You'll find here informations for coders. Send me Your informations, please!
Specifications - ASMmagazines '89,
intel386, pentium optimizations, dpmi,vcpi,xms,vds,lx,
vxd-faq, old AD tricks
SEHcomplet - Everything You Always
Wanted To Know About Seh
Linker Reference
Dumpbin Reference
Editbin Reference
Lib Reference
Q: What I need
for coding?
A: Experience and tools. For DOS and Win16 coding I recommend You
Borland Turbo Assembler
v4.x (TASM.exe) and 5.x (TASM32.exe) with Turbo Linker
(TLINK.exe), Ralph Brown's Interrupt
List and TechHelp or something similar. For Win32 coding I
recommend You Microsoft Macro
Assembler (ML.exe), Incremental Linker (LINK.exe), some resource
compiler (I use BRC32.exe),
resource to .obj convertor (CVTRES.exe), some resource editor (I
use Borland Resource Workshop), Win32 API reference and Microsoft
Developer Network and include files. Import libraries aren't
necessary - You can create them. MAKE utility is not necessary.
H2INC utility for converting C include files to ASM ones I don't
use because I don't believe it. For writing programs You need an
editor. I'm used to text modes, I used editor from DOS Navigator,
now I'm writing in editor of FAR manager. I don't recommend You
syntax highlight.
Q: How can I
optimize file locations for easier compiling, linking?
A: Have
executables (with thier .dlls) in PATH variable. Have all
(import) libraries in LIB
(sub)directory, have include files and macro files in INC
(sub)directory. It's useful to create
following system variables:
SET INCLUDE=C:\MASM32\INCLUDE;C:\98DDK\INC\WIN98
SET LIB=C:\MASM32\LIB
You then don't need to specify path to include files or libraries
on ML,LINK command lines or in
Your sources (in directives INCLUDE and INCLUDELIB).
It's useful to get help screens of used tools:
ML /? >ML.TXT
LINK /? >LINK.TXT
LINK -DUMP /? >DUMPBIN.TXT
LINK -EDIT /? >EDITBIN.TXT
LINK -LIB /? >LIB.TXT
Q: What do you
use instead of MAKE utility?
A: I'm writing
my sources in the form of .BAT files as follows:
;@GOTO TRANSLATE
; here is my complete source
END
:TRANSLATE
@ECHO OFF
BRC32 -r Resource.rc
CVTRES /MACHINE:IX86 Resource.rc
ML /c /coff %0
LINK BATname.obj Resource.obj /..switches
DEL Resource.res
DEL Resource.obj
DEL BATname.obj
Then I simply run such a BATname.BAT .
I know that old and orthodox people will always use .ASM with
makefile.
Q: How can I
make my assembly language more flexible?
A: Can you do the following things?
CALL [API] ;FF15 form of CALL instead of E8 form with JMP table
at the end of .code section
MOV EAX, [API]
MOV [API], EBX
Yes You can tell me: Call GetModuleHandle and GetProcAddress and
It's done ;)
Then I tell you: And when I need address of native API (e.g.
KeTickCount, KeServiceDescriptorTable, ...) ?
Then You tell me: Write your program in Visual C++.
I found how to do them in Feb-6-1999. From this day you can see
in my .EXEs both forms of calls.
One E8 call requires 5+6 bytes + 1 reloc item. Six E8 calls from
various places of code require 6*5+6 bytes + 1 reloc item. One
FF15 call requires 6 bytes + 1 reloc item. Six FF15 calls from
various places of code require 6*6 + 6 reloc items.
I will publish here the technology EliASM after I receive 1st email
telling me how to play with APIs in assembly language or in July
1999. So You have task! Please quickly!
<YourName> was the 2nd who found the
way. Applauses!
Q: How to
create import library?
A: LINK -DUMP PExports.xxx /EXPORTS > PEwithExports.def
Edit .def to the form:
NAME PExports ;if xxx=exe
or
LIBRARY PExports ;if xxx=dll
or
NAME PExports.xxx ;if xxx<>exe and xxx<>exe e.g.
xxx=sys
EXPORTS
Function0
Function1
...
FunctionLast
Editation is very easy when Your editor supports vertical blocks
- simply select the column before
FunctionNames and erase it.
LINK -LIB /DEF:PExports /MACHINE:IX86
DEL PExports .exp
PExports.lib is import library
Q: How to link
PE?
A: LINK MyEXE.obj
.reloc section is added only when you use switch /FIXED:NONE
Q: How to link
DLL?
A: LINK MyDLL.obj /DLL
.reloc section is added automatically. Default image base is
0x10000000.
Q: How to link
VxD?
A: LINK MyVxD.obj /VXD /DEF:MyVxD.def
When You want to make dynamically loadable VxD add switch
/EXETYPE:DYNAMIC.
Q: How to link
Driver?
A: LINK MySYS.obj MySYSres.obj /SUBSYSTEM:NATIVE /DRIVER
/ALIGN:0X20 /BASE:0X10000
.reloc section is added automatically. You can try to make
smaller file by adding switch
/MERGE:.rdata=.text.
Q: How to add
checksum for PE file?
A: At link time:
LINK MyPE.obj /RELEASE
Anytime:
LINK -EDIT MyPE.xxx /RELEASE
Q: How to
change properties of PE sections?
A: At link time:
LINK MyPE.obj /MERGE:.text=SName /MERGE:.data=SName
/SECTION:SName,ERW
1st switch renames .text section to SName, 2nd switch adds .data
section to SName section and 3rd switch changes attributes of
SName section to executable,readable and writable.
Anytime:
LINK -EDIT MyPE.xxx /SECTION:.text=SName,EWR
Q: How to
change image base of PE?
A: At link time:
LINK MyPE.obj /BASE:MyBase
Anytime:
LINK -EDIT MyPE.xxx /REBASE:BASE=MyBase
MyBase is decimal number or hexadecimal number with prefix 0x.
Base for Win9x executables should be => 0x400000.
Base for WinNT executables is arbitrary. Usually from 0x1000000
to 0x3000000. Note that .EXEs in %SysRoot%\System32 directory
have PE image bases alphabetically sorted: AddGrpw.exe 0x1000000,
AddUsrw.exe 0x1020000, ... XCopy.exe 0x29F0000.
.reloc section is not explicitely needed.
Drivers should have base = 0x10000 (just for uniformity)
Q: How to
change PE section alignment?
A: At link time:
LINK MyPE.obj /ALIGN:MyAlign
MyAlign is decimal number or hexadecimal number with prefix 0x.
Align for Win9x executables should be => 0x200.
Align for WinNT executables is arbitrary.
Q: How to get
alignment=0x200 with LINK v6.0 (and higher versions?) ?
A: Link 6.0 makes PEs with align=0x1000 to simplify work of the
PE Loader.
Use LINK MyPE.obj /ALIGN:0x1000 to get file align=0x200, ignore
warning message.
Q: Why LINK
versions >5.0 produce files with some strange data in MZ part?
A: Yes, there
are: MZ header, 16bit code, text:"This program.."
followed by some dwords, last but one is "Rich", PE or
LE header. What's the sense of those dwords? Microsoft knows. Do
You too?
Q: How can I
make my code running on NT ring-0?
A: Windows NT
is normal operating system, so there is strong barrier between
user (ring-3, below 0x80000000) and system code (above). The ONLY
way is to write kernel-mode driver, "to register it"
and to communicate with it. User-mode drivers (VDD, MM drivers)
run on ring-3.
Q: How can I
recognize normal OS?
A: Close
all DOS and Win16 applications. Press debugger hotkey several times.
If you'll never break in 16bit code You OS is normal.
Q: What has changed
between NT 4.0 SP0 and SP5 (for coder)?
A: ntoskrnl.exe
exports following new APIs: ExAllocatePoolWithTagPriority, MmMapLockedPagesSpecifyCache,
MmHighestUserAddress (former literal 7FFEFFFFH), MmUserProbeAddress (former literal 7FFF0000H),
MmSystemRangeStart (former literal 80000000H). ntvdm.exe exports VDDFlushPrinters.
Do not use those APIs for backward compatibility.
.