Jump to content
Tuts 4 You

32 bit asm in 64 exe?


Yazuki

Recommended Posts

hello all, is it posssible to have in example a x64-bit file, adding a empty section to it and add 32 bit code to that section.


 


so ie.


 


project64.exe > addsection > add 32 bit to section > run project32.exe


Link to comment

easier option is to use nasm / yasm which allows for both 64 and 32 bit code to be compiled

in the same obj file using the BITS 32 or BITS64 directive

doing it in masm im not sure is possible as the obj will have the machine type specified in

it.. .so go the nasm / yasm route, its easiest

you can do other tricks like bounce to x64 code space (assuming the os is x64 to begin with)

too

Edited by evlncrn8
  • Like 1
Link to comment

thanks bro!


 


so i want to include the obj generated by nasm or masm in my delphi project.


I have a delphi 32 bit project, and want to include the nasm/masm 64 bit obj file into the delpi project. is that possible?


 


also, i downloaded nasm and its ide, but after succesfully compiling a hello world program, no obj is generated...


Link to comment

thanks bro. the doc is full of information, but  cant find a way to generate a obj file using the nasm ide.


also, I have a delphi 32 bit project, and want to include the nasm/masm 64 bit obj file into the delpi project. is that possible?


Link to comment

dont use the ide then, use the cmd prompt..use the ide to make the asm file, shell to cmd prompt

add the path to nasm in the %path% and compile..

puting the obj into delphi (i hate delphi for numerous reasons) would be tricky, the best approach

that way would be to make some obj files and some dlls... the delphi would be native x86, so you'd

need to code an obj to make code to trampoline to x64 mode, and then loadlibrary (the x64 loadlibrary that is)..

that'd maybe work but would also be tricky if you dont know the peb structure and how to obtain the x64

peb (to then walk the ldr struct to get ntdll or kernel32 to do the loadlibrary when in x64 mode)

to do the section technique you mention you'd have to still write the asm code to jump to the x64 mode

(cs = 0x33..in x86 cs = 0x23)...and after that you'd have to essentially write some shell code and do

a fair amount of binary manipulation...

whats the actual reason you want to do this? as you stated the exe is x64 in the first post, then in the

secon you state its 32 bit (x86).. so which one is it?

just adding a new section into an x64 exe that has x86 code probably wouldnt work anyway, due to the

memory addressing (x64 has a hell of a longer range), so to even get that to work you'd have to base

the x64 exe to a low address where the high dword of the base would be zeroes.. then and only then

would the 32 bit code be 'stable).. and for the opposite of x86 you're restricted to the memory range

of 3 gig (at best) anyway...

perhaps if you detailed what you wanted to do i could help more, but you've changed the requirement

twice already so the scope got considerably blurry

  • Like 1
Link to comment

just use x64 code and it should work :D

 

not so simple because my file should run in 32 bit os too.

 

 

evlncrn8, sorry for confusing. so let me explain it better.

i created a injector in Delphi XE, this project is compiled in 32 bit. Besides the Delphi client, i created a shell in win32 asm. I link the obj file from this asm to Delphi, to use some win32 asm functions inside Delphi.

then i created a new section to the file which should be injected, that section (without any data in it yet), is compatible with 32 bit and 64 bit files.

but now the problem is, the shell is written in win32 asm, and this shell will be copied inside the new added section.

this method works for 32 bit files, but i am not sure of this method does work for 64 files to0

 

so:

 

32 bit file > add section to it > write win32 asm shell into section. Works.

64 bit file > add section to it > write win32 asm shell into section ? not sure if this will work.
Link to comment

dont think it will, if it calls api calls it'd get the addresses from your injector presumably which would give 32 bit addresses

the x64 target wont be using x86 api's, and will be using a different calling convention too (rcx, rdx, r8, r9, stack....)

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...