ebx, pMem, pConsoleWriteCB, parm1') _(' mov ebx, [pMem]') _(' mov [ebx + g_Var1], 333') _(' _ConsoleWriteCB, "g_Var1 from subfunc1= ", [ebx + g_Var1]') _(' stdcall subfunc2, [pConsoleWriteCB], [parm1]') ; no memory ptr passed. ebx should be callie saved _(' _ConsoleWriteCB, "g_Var1 from subfunc1= ", [ebx + g_Var1]') _(' stdcall subfunc2, [pConsoleWriteCB], [parm1]') _(' ret') _('endp') ; _('proc subfunc2, pConsoleWriteCB, parm1') _(' add [ebx + g_Var1], 321') _(' _ConsoleWriteCB, "g_Var1 from subfunc2= ", [ebx + g_Var1]') _(' ret') _('endp') ; _('g_Var1 dd ?') ; <--------- Global Var Local $tBinary = _FasmAssemble($g_sFasm) If @error Then Exit (ConsoleWrite($tBinary & @CRLF)) Local $iOffset = DllCallAddress('dword', DllStructGetPtr($tBinary), 'struct*', $tBinary, 'ptr', $gpConsoleWriteCB, 'dword', 55)[0] ConsoleWrite('$iOffset = ' & $iOffset & @CRLF) Local $tGVar = DllStructCreate('dword g_Var1', DllStructGetPtr($tBinary) + $iOffset) ConsoleWrite('Directly access g_Var1 -> ' & $tGVar.g_Var1 & @CRLF) ; direct access EndFunc ;==>_Ex_GlobalVars  
      FasmEx.zip
×
×
  • Create New...