Print Page - I'm stuck (on arrays)

Title: I'm stuck (on arrays)
Post by: Brett Kuntz on April 11, 2005, 06:57:15 AM


local luidSeDebugNameValue:LUID
...
mov eax, luidSeDebugNameValue
mov tpPrivileges.Privileges[0].Luid, eax

I tried that out hoping masm would bust some HL stuff on it and figure out what I'm trying to do, but I'm not so lucky. I'm trying to move luidSeDebugNameValue into tpPrivileges.Privileges[0].Luid and have no idea how.

Code Select


TOKEN_PRIVILEGES STRUCT
  PrivilegeCount    DWORD      ?
  Privileges        LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TOKEN_PRIVILEGES ENDS

Code Select


LUID_AND_ATTRIBUTES STRUCT
    Luid LUID <>
    Attributes dd ?
LUID_AND_ATTRIBUTES ENDS

Code Select


LUID STRUCT
  LowPart   DWORD      ?
  HighPart  DWORD      ?
LUID ENDS

I don't really know how to explain what I'm trying to do.

Title: Re: I'm stuck (on arrays)
Post by: Ghirai on April 11, 2005, 09:36:25 AM

Try push/pop.

Title: Re: I'm stuck (on arrays)
Post by: tenkey on April 11, 2005, 09:54:53 AM

The EAX register can hold only 32 bits, but the LUID structure is 64 bits.

You will need to move the bits in pieces.

Code Select


mov eax, luidSeDebugNameValue.LowPart
mov ebx, luidSeDebugNameValue.HighPart
mov tpPrivileges.Privileges[0].Luid.LowPart, eax
mov tpPrivileges.Privileges[0].Luid.HighPart, ebx

Also, be aware that MASM treats addressing like other assemblers, and does not attempt to generate the adjustments needed to convert "subscripts" to byte displacements. That means storing data in Privileges[1] will store data starting at byte address (Privileges+1) and not at byte address (Privileges+SIZEOF LUID_AND_ATTRIBUTES).

Title: Re: I'm stuck (on arrays)
Post by: Brett Kuntz on April 11, 2005, 04:42:26 PM

Erm luidSeDebugNameValue is a pointer (32 bits) and I'm trying to move it into tpPrivileges.Privileges[0].Luid which will hold the pointer. I don't know how the mov got in there, it was originally a lea:

Code Select


lea eax, luidSeDebugNameValue  ;move the pointer into eax
mov tpPrivileges.Privileges[0].Luid, eax  ;move eax, the pointer, into Luid

The high level equivelent would look something like: tpPrivilages.Privileges[0].Luid = luidSeDebugNameValue;

Code Select


local luidSeDebugNameValue:LUID
...
lea eax, luidSeDebugNameValue
mov dword ptr [tpPrivileges.Privileges[0].Luid], eax

The above assembles without error, but will it do what I'm trying to do?

Title: Re: I'm stuck (on arrays)
Post by: Brett Kuntz on April 11, 2005, 05:11:28 PM

And another problem here, masm doesn't recognise my own structures?

Code Select


TestTest proc pispParams:InjectedSearchParams

    local dwRet:dword

    lea eax, pispParams
    assume eax:ptr InjectedSearchParams
    mov eax.pulReturns, 0  ;It doesnt know what pulReturns is no matter how I type it

TestTest endp

It doesn't know what pulReturns is no matter how I type it, even though its an existing struct varible?

Code Select


InjectedSearchParams struct 4

    dword pvStart
    dword pvEnd
    dword iSearchType
    dword iDataType
    dword iJump
    dword iDataSize
    byte szPath MAX_PATH
    byte szMain 256
    dword bPointer
    dword bStaticOnly
    dword ulPointerSaveOffset
    Param1 uParam <>
    Param2 uParam <>
    dword psSentenceList
    dword ulTotalSentences
    dword bUnicode
    dword ulAllocatedTotal
    dword ulTotalReturns
    dword pulReturns  ; Even though its an existing struct varible?
    dword prfFunctionAddress RS_TOTAL_FUNCTIONS
    dword prfRemoteLoadAndSearch
    dword ulTotalChunks
    dword pcChunkList
    dword prfGetChunkEnd
    dword prfRemoteReallocateReturnList
    dword prfRemoteAddAddress
    dword prfRemoteFree
    dword prfVirtualAlloc
    dword prfVirtualFree
    dword prLoadLibrary
    dword prGetModuleHandle
    dword prFreeLibrary
    dword prGetProcAddress

InjectedSearchParams ends

Title: Re: I'm stuck (on arrays)
Post by: tenkey on April 12, 2005, 12:25:50 AM

Quote from: kunt0r on April 11, 2005, 04:42:26 PM
The high level equivelent would look something like: tpPrivilages.Privileges[0].Luid = luidSeDebugNameValue;

Code Select Expand
local luidSeDebugNameValue:LUID ... lea eax, luidSeDebugNameValue mov dword ptr [tpPrivileges.Privileges[0].Luid], eax

The above assembles without error, but will it do what I'm trying to do?

No, it will not disturb whatever previous data was in the High portion of the structure. You've told the processor to update only 32-bits, not 64. You must set the upper bits explicitly, as there is no move instruction that automatically expands data values when the destination is memory.

Quote
Code Select Expand
mov eax.pulReturns, 0 ;It doesnt know what pulReturns is no matter how I type it

Registers that are used as part of memory addressing must be in [].

Code Select

  mov [eax].pulReturns, 0

You have the structure field names in the wrong position.

Code Select


pvStart dword ?
pvEnd dword ?
; ...etc....

Title: Re: I'm stuck (on arrays)
Post by: Brett Kuntz on April 12, 2005, 02:13:44 AM

Quote from: tenkey on April 12, 2005, 12:25:50 AM
Quote from: kunt0r on April 11, 2005, 04:42:26 PM
The high level equivelent would look something like: tpPrivilages.Privileges[0].Luid = luidSeDebugNameValue;

Code Select Expand
local luidSeDebugNameValue:LUID ... lea eax, luidSeDebugNameValue mov dword ptr [tpPrivileges.Privileges[0].Luid], eax

The above assembles without error, but will it do what I'm trying to do?

No, it will not disturb whatever previous data was in the High portion of the structure. You've told the processor to update only 32-bits, not 64. You must set the upper bits explicitly, as there is no move instruction that automatically expands data values when the destination is memory.

tenkey, I'm not trying to move 64 bits, I'm only trying to move 32. There is no high or low, there's just a pointer to the structure I'm trying to move. I'm not trying to move whats in the structure, I'm just trying to move a pointer to the structure (32 bits).

mov dword ptr [tpPrivileges.Privileges[0].Luid], 0

The Luid part of the above line is a varible that holds a pointer, not a structure. It holds a 32 bit pointer to a Luid structure, but does not hold any of the structures values itself.

luidSeDebugNameValue = 32 bit pointer points to base of structure
tpPrivilages.Privileges[0].Luid = 32 bit memory location I want to move a 32 bit pointer to

or in laymens terms:

luidSeDebugNameValue = Ball
tpPrivilages.Privileges[0].Luid = Hole

I want to get the ball in the hole.

Title: Re: I'm stuck (on arrays)
Post by: tenkey on April 13, 2005, 02:33:02 AM

Quote from: kunt0r on April 12, 2005, 02:13:44 AM
tenkey, I'm not trying to move 64 bits, I'm only trying to move 32. There is no high or low, there's just a pointer to the structure I'm trying to move. I'm not trying to move whats in the structure, I'm just trying to move a pointer to the structure (32 bits).

mov dword ptr [tpPrivileges.Privileges[0].Luid], 0

The Luid part of the above line is a varible that holds a pointer, not a structure. It holds a 32 bit pointer to a Luid structure, but does not hold any of the structures values itself.

Unfortunately, the code in your first post definitely shows a 64 bit structure:

Code Select


LUID_AND_ATTRIBUTES STRUCT
    Luid LUID <>   ; 64 bits - this is an embedded structure, NOT a pointer
    Attributes dd ?
LUID_AND_ATTRIBUTES ENDS

LUID STRUCT    ; 64 bits
  LowPart   DWORD      ?    ; 32-bits
  HighPart  DWORD      ?    ; 32-bits
LUID ENDS

A pointer is a DWORD, and a STRUCT name cannot be used as a synonym (or alias) for a pointer to that structure.
If the Luid field will hold only pointers, then you are wasting 32-bits on each array element.

Title: Re: I'm stuck (on arrays)
Post by: Brett Kuntz on April 13, 2005, 03:45:17 AM

Thanks for your help tenkey, but I've given up on using arrays in masm, I'll just make arrayless code from here on out.

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: Brett Kuntz on April 11, 2005, 06:57:15 AM