Dumping Registers

[dn5a]

Hello,
I just started to learn assembly32 and need some help from you guys.
How can I dump registers, what call should I use to show/dump them?
And in what library is it contained?
I'd like to call procedure to show the same registers as in Debug/ -r

AX=0000  BX=0000  CX=0000  DX=0000  SP=FFEE  BP=0000  SI=0000  DI=0000
DS=0C99  ES=0C99  SS=0C99  CS=0C99  IP=0100   NV UP EI PL NZ NA PO NC
0C99:0100 0207          ADD     AL,[BX]                            DS:0000=CD

I have no idea how to do that, and I think it would be really useful to plug in such a call into application while debugging.
And since I'm asking that question, I'd like to add one more, why debug shows 16-bit registers on my PC?
Thanks for the help,
rock out.

[hutch--]

> And in what library is it contained?

I would not hold your breath waiting for that library.  :bg

Copy all of the registers to GLOBAL variables then string convert them to either decimal or hex for display.

[dn5a]

THanks for replaying.
I'm not fully sure how to do that, is it something like this:
.data
eaxVal DWORD ?
ebxVal DWORD ?
ecxVal DWORD ?
.
.
.code
mov eaxVal,eax
mov ebxVal,ebx
.
.
call WriteHex    ; I don't know what the proper procedure should go here.

Do you know what the procedure should be to write hex into the console?
And do you guys have any documentations, books, API encyclopedias to reffer to while programming?
How do you guys check what the procedure does? and else how do you check what procedure should it be for
the given action, like what procedure should I call for, to hide cursor, write hex, color text, etc?
It would be really useful to have one.
Going back to the register display, I used mov to move the eax to the variable, but what if I have
some other code in there? and I also need to store some things in the registers at that time?
I can't use registers if I just what to check how is my application at the time. It would be much better to
use an istruction that copies values to variables, I tried to look into the instruction reference but couldn't find
a good instruction to copy the values, probably because I didn't spend too much time on looking through it, do you
know that instruction?
Allright suppose I've done this, and I have all eax values in the variables, I display them in hex, and I think
I would see something like this in my console:
00000100  00000402  00002003  00000000  00000000  00000000  00000000
I'm not right, because I know it is possible to display the variables in any way you want,
but it needs much more code. I'm thinking about the shortest way to display registers, because
I need it for debugging, and I don't want to spend to much time on delating and writing garbage
into the program which should do something different.
Thanks again for the help

[hutch--]

It may be worth you telling us how much you know about writing this stuff as it will save a lot of wasted time. Go to the forum web site for links to the necessary reference material for both API and opcode reference.

[dn5a]

Again thanks for replaying and giving some useful hints about API and opcodish things, but it still didn't answer my questions
altogether. Just in case, somebody lost himself in this thread, I want to code this:
http://dnsa.prawniczy.com/1.exe
You can simply run it under DOS, else I tried to disassembly it and here I have another question,
It was made up of 5 lines of code, but while disassembling it shows tens of lines, or maybe more than a hundred
why is it?
I don't know much about assembly, my coding shorts to writing simple applications to DOS, like Hello World and so on. I can't code anything useful yet,
well, I tried but it never works the way I want it to, that's why I thought about pluging registers-call into code.

[dsouza123]

To view the register values as you debug your programs,
try OllyDbg v1.10 a 32-bit assembler-level debugger for Windows.

It shows much more information than the 16-bit Debug program
that came with DOS.  It is for 32-bit Windows programs though.

Just search for OllyDbg in any of the major search engines.

[Phoenix]

Hello dn5a,

some time ago i tried to understand a SzCpy function posted by MichaelW. So i have coded a little tool that shows every register and every flag for each step of his procedure. It uses pushad/popad and pushfd/popfd and displays the results. Not very useful if you have OllyDbg, but it was a good practice for me ... and may be useful for you.

Regards, Phoenix

[attachment deleted by admin]

[dn5a]

Hey,

To view the register values as you debug your programs,
try OllyDbg v1.10 a 32-bit assembler-level debugger for Windows.

It shows much more information than the 16-bit Debug program
that came with DOS.  It is for 32-bit Windows programs though.

Just search for OllyDbg in any of the major search engines.

k, I just downloaded it from the website, it seems to be great, but
this is just the first view of a newbie, it will take me up some time to master it.
Thanks for help, and what led you to use this debugger? What do you think about it?

Hello dn5a,

some time ago i tried to understand a SzCpy function posted by MichaelW. So i have coded a little tool that shows every register and every flag for each step of his procedure. It uses pushad/popad and pushfd/popfd and displays the results. Not very useful if you have OllyDbg, but it was a good practice for me ... and may be useful for you.

Regards, Phoenix

Hello,
I don't think I'm so advanced to use pushad/popad and so on yet, although those are 'a must' while writing applications.
I will try do get to that slowly, there is much ahead of me. Can you publish a source code of this tool, if you didn't do it yet?
I think it may be helpful for others. Thanks for help too.

Allright, I thought a little about this and everything would be allright, only if I could bring certain library to masm32 (the newest one)
I try to learn from the iczelion tutorials, and I use RadAsm to help me + masm, but I also have a book "programming assembly for intel proccessors"
That book uses masm6.15 and all codes are including Irvine32.inc/.lib
in masm6.15 the only libaries I have are GraphWin.inc Irvine16.inc Irvine32.inc SmallWin.inc Macros.inc and WIN.inc,
I need to bring them to masm32(8.***) which is used by RadAsm, or in other words RadAsm looks for folder masm32 in C:\
I tried to simply copy them from C:\masm615\include to C:\masm32\include but this don't work. I think it should be built into system/masm, just like when you install
masm, you have to press key to build libraries.
There is also another idea. Many of you right now thought, why don't you just pass Irvine32.inc path into into the code?
Well, I tried but I get some errors.
For example This is a simple code, for masm615, which shows the registers this all post is about.

include Irvine32.inc
.code
start:
call DumpRegs   ; shows registers
Invoke ExitProcess,0   ; closes app
end start

then If I assemble and link it under masm615, everything seems to be great, I get the all output:

C:\masm615\1.exe
     EAX=00000000  EBX=7FFDF000  ECX=0012FFB0  EDX=7C90EB94
     ESI=00000000  EDI=0000000A  EBP=0012FFF0  ESP=0012FFC4   
     EIP=00401005  EFL=00000246  CF=0  SF=0  ZF=1  OF=0

Now If I use RadAsm, and want to code the same thing:

include c:\masm615\include\irvine32.inc
.code
start:
call DumpRegs
Invoke ExitProcess,0
end start

I assemble and link, and get:

openGLN.obj : error LNK2001: unresolved external symbol _ExitProcess@4
openGLN.obj : error LNK2001: unresolved external symbol _DumpRegs@0
openGLN.exe : fatal error LNK1120: 2 unresolved externals

why is it?

Can you guys help me with this problem?

It would be best to use RadAsm/Masm8 and all includes like Irvine32 kernel32 user32 and so on. But this seems to don't work.

Hmm, I think I confused you with this problem, and many of you probably lost sense in this post, so feel free to blame me, and ask for the right explanation of the problem so that you can help me. Thanks again fellows for replaying.

[Phoenix]

Can you publish a source code of this tool, if you didn't do it yet?

It is attached in my previous post (TestProc.zip), including *.exe. It was coded using WinAsmStudio.

Regards, Phoenix

[MichaelW]

dn5a,

This shows how to combine the Irvine32 include and library with the MASM32 includes and libraries. Some of the Irvine32 procedures will probably not work this way, but DumpRegs and DumpMem do. As noted, you will need to comment out the "INCLUDE SmallWin.inc" line in Irvine32.inc (because that file contains duplicates of some of the MASM32 declarations). You will also need to change the "D:\Downloads\Irvine" path to whatever is correct for your system. I have no idea if this will work with RadAsm.

Code Select Expand


; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    include \masm32\include\masm32rt.inc

    ; In Irvine32.inc you must comment out the line that
    ; starts with "INCLUDE SmallWin.inc".

    include D:\Downloads\Irvine\Irvine32.inc
    includelib D:\Downloads\Irvine\Irvine32.lib

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    .data
    .code
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
start:
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    call  DumpRegs
    mov   esi, OFFSET start
    mov   ecx, 128
    mov   ebx, 1
    call  DumpMem

    inkey "Press any key to exit..."
    exit
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
end start


Code Select Expand



  EAX=00000000  EBX=7FFDF000  ECX=00010101  EDX=FFFFFFFF
  ESI=00000000  EDI=00000000  EBP=0012FFF0  ESP=0012FFC4
  EIP=00401005  EFL=00000246  CF=0  SF=0  ZF=1  OF=0


Dump of offset 00401000
-------------------------------
E8 58 02 00 00 BE 00 10 40 00 B9 80 00 00 00 BB
01 00 00 00 E8 74 01 00 00 68 00 30 40 00 E8 19
00 00 00 E8 58 00 00 00 68 19 30 40 00 E8 0A 00
00 00 6A 00 E8 B3 00 00 00 CC CC CC 55 8B EC 83
C4 F4 6A F5 E8 A9 00 00 00 89 45 FC FF 75 08 E8
5C 00 00 00 89 45 F4 6A 00 8D 45 F8 50 FF 75 F4
FF 75 08 FF 75 FC E8 8D 00 00 00 8B 45 F8 C9 C2
04 00 CC CC CC CC CC CC CC CC CC CC CC CC CC CC


[hutch--]

dn5a,

Again thanks for replaying and giving some useful hints about API and opcodish things, but it still didn't answer my questions
altogether. Just in case, somebody lost himself in this thread, I want to code this:

I did in fact answer your question but you did not understand it. I asked how much you knew about writing this type of code for a reason, you did not tell us what assembler you were using, whether it was 16 or 32 bit code and you did not tell us you were looking for support for Kip Irvine's code and with so little to go on, you are lucky you got an answer at all.

This place is full of magicians when it comes to writing code but it does not translate to determining what the content of your question was by magic.

[dn5a]

dn5a,

I did in fact answer your question but you did not understand it. I asked how much you knew about writing this type of code for a reason, you did not tell us what assembler you were using, whether it was 16 or 32 bit code and you did not tell us you were looking for support for Kip Irvine's code and with so little to go on, you are lucky you got an answer at all.

This place is full of magicians when it comes to writing code but it does not translate to determining what the content of your question was by magic.

Allright sorry for not answering your questions and not understanding your answer. Next time I will bring all those data with me. at first I didn't want to tell anything about Kip Irvine's book because I wanted to write such a 'thing' using only libraries that normally come with newest masm32. Assembler? hmm, since it's masm forum I thought it will be simple to understand that I'm using masm, and 16 or 32 bit programming? I wrote in the first post 'assembly32'... Answering your question I thought about "how much you know about assembly altogether." Once more sorry for misunderstanding your question and 'answer'. Magicians hmm... As I said I don't know much about assembly but after looking through this forum I've seen a lot of interesting posts and much greater codes. I'm sure there are some assembly masters here. How was your assembly at first, how did you do while learning assembly programming, and why do you enjoy it right now? Thanks for trying to help me. Wish you a better 2006 than a year before. Sleep well,

MichaelW,
Thanks for giving this code and helping me. Now I will try to check it out, if I still have any problems with it, I will try to pm you if I can. Once more, thanks for helping me fellow.

And also everyone in this thread, thank you all guys for giving out some useful infos. And have your 2006 much better than 2005.

[dn5a]

I tried to assemble the code Michael gave me, however it doesn't work, or my mind doesn't work.
Please don't blame me or scream, I just want to make it 100% sure and right.

I copied the code:
; <<<<

include masm32rt.inc

include irvine32.inc
includelib Irvine32.lib


; <<<<<<<<<<<<<<<

.data
.code

; >>
start:

call DumpRegs
mov esi,OFFSET start
mov ecx,128
mov ebx,1
call DumpMem
inkey "Press any key to exit..."

exit

; >>>>>>>>>>>.
end start

However it doesn't work. At first I did not have a masm32rt.inc so I downloaded a service packII. I copied the masm32rt into masm2 include directory, and then tried to run a exampl12\makecimp\makelib.bat to build a library however it didn't work. I get an error Could Not Find C:\sp\exampl12\makecimp\msvcrt.exp. I tried to copy the masmvcrt into include but then I get a full set of errors from smallwin.inc

C:\Masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"C:\Masm32\Include" "lib.asm"
Assembling: lib.asm
C:\Masm32\Include\SmallWin.inc(6) : warning A4011: multiple .MODEL directives found : .MODEL ignored
C:\Masm32\Include\SmallWin.inc(56) : error A2005: symbol redefinition : FILE_ATTRIBUTE_ENCRYPTED
C:\Masm32\Include\SmallWin.inc(82) : warning A4006: too many arguments in macro call
exit(1): Macro Called From
  C:\Masm32\Include\SmallWin.inc(82): Include File
C:\Masm32\Include\SmallWin.inc(82) : error A2034: must be in segment block
exit(1): Macro Called From
  C:\Masm32\Include\SmallWin.inc(82): Include File
C:\Masm32\Include\SmallWin.inc(105) : error A2161: non-benign structure redefinition: too few labels : COORD
C:\Masm32\Include\SmallWin.inc(123) : error A2161: non-benign structure redefinition: too few labels : FILETIME
C:\Masm32\Include\SmallWin.inc(134) : error A2163: non-benign structure redefinition: incorrect initializers : CONSOLE_CURSOR_INFO
C:\Masm32\Include\SmallWin.inc(138) : error A2163: non-benign structure redefinition: incorrect initializers : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(139) : error A2163: non-benign structure redefinition: incorrect initializers : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(141) : error A2163: non-benign structure redefinition: incorrect initializers : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(142) : error A2163: non-benign structure redefinition: incorrect initializers : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(143) : error A2161: non-benign structure redefinition: too few labels : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(143) : error A2164: non-benign structure redefinition: too few initializers : CONSOLE_SCREEN_BUFFER_INFO
C:\Masm32\Include\SmallWin.inc(152) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(169) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(173) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(177) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(181) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(184) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(191) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(197) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(203) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(210) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(216) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(223) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(227) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(235) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(243) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(246) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(251) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(260) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(264) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(271) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(278) : error A2111: conflicting parameter definition
C:\Masm32\Include\SmallWin.inc(285) : error A2111: conflicting parameter definition
lib.asm(23) : error A2008: syntax error : inkey
C:\Masm32\Include\SmallWin.inc(18) : error A2005: symbol redefinition : FILE_ATTRIBUTE_ENCRYPTED

Make error(s) occured.
Total compile time 687 ms

RadAsm shows that en error is right here:
STD_OUTPUT_HANDLE EQU -11      ; predefined Win API constant
[...]
FILE_ATTRIBUTE_ENCRYPTED           = 4000h
[...]
exit EQU <INVOKE ExitProcess,0>      ; exit program

Can any one of you help with this problem?
Thank you guys :)

[MichaelW]

I was assuming that you had a working installation of a recent version of MASM32. If you do not then you are going to have problems using the code I posted. I cannot determine exactly what you are doing, but one thing that is obviously wrong is that smallwin.inc is being included:

As noted, you will need to comment out the "INCLUDE SmallWin.inc" line in Irvine32.inc (because that file contains duplicates of some of the MASM32 declarations).

Perhaps I need to point out that masm32rt.inc is just an include file, and there is no corresponding library.

Rather than trying to fix your MASM32 installation, it would probably be easier to rename your current installation (that is, rename the c:\masm32 directory to something else), or move it to another drive, then download a recent version of MASM32 and install it. Assuming you have commented out the "INCLUDE SmallWin.inc" line in Irvine32.inc, and corrected the paths for Irvine32.inc and Irvine32.lib, you should then be able to assemble and link the source I posted. I cannot help you with RadAsm because I don't use it. One method that I know will work is to open Quick Editor, paste in the source, save the source to a directory under the MASM32 directory, and select Console Assemble & Link from the Project menu. If you did everything right the source should assemble and link OK and you should then be able to run it from the Project menu.