Re: Unrolling FASM source code

"JGCASEY" <jgkjcasey@xxxxxxxxxxxx> écrivait news:1127726167.587326.6010
@g49g2000cwa.googlegroups.com:

>> Yes. Some Assemblers encode it as a "call to a Jump mem".
>> Some others (RosAsm) encode it directly as a "call mem".
>>
>> In both cases "mem" is a place holder, in the ".import"
>> Section of the PE, where the OS writes the Address of
>> the wanted DLL Function, at launch time.
>
>
> So with RosAsm the, call 'KERNELL32.GetModuleHandleA',
> means the value of the address to call is in a struct
> at address KERNELL32 with a displacement GetModuleHandleA?
>
> So it becomes call [KERNELL32 + GetModuleHandleA] ?

No. For all PEs, it works that way:

At launch time, the OS reads the .Import Section, and it
fills a dedicated Table with Pointers to the Functions
referenced in the .Import.

So, the real Address of the 'DLL.Function' is there, in
the uploaded PE. With Assemblers working with a Linker,
the most usual way is to let the Linker do this job. In
this case, as the Assembler cannot know of the address
at which the Linker will implement the various things.
So, the Assembler doe it that way:

call FunctionsJumpTable_Function_Agaga

; ...

FunctionsJumpTable_Function_Agaga:
jmp DWORD[Function_Agaga]

.... and lets the Linker do all of the ajustements job.

With Assemblers able to do it all without any Linker, like
RosAsm, the "Double shot" is useless. So, the call is, simply:

call 'DLL.Function_Agaga',

that is encoded directly as a:

call DWORD[Function_Agaga]

.... where the [Function_Agaga] Address is the one written by
the OS, at launch time.

Since the oncoming of RosAsm, most Assemblers try to do it
this shortest and simpler way.


Betov.

< http://rosasm.org >







.

Relevant Pages

  • Re: Why There are no Asm Apps
    ... terminally skewed by your experience with RosAsm. ... Microsoft has produced an assembler that is much smaller ... how many other assemblers *do* you know in order to be able to claim ... programming and PC usage into history, ...
    (alt.lang.asm)
  • Re: Why RosAsm Breaks on a large number of symbols
    ... > Anybody giving the various Assemblers a try on some ... Case in point - RosAsm self-compiles itself with 20,000 labels, ... Hence, targetted benchmark files. ... In *some* cases, yes, MASM is faster than RosAsm. ...
    (alt.lang.asm)
  • Re: The Randall Hyde lies go on
    ... RosAsm, almost none. ... > RosAsm Disassembler already beats IDA Pro on many points. ... statements between the two assemblers. ... >> The macro system is weak. ...
    (alt.lang.asm)
  • Re: Rene is a hypocrite (OK, what else is new?)
    ... FORTRAN used to do the same thing with spaces that RosAsm does ... early that this is *not* a good feature to have in a programming language. ... But AoA is no longer very useful, unless HLA is involved. ... programmers from other assemblers), do you? ...
    (alt.lang.asm)
  • Re: Why RosAsm Breaks on a large number of symbols
    ... Then it shouldn't matter whether you fix this bug, ... If RosAsm ... made that RosAsm is the fastest of all the assemblers. ... That source file was a perfectly valid application. ...
    (alt.lang.asm)