Both MASM and TASM support so-called simplified segmentation. I am backing the classical structure of an Assembly language program. However, I must admit that simplified segmentation is a
The main idea of simplified segmentation is as
Listing 1.9 illustrates the use of the simplified segmentation mode.
Listing 1.9: A program that uses simplified segmentation
.586P ; Flat memory model .MODEL FLAT, STDCALL ;------------------------------------------ ; Data segment .DATA SUM DWORD 0 ; Code segment .CODE START: ; Data segment . DATA A DWORD 100 ; Code segment . CODE MOV EAX, A ; Data segment . DATA B DWORD 200 ; Code segment .CODE ADD EAX, B MOV SUM, EAX RET ; Exit END START.
Commands such as .DATA and .CODE can be used within the code segment defined in a traditional way. This is convenient for creating useful macro definitions (these will be covered in more detail in Chapter 12).
[iii] There also is a special directive for the stack namely, the .STACK directive. However, I will use it rarely.
Although I never use specialized editors for writing Assembly programs
The DUMPPE.EXE utility is used for
The second editor, to which I'd like to draw your attention, is the Easy Assembler Shell (EAS.EXE). This editor, or shell, as its
Debuggers allow programs to be executed in a step-by-step mode. In Part IV of this book, I cover debuggers and disassemblers in more detail. The list of the most popular debuggers [i] includes CodeView (Microsoft), Turbo Debugger (Borland), and Ice.
Disassemblers convert the executable module into Assembly language code. An example of the simplest disassembler is the DUMPPE.EXE program, which operates in the command-line mode. Listing 1.10 provides an example of the results produced by DUMPPE.EXE. This example illustrates the result produced by disassembling the program provided in Listing 1.4. Can you recognize the program?
Listing 1.10: The results of disassembling a program using DUMPPE.EXE
knla.exe (hex) (dec) .EXE size (bytes) 490 1168 Minimum load size (bytes) 450 1104 Overlay number 0 0 Initial CS:IP 0000:0000 Initial SS.SP 0000:00B8 184 Minimum allocation (para) 0 0 Maximum allocation (para) FFFF 65535 Header size (para) 4 4 Relocation table offset 40 64 Relocation entries 0 0 Portable executable starts at a8 Signature 00004550 (PE) Machine 014C (Intel 386) Sections 0001 Time date stamp 3AE6D1B1 Wed Apr 25 19:31:29 2001 Symbol table 00000000 Number of symbols 00000000 Optional header size 00E0 Characteristics 010F Relocation information stripped Executable image Line numbers stripped Local symbols stripped 32-bit word machine Magic 010B Linker version 5.12 Size of code 00000200 Size of initialized data 00000000 Size of uninitialized data 00000000 Address of entry point 00001000 Base of code 00001000 Base of data 00002000 Image base 00400000 Section alignment 00001000 File alignment 00000200 Operating system version 4.00 Image version 0.00 Subsystem version 4.00 Reserved 00000000 Image size 00002000 Header size 00000200 Checksum 00000000 Subsystem 0002 (Windows) DLL characteristics 0000 Size of stack reserve 00100000 Size of stack commit 00001000 Size of heap reserve 00100000 Size of heap commit 00001000 Loader flags 00000000 Number of directories 00000010 Directory name VirtAddr VirtSize ---------------------------- -------- -------- Export 00000000 00000000 Import 00000000 00000000 Resource 00000000 00000000 Exception 00000000 00000000 Security 00000000 00000000 Base relocation 00000000 00000000 Debug 00000000 00000000 Description/architecture 00000000 00000000 Machine value (MIPS GP) 00000000 00000000 Thread storage 00000000 00000000 Load configuration 00000000 00000000 Bound import 00000000 00000000 Import address table 00000000 00000000 Delay import 00000000 00000000 COM runtime descriptor 00000000 00000000 (reserved) 00000000 00000000 Section table ----------- Virtual address 0001000 Virtual size 00000E Raw data offset 000200 Raw data size 0000200 Relocation offset 000000 Relocation count 000 Line number offset 0000000 Line number count 000 Characteristics 0000020 Code Executable Readable Disassembly 00401000 start: 00401000 E803000000 call fn_00401008 00401005 C3 ret 00401006 CC int 3 00401007 CC int 3 00401008fn_00401008: 00401008 B8E8030000 mov eax, 3E8h 0040100D C3 ret
I'd also like to mention the W32Dasm disassembler, which will be covered in detail in the last part of this book, and the well-known Ida Pro disassembler. In Part IV, I will consider both disassemblers in detail, as well as the techniques of
Hex editors allow you to view and edit executable modules in hex format. There are lots of programs of this type available. Furthermore, the most popular debuggers and disassemblers have built-in hex editors. Here, I'll only mention the HIEW.EXE program, which is popular with hackers. This program allows executable modules to be loaded both in hex format and in the form of Assembly code. Besides simply viewing these modules, HIEW.EXE allows you to edit them.
Both the MASM32 and the TASM32 assembler have a built-in resource compiler, which will be described in Chapter 9. These are the RC.EXE and BRC32.EXE programs, respectively.
As a rule, I use the resource editor supplied as part of Borland C++ 5.0 or the one supplied along with Visual Studio.NET. Simple resources can be created using practically any text editor. The resource language will be covered in more detail in Chapters 9 and 10.
[i] The DEBUG.EXE program is still supplied with the Windows operating system; however, this debugger does not support the new format of executable files.