NASM - The Netwide Assembler

NASM Forum => Programming with NASM => Topic started by: Fossil on April 29, 2014, 10:35:30 PM

Title: How to assemble this code
Post by: Fossil on April 29, 2014, 10:35:30 PM
I am trying to covert some code to NASM from (I presume) MASM. The problem is that when I look at the listing, there is an extra byte in front of the proper command. Either I am doing something wrong, or the assembler is generating bad code (not likely...). This is happening in two places in my code. All of my code is USE16; there is no indication what the original code used (it's disassembled code). Any hints, help, or flamage would be appreciated :)

Original #1: (I am presuming this code is wrong, because there is no need for a seg override on a constant)

66A11C7C    * MOV     EAX,DS:7C1C   ; ()

My Code #1:

3E66A11C7C    MOV   EAX,[DS:0x7C1C]


Original #2:

660FB64E0D   * MOVZX   ECX,BYTE PTR SS:[BP+0D]  ; MOV w/ZERO extend

My Code #2:

36660FB64E0D   MOVZX   ECX,BYTE [SS:BP+0x0D]
Title: Re: How to assemble this code
Post by: Frank Kotler on April 30, 2014, 12:29:24 AM
It's, in part at least, a syntax issue. Masm requires, in some cases, a segment override (the 3E and 38 bytes) to indicate "[contents]". The override  is "optimized away" by Masm. As you know, there is no need for it, but Nasm will put it there if we say so. Just leave it out of the Nasm code.

The 66 byte, however, is an operation size override. It essentially switches ax to eax or vice versa. Nasm will emit it if required... but Nasm needs to be told what we want to do. If we're using 32-bit registers in 16-bit code (or vice versa), it needs to be there. However, if we've told Nasm "bits 16" and the CPU is actually in 32-bit mode the result will be totally wrong!

We probably need to know more about what you're trying to do before we can help much. For example, you don't know whether your "original" code is 16-bit or 32-bit. What's the header say? You should see the "MZ" signature as the first two bytes. If there's a "PE" signature a few bytes on (I forget the offset), it's 32-bit code. If the "MZ" is all, it's 16-bit code. If Nasm is told incorrectly, the code will be wrong and there's not a chance that it will run.  You can see the difference by disassembling with ndisasm's default 16-bit, and adding "-b32" to the command line so ndisasm will "see what the CPU sees" if it's in 32-bit mode. One should "make sense" and the other be "absolute garbage"... if you can tell the difference...

I'm fond of Agner Fog's "objconv" as a disassembler. I don't think it'll do 16-bit code, but if what you've got is 32bit code, you're in luck. It will put the instructions on the left and the addresses and bytes on the right, after a ';', so there's some hope it will assemble. It will even recognize and label "do nothing" code added for alignment padding. Nasm syntax, too!

I have to tell you that we don't discuss "reversing" or "cracking" here. For one thing, it could be illegal in some jurisdiction and we don't want to get the Forum in trouble. For another thing, it's difficult to do in a useful manner. Getting a disassembled binary to assemble unaltered is easy, but pointless - we had the binary! Getting something you can alter and assemble into something that runs properly is much tougher. Often easier to write it from scratch. I don't know how much experience you've got, Fossil, but if you're new to asm, this may not be where you want to start.

I can't resist a wild-asmed guess:  the offset in your first example  would "make sense" in a bootsector. Is it a bootsector, do we know?

Best,
Frank

Title: Re: How to assemble this code
Post by: Fossil on April 30, 2014, 02:09:45 AM
I'm impressed - it is part of a boot file (MSWIN41 volume boot record for FAT32). I found a disassembly on the web, and I'm recompiling and checking byte for byte to ensure it's accurate. I am experienced in asm, though not with NASM. Since one of my goals is to learn exactly what is happening (so I can rewrite portions to use in another project), I feel a need to make sure that I get this precisely correct (and since intend to use NASM it's all the more important to me). I wouldn't have even noticed it if the code size hadn't been off by a couple of bytes :) The most confusing part to me was when I tried to hand - disassemble what NASM generated and got an X OR instruction...
Title: Re: How to assemble this code
Post by: Fossil on April 30, 2014, 02:43:43 AM
I forgot to mention: my goal with this question is to make "my" code assemble identically to the "original" code. I know there are some non-obvious syntax rules with NASM when using segment overrides, I just can't seem to find the right combination.