Re: A (mild-mannered) defense of RosAsm

From: Frank Kotler (fbkotler_at_comcast.net)
Date: 03/04/04 

Date: Thu, 04 Mar 2004 21:28:59 GMT

RoWsRaIrTiEo wrote:

> On Mon, 23 Feb 2004 03:38:12 GMT, Frank Kotler <fbkotler@comcast.net>
> wrote:
>
>
>> call putz
>>.get_command:
>> mov esi, PromptString
>> call putz
>>.reget:
>> call getc
>> or al, 20h
>
>
> Why here al = al | 20h

Forces the character to lowercase. This isn't a valid "tolower" - there
are a lot of characters that *don't* want to be altered. Really should
check for "A - Z", but in this particular case we're only interested in
characters that *can* be forced to lowercase, so I used that "cheap and
dirty" trick.

> What are the values that Getc returns for "->" "<-" "\|/" "/|\"
> (arrows)?

Dunno. I may have made a mistake by posting Windows code - I'm quite
clueless in Windows, and not really too interested in learning it. In
Linux, I think the arrow keys (and function keys, etc.) return "ESC"
(1Bh) the first time, and have other characters available after that. I
haven't actually looked into it with the exact "getc" I posted, but with
some code that performs a similar "diddle" on stdin, I can identify the
"interesting" keys in 4 bytes (eax), although some keystrokes return
*more* than 4 bytes (I allocate an 8-byte buffer - that *seems* to
handle everything).

Recently, I've been trying to figure out how the X windows system
handles those keys. As with Windows, it's different than reading stdin
in console mode. I think I'm beginning to figure it out - enough to
identify the arrow keys, at least.

If I were going to do it for Windows "subsystem:console" code, I'd start
by "instrumenting" getc to display everything that is returned by
ReadFile. The way dos does it it to return zero, and return "M", "H",
etc. (for the arrow keys) on the second call. Windows console might be
similar - or maybe not... It probably isn't too hard to figure out. Or
you *could* RTFM, if all else fails :)

I can give you a hand with it, if you need help (I don't think you do),
but I'm kinda "in the X zone" lately... in more ways than one :)

>> push byte STDIN
>
> this push -10 like byte?

Yeah. "push byte -10" *stores* the "-10" as a byte - but the byte is
"sign extended" (the most significant bit of the byte is propagated
through the high bits) to a dword, which is pushed. You can't actually
push a single byte onto the stack - no such instruction!

> Where is the error if there i write: push dword -10

No error, it's just longer (and *may* be faster - intuitively, not
having to sign-extend the byte would seem to be faster than doing it,
but this may not be true).

"push dword -10"
00000016 68F6FFFFFF push dword 0xfffffff6

"push byte -10"
0000001B 6AF6 push byte -0xa

In either case, the full dword goes on the stack. Some assemblers
(RosAsm among them) automatically use the shorter form if it'll fit. The
Original Authors of Nasm, in their Infinite Wisdom, decreed that just
"push -10" should generate the long form. I can't imagine that they
found the calculation too complex (Nasm returns an error on "push byte
100h", and a warning on "push byte 0FFh", so it *does* know...), it was
a deliberate decision - possibly not the best one ever they ever made...

You can override this rather "dumb" behavior with the "-O" switch. I
usually don't use the "-O" switch, preferring to write "byte" where
appropriate, so my code will assemble the same with or without the "-O"
switch (using the "-O" switch to "test myself" - it often picks up
places I've missed). In the case of "named constants" like STDIN - and
there are a ton of them in typical Windows code - you might not "know"
without looking it up whether "WQ_ADJUST_LANTHANUM_FLUX_DENSITY" is
within signed-byte range or not. This is where using the "-O" switch -
or the behavior of "other assemblers" - is a big advantage!

There are enough instances of "push 0" in typical Windows code that it
*does* make a difference (although it isn't a very big deal).

Best,
Frank

Relevant Pages

  • [Full-disclosure] Re: What A Click! [Internet Explorer]
    ... > tell your windows to open .HTA files in notepad. ... > (since there are more ways to cover windows with malicious lookalikes). ... >> Using custom Microsoft Agent characters it is possible to cover any kind ... including security or download dialogs. ...
    (Full-Disclosure)
  • Re: Tk 8.4.11 / Windows XP / Encoding problem
    ... Some of our clients are experiencing a weird problem on their Windows XP PCs. ... suddenly they start showing other characters instead of the correct utf-8 ... Tcl usually does proper detection of the system encoding. ...
    (comp.lang.tcl)
  • Re: File Attributes a real stumper
    ... Windows is based on that ANSI character set, or it may contain reserved windows names, such as 'com', 'lpt', or others. ... I've seen these type of files created using FTP, which supports ASCII, and an FTP server supports ASCII, and Windows will create it from FTP, but when you try to view it, or delete it, you'll have problems. ... A little background on undeletable files and folders: ... They would upload their illegal software to the FTP servers they find, but they would name the files and the folder they create with extended characters and symbols that FTP supports but Windows does not directly support, as well as create a very deep file structure with these extended unsupported ASCII characters, and/or file names with these characters that are greater than 256 characters. ...
    (microsoft.public.windows.server.general)
  • Re: Code Review - is this code shit
    ... of Windows files] will be seriously misread. ... of such characters are meant to be line separators (this would handle ... This is how best to use a crappy language for this purpose. ...
    (comp.lang.c)
  • Re: How many bytes per Italian character?
    ... yes I know how to ask Windows CE how big a buffer I'm going to need. ... and characters in Italian are the same size as characters in English, ... So have you detected that WinCE will cause a buffer overrun? ... It is not an error to tell you a string might be longer than it actually ...
    (microsoft.public.vc.mfc)