The Simplified Segmentation Mode

Both MASM and TASM support so-called simplified segmentation. I am backing the classical structure of an Assembly language program. However, I must admit that simplified segmentation is a convenient method, especially when programming for Windows.

The main idea of simplified segmentation is as follows : The starting point of the code segment is determined by the .CODE directive, and the .DATA directive ^[iii] specifies the starting point of the data segment. Both directives can occur several times in the source code of the program. The translator then assembles the code and data together as appropriate. The main goal of such an approach is the possibility of placing the data in the source code of the program as close as possible to the lines of code that use them. Such a possibility was in due time implemented in C++. In my opinion, it results in inconvenience when reading the code. Furthermore, although I don't pretend to be an aesthete, I don't feel comfortable when I see data mixed with the code.

Listing 1.9 illustrates the use of the simplified segmentation mode.

Listing 1.9: A program that uses simplified segmentation

.586P
; Flat memory model
.MODEL FLAT, STDCALL
;------------------------------------------
; Data segment
.DATA
    SUM DWORD 0
; Code segment
.CODE
    START:
; Data segment
. DATA
     A   DWORD 100
; Code segment
. CODE
     MOV EAX, A
     ; Data segment
. DATA
    B   DWORD 200
; Code segment
.CODE
   ADD EAX, B
   MOV SUM, EAX
   RET ; Exit
END START.

Note	Commands such as `.DATA` and `.CODE` can be used within the code segment defined in a traditional way. This is convenient for creating useful macro definitions (these will be covered in more detail in Chapter 12).

^[iii] There also is a special directive for the stack namely, the .STACK directive. However, I will use it rarely.

Utilities for Working with Assembler

In concluding this chapter, I provide a brief overview of other programs often used when programming in Assembly language. Later, I will describe some of these programs in more detail; others will never be mentioned.

Editors

Although I never use specialized editors for writing Assembly programs myself , for completeness I'll briefly describe two of them. I'll start with the QEDITOR.EXE program supplied with MASM32. The editor, as well as all companion utilities, is written in Assembly language. After analyzing their size and functional capabilities, you'll be impressed. For example, the editor is only 27 KB, and the utility used for viewing reports on the results of translation is only 6 KB long. This editor is suitable for working with small, single-module applications. However, it isn't convenient for working with several modules. The operation of this editor is based on interaction with various utilities using batch files. For example, program translation is carried out by the ASSMBL.BAT batch file, which uses the ML.EXE assembler and directs the result into the ASMBL.TXT text file. To view this file, it is necessary to use the THEGUN.EXE utility. Linking is carried out in a similar way.

The DUMPPE.EXE utility is used for disassembling executable modules, and the results of its operation are sent to the DISASM.TXT file. Other operations are carried out in the same way. You can easily customize these operations by editing the appropriate batch file. When necessary, it is possible to replace the utilities being used (e.g., it is possible to replace ML.EXE by TASM32.EXE).

The second editor, to which I'd like to draw your attention, is the Easy Assembler Shell (EAS.EXE). This editor, or shell, as its name implies, allows you to create, compile, and link sophisticated projects, which comprise ASM, OBJ, RC, RES, and DEF files. This program can work with TASM and MASM, as well as with other utilities ( debuggers , resource editors, etc.). Compilers and linkers can be customized for a specific operating mode directly from the shell by specifying the required command-line options for these utilities.

Debuggers

Debuggers allow programs to be executed in a step-by-step mode. In Part IV of this book, I cover debuggers and disassemblers in more detail. The list of the most popular debuggers ^[i] includes CodeView (Microsoft), Turbo Debugger (Borland), and Ice.

Disassemblers

Disassemblers convert the executable module into Assembly language code. An example of the simplest disassembler is the DUMPPE.EXE program, which operates in the command-line mode. Listing 1.10 provides an example of the results produced by DUMPPE.EXE. This example illustrates the result produced by disassembling the program provided in Listing 1.4. Can you recognize the program?

Listing 1.10: The results of disassembling a program using DUMPPE.EXE

knla.exe                      (hex)          (dec)
.EXE size (bytes)             490            1168
Minimum load size (bytes)     450            1104
Overlay number                0              0
Initial CS:IP                 0000:0000
Initial SS.SP                 0000:00B8      184
Minimum allocation (para)     0              0
Maximum allocation (para)     FFFF           65535
Header size (para)            4              4
Relocation table offset       40             64
Relocation entries            0              0
Portable executable starts at a8
Signature                     00004550 (PE)
Machine                       014C (Intel 386)
Sections                      0001
Time date stamp               3AE6D1B1 Wed Apr 25 19:31:29 2001
Symbol table                  00000000
Number of symbols             00000000
Optional header size          00E0
Characteristics               010F
Relocation information stripped
Executable image
Line numbers stripped
Local symbols stripped
32-bit word machine
Magic                         010B
Linker version                5.12
Size of code                  00000200
Size of initialized data      00000000
Size of uninitialized data    00000000
Address of entry point        00001000
Base of code                  00001000
Base of data                  00002000
Image base                    00400000
Section alignment             00001000
File alignment                00000200
Operating system version      4.00
Image version                 0.00

Subsystem version             4.00
Reserved                      00000000
Image size                    00002000
Header size                   00000200
Checksum                      00000000
Subsystem                     0002 (Windows)
DLL characteristics           0000
Size of stack reserve         00100000
Size of stack commit          00001000
Size of heap reserve          00100000
Size of heap commit           00001000
Loader flags                  00000000
Number of directories         00000010
Directory name                VirtAddr       VirtSize
----------------------------  --------       --------
Export                        00000000       00000000
Import                        00000000       00000000
Resource                      00000000       00000000
Exception                     00000000       00000000
Security                      00000000       00000000
Base relocation               00000000       00000000
Debug                         00000000       00000000
Description/architecture      00000000       00000000
Machine value (MIPS GP)       00000000       00000000
Thread storage                00000000       00000000
Load configuration            00000000       00000000
Bound import                  00000000       00000000
Import address table          00000000       00000000
Delay import                  00000000       00000000
COM runtime descriptor        00000000       00000000
(reserved)                    00000000       00000000
Section table
-----------
Virtual address               0001000
Virtual size                  00000E
Raw data offset               000200
Raw data size                 0000200
Relocation offset             000000
Relocation count              000
Line number offset            0000000
Line number count             000
Characteristics               0000020

Code
Executable
Readable
Disassembly
00401000 start:
00401000 E803000000 call fn_00401008
00401005 C3          ret
00401006 CC          int 3
00401007 CC          int 3
00401008fn_00401008:
00401008 B8E8030000 mov eax, 3E8h
0040100D C3          ret

I'd also like to mention the W32Dasm disassembler, which will be covered in detail in the last part of this book, and the well-known Ida Pro disassembler. In Part IV, I will consider both disassemblers in detail, as well as the techniques of efficiently using them.

Hex Editors

Hex editors allow you to view and edit executable modules in hex format. There are lots of programs of this type available. Furthermore, the most popular debuggers and disassemblers have built-in hex editors. Here, I'll only mention the HIEW.EXE program, which is popular with hackers. This program allows executable modules to be loaded both in hex format and in the form of Assembly code. Besides simply viewing these modules, HIEW.EXE allows you to edit them.

Resource Compilers

Both the MASM32 and the TASM32 assembler have a built-in resource compiler, which will be described in Chapter 9. These are the RC.EXE and BRC32.EXE programs, respectively.

Resource Editors

As a rule, I use the resource editor supplied as part of Borland C++ 5.0 or the one supplied along with Visual Studio.NET. Simple resources can be created using practically any text editor. The resource language will be covered in more detail in Chapters 9 and 10.

^[i] The DEBUG.EXE program is still supplied with the Windows operating system; however, this debugger does not support the new format of executable files.