Recent Posts

41

Programming with NASM / Re: Things to do in _start

« Last post by decuser on March 07, 2024, 01:20:13 PM »

That makes sense. When  you say, main() has a misaligned RSP, how do you know? Is it because of the way nasm puts the binary together? I am doing pure Linux at the moment and using syscalls with _start, not doing the pseudo C, so I gather from what you're saying that I don't need the prolog. But, I will once I switch to main for the pseudo C stuff, so I'm curious how you know  .

42

Programming with NASM / Re: Things to do in _start

« Last post by fredericopissarra on March 07, 2024, 12:43:30 PM »

There is no reason for this stuff... Well... not this way and not always.

If you are creating what I call a pseudo-assembly code (creating a C program, using C Runtime and libc in asm), then you must obey the ABI (MS-ABI or SysV ABI). This means RSP must be aligned by DQWORD (16 bytes). main() has a misaligned RSP, so you must do:

Code: [Select]

  global main
main:
  sub rsp,8    ; align RSP
  ...
  add rsp,8    ; restore RSP before returning
  xor  eax,eax  ; return 0;
  ret
Of course, using libc in _start isn't a good idea (you'll need to initialize the library, the C Runtime).

In _start, on Windows, if you are using Win32 API, you must align RSP and reserve space to shadow space:

Code: [Select]

_start:
  sub  rsp,8+32   ; align RSP and reserve space for shadow space.
  ...
  ; Don't need to restore RSP here...
  xor  ecx,ecx
  jmp  [__imp_ExitProcess]

On SysV ABI (Linux, etc) it is garanteed that RSP will be aligned to DQWORD on _start entry. On MS-ABI it isn't!
[]s
Fred

43

Programming with NASM / Things to do in _start

« Last post by decuser on March 07, 2024, 04:59:02 AM »

I see a lot of example code out there that has _start like this:

Code: [Select]

push rbp
mov rbp, rsp
and rsp, -16
and:

Code: [Select]

push rsp
mov rbp, rsp
nop
and even just:

Code: [Select]

nop
What's going on? Is there some reason for this stuff? It's not part of the main logic, it seems like it's some kind of setup, but I can't make sense of it. I have heard about stack alignment, maybe this is something to do with that, if so WTF? What do I need to have at the beginning of my code?

44

Programming with NASM / Re: Learning Assembler

« Last post by AntonPotapov on March 03, 2024, 04:15:25 PM »

Thank you

45

Programming with NASM / Re: gdb and debug symbols

« Last post by decuser on March 03, 2024, 03:56:36 PM »

You and me, both! Screen’s aren’t big enough. Somebody oughtta...

46

Programming with NASM / Re: gdb and debug symbols

« Last post by Frank Kotler on March 02, 2024, 10:24:19 PM »

My poor exeszight.

Sorry
Frank

47

Programming with NASM / Re: gdb and debug symbols

« Last post by decuser on March 02, 2024, 09:51:33 PM »

I don't have "Code" anywhere. I have a .text section.

48

Programming with NASM / Re: gdb and debug symbols

« Last post by Frank Kotler on March 02, 2024, 09:22:38 PM »

""Code" is not a "known  section name". Try changing it to .text
Best,
Frank

49

Programming with NASM / Re: Learning Assembler

« Last post by decuser on March 02, 2024, 03:02:22 PM »

I used Jorgensen before I purchased Duntemann's x64 Assembly Language Programming on Linux book. Both are great books for x64 on Linux. As a new learner, I found Duntemann's book to be phenomenal. Jorgensen's is not as in depth, but it is very good. I asked the author if he had an updated version and he sent me one.

Both work with my system (Linux Mint 21.3 "Virginia") pretty much verbatim and both give enough hints to work through system differences if there are any (I used them both for FreeBSD, where the only thing I had a hard time with was the System Calls and Calling Conventions, but I expected that). I don't use SASM, which is featured prominently in Duntemann's book, but all of the examples work fine in gdb. Jorgensen uses ddd, which works fine.

50

Programming with NASM / Re: gdb and debug symbols

« Last post by decuser on March 02, 2024, 02:47:47 PM »

and I've tried it with no -F, -F stabs, and -Fdwarf, same result.