I am trying to seed the random function from the C-Library to get a truely random value. I tried using the extern 'rand', 'random', and 'srand'. Both rand and random give me the same results, and srand returns 0.
segment .data
list: db 'rand %d', 1
segment .text
extern printf, rand
global main
main:
call rand
mov esi, eax
mov edi, list
xor eax, eax
call print f
mov rax, 0
ret
I appreciate any hints to my problem. Thank you!
Related
I'm trying to call x64 assembly function from C++ code with four parameters and the assembly function reset the first parameter to zero every time. Please find the code snippet below.
C++ code: test.cpp
#include <iostream>
extern "C" int IntegerShift_(unsigned int a, unsigned int* a_shl, unsigned int* a_shr, unsigned int count);
int main(int argc, char const *argv[])
{
unsigned int a = 3119, count = 6, a_shl, a_shr;
std::cout << "a value before calling " << a << std::endl;
IntegerShift_(a, &a_shl, &a_shr, count);
std::cout << "a value after calling " << a << std::endl;
return 0;
}
x64 assembly code: test.asm
section .data
section .bss
section .text
global IntegerShift_
IntegerShift_:
;prologue
push rbp
mov rbp, rsp
mov rax, rdi
shl rax, cl
mov [rsi], rax
mov rax, rdi
shr rax, cl
mov [rdx], rax
xor rax,rax
;epilogue
mov rbp, rsp
pop rbp
ret
I'm working on the below environment.
OS - Ubuntu 18.04 64-bit
Assembler - nasm (2.13.02)
C++ compiler - g++ (7.4.0)
processor - Intel® Pentium(R) CPU G3240 # 3.10GHz × 2
and I'm compiling my code as below
$ nasm -f elf64 -g -F dwarf test.asm
$ g++ -g -o test test.cpp test.o
$ ./test
$ a value before calling 3119
$ a value after calling 0
But if i comment out the line mov [rdx], rax from assembly function, its not resetting the value of variable a. I'm new to x64 assembly programming and I couldn't find the relation between rdx register and variable a.
unsigned int* a_shl, unsigned int* a_shr are pointers to unsigned int, a 32-bit (dword) type.
You do two qword stores, mov [rsi], rax and mov [rdx], rax which store outside of the pointed-to objects.
The C equivalent would be a function that takes unsigned int* args and does
*(unsigned long)a_shr = a>>count;. This is of course UB, and behaviour like this (overwriting other variables) is pretty much what you'd expect.
Presumably you compiled with optimization disabled so the caller actually reloaded a from the stack. And it put a_shr or a_shl next to a in its stack frame, and one of your stores zeroed your caller's copy of a.
(As usual, gcc happened to zero the upper 32 bits of RDI while it put a into EDI as the first arg. Writing a 32-bit register zero-extends to the full register. So your other bug; right shifting high garbage into the low 32 bits for a_shr, didn't bite you with this caller.)
Simpler implementation:
global IntegerShift ; why the trailing underscore? That's weird for no reason.
IntegerShift:
;prologue not needed, we don't even use the stack
; so don't waste instructions making a frame pointer.
mov eax, edi
shl rax, cl ; a<<count
mov [rsi], eax ; 32-bit store
;mov rax, rdi ; we can just destroy our local a, we're done with it
shr edi, cl ; a>>count
mov [rdx], edi ; 32-bit store
xor eax, eax ; return 0
ret
xor eax, eax is the most efficient way to zero a 64-bit register (no wasted REX prefix). And your return value is only 32-bit anyway because you declared it int, so it makes no sense to be using 64-bit registers.
BTW, if you had BMI2 available (which you don't on your budget Pentium CPU, unfortunately), you could avoid all the register copying, and be more efficient on Intel CPUs (SHL/RX is only 1 uop instead of 3 for shl/r reg, cl because of legacy x86 FLAGS-unmodified semantics for the cl=0 case)
shlx eax, edi, ecx
shrx edi, edi, ecx
mov [rsi], eax
mov [rdx], edi
xor eax, eax
ret
I tried using this advice for this problem
For Linux programming arr[], n, &a, &b are passed in RDI, RSI, RDX and RCX.
and the output of the program doesn't sum up the integers in the array properly. It outputs a large number that is obviously wrong.
The two files found below were modified from the original 32-bit version found here. http://mcs.uwsuper.edu/sb/224/Intro/c_asm.html
What I want is to compile an assembly file that calls a function parameter in a C++ file called array.cpp and then link the resulting object file array.o with g++.
The problem I'm having has to do with either the passing of the proper registers onto the stack or maybe the number of bytes to add for each offset on the rsi register ( I used 8 since each stack element is 64 bits).
It could also be that the rbp register isn't properly loaded at the correct offsets of the array address and number of elements in the array.
mov rcx, [rbp+24] ; array length
mov rsi, [rbp+16] ; array address
Anyways, here's the array.cpp file and below it is the nasm file, I called it nasm_cpp.asm.
They compile, link and run with
nasm -f elf64 nasm_cpp.asm -o array.o
g++ -m64 array.cpp array.o
./a.out
#include <iostream>
using namespace std;
extern "C" int array(int a[], int length); // external ASM procedure
int main()
{
int a[] = { 10, 10}; // array declaration
int array_length = 2; // length of the array
int sum = array(a, array_length); // call of the ASM procedure
cout << "sum=" << sum << endl; // displaying the sum
}
This is nasm_cpp.asm below
;nasm -f elf64 nasm_cpp.asm -o array.o
;g++ -m64 array.cpp array.o
;./a.out
global array ; required for linker and NASM
section .text ; start of the "CODE segment"
array: push rbp
mov rbp, rsp ; set up the rBP
push rcx ; save used registers
push rdi
push rsi
mov rcx, [rbp+24] ; array length
mov rsi, [rbp+16] ; array address
xor rax, rax ; clear the sum value
lp: add rax, [rsi] ; fetch an array element
add rsi, 8 ; move to another element
loop lp ; loop over all elements
pop rsi ; restore used registers
pop rdi
pop rcx
pop rbp
ret ; return to caller
I followed the suggestions in the comments posted below the question and it works now, the cpp file is the same as above.
;nasm -f elf64 nasm_cpp.asm -o array.o
;g++ -m64 array.cpp array.o
;./a.out
global array ; required for linker and NASM
section .text ; start of the "CODE segment"
array:
push rbp
mov rbp, rsp ; set up the rBP
mov rcx, rsi ; array length
mov rsi, rdi ; array address
xor rax, rax ; clear the sum value
lp: add eax, [rsi] ; fetch an array element
add rsi, 4 ; move to another element
loop lp ; loop over all elements
pop rbp
ret ; return to caller
I'm relatively new to x64 assembly and im using it in conjunction with VS2010.
I'm struggling to get a handle on the return values from a proc and I can't really find quality documentation for beginners.
.data
MyByte db 10
.code
GetValueFromASM proc
mov rax, 28
mov rbx , 19
lea rax, MyByte
mov rax, 10
mov eax, 11
mov ecx, 100
ret
GetValueFromASM endp
end
The Ret instruction is printing out the value of eax in my c++ front end, is there some sort of default return register or can you specify it?
#include <iostream>
using namespace std;
extern "C" int GetValueFromASM();
int main()
{
cout << "sup, asm said " <<GetValueFromASM()<<endl;
cin.get();
return 0;
}
furthermore the instruction mov [reg], MyByte yields an error, how else do you put a variable into a register?
ret doesn't change registers, it's not like the C return statement which takes an operand. It's the caller who expects the return value in register eax, according to the calling convention. Read about it on msdn.
mov [reg], MyByte would be a memory-to-memory move which is not supported and would not do what you wanted anyway. You probably want mov reg, MyByte without brackets so the value gets put into the register.
i have this code :
.text:0045A020 ; int __thiscall CMapConnection__OnItemOptionCombination(CMapConnection *this, _tagRequestMAP_COMPOSITION_OPTIONITEM *prcreq)
.text:0045A020 ?OnItemOptionCombination#CMapConnection##QAEHPAU_tagRequestMAP_COMPOSITION_OPTIONITEM###Z proc near
.text:0045A020
.text:0045A020 000 push ebp
.text:0045A021 004 mov ebp, esp
.text:0045A023 004 sub esp, 440h ; Integer Subtraction
.text:0045A029 444 mov eax, ___security_cookie
.text:0045A02E 444 xor eax, ebp ; Logical Exclusive OR
.text:0045A030 444 mov [ebp+var_2F0], eax
.text:0045A036 444 push esi
.text:0045A037 448 push edi
.text:0045A038 44C mov [ebp+this], ecx
.text:0045A03E 44C mov eax, [ebp+this]
.text:0045A044 44C mov ecx, [eax+534h]
.text:0045A04A 44C mov [ebp+pPlayer], ecx
.text:0045A050 44C cmp [ebp+pPlayer], 0 ; Compare Two Operands
.text:0045A057 44C jnz short loc_45A063 ; Jump if Not Zero (ZF=0)
.text:0045A057
.text:0045A059 44C mov eax, 1
.text:0045A05E 44C jmp loc_45A97B ; Jump
Long things short, i need to do the folowing :
- hook into the beginning of the function
- do some checks ( allot of code is required for those checks )
- based on the checking result, i need to either let the function continue it's normal course or make it jump to the section where it triggers some errors or simply stop it from advancing.
I have to do this with basic understanding of asm.
From what i've read i can do that with a hook, but here's my problem :
The checking function needs to read the _tagRequestMAP_COMPOSITION_OPTIONITEM *prcreq data, so it can gather some numbers.
.text:0041A464 784C mov ecx, [ebp+pPacket] ; jumptable 00417B7A case 27
.text:0041A467 784C add ecx, 4 ; Add
.text:0041A46A 784C mov [ebp+var_1874], ecx
.text:0041A470 784C mov edx, [ebp+var_1874]
.text:0041A476 784C push edx ; prcreq
.text:0041A477 7850 mov ecx, [ebp+this] ; this
.text:0041A47D 7850 call ?OnItemOptionCombination#CMapConnection##QAEHPAU_tagRequestMAP_COMPOSITION_OPTIONITEM###Z ;
Here's how the original function is called.
My questions :
How do i read the data from *pcreq in C++ code? Is it possible?
Is it possible to call another function from my hook while passing the same parameters to it as the hooked function has?
I don't mess with the parameters of the OnItemCombination function at all, do i have to redo the stack when i exit from my hook?
Since you can't "pause" the program in order to inject the DLL/so and do the checks (or at least I've never heard of such a thing) you could modify the startup code in order to loop around a variable.
While the program is spinning, perform your checks into the injected DLL/so then get the static pointer used for that variable and modify it to allow the continuation of the injected program.
This will probably take some skill to achieve.
Eagerly waiting for more answers,
Cheers.
Update:
Here's what I had in mind.
edit the startup code of the program to spin at a loop like the following. Using jmp and cmp instructions.
static bool spin = true;
while(spin){ }
Then inject your DLL/so and do your checks. Once you're done. Change spin to false and allow the program to continue.
To change spin you'll have to find the static pointer. You can do that by studying the instructions or with a program like CheatEngine.
Detours Library
http://research.microsoft.com/en-us/projects/detours/
or
EasyHook
http://www.codeproject.com/Articles/27637/EasyHook-The-reinvention-of-Windows-API-hooking
How would you increment an array using x86 assembly within a for loop. If the loop (made using c++) looked like:
for (int i = 0; i < limit; i++)
A value from an array is put in a register then the altered value is placed in a separate array. How would I increment each array in x86 assembly (I know c++ is simpler but it is practice work), so that each time the loop iterates the value used and the value placed into the arrays is one higher than the previous time? The details of what occur in the loop aside from the array manipulation are unimportant as I would like to know how this can be done in general, not a specific situation?
The loop you write here would be:
xor eax, eax ; clear loop variable
mov ebx, limit
loop:
cmp eax, ebx
je done
inc eax
jmp loop
done:
...
I really don't understand what you mean by "increment an array".
If you mean that you want to load some value from one array, manipulate the value and store the result in a target array, then you should consider this:
Load the pointer for the source array in esi and the target pointer in edi.
mov esi, offset array1
mov edi, offset array2
mov ebx, counter
loop:
mov eax, [esi]
do what you need
move [edi], eax
inc esi
inc edi
dec ebx
jne loop