mixed asm / inserting bytes?

[rossh 1]

I have some old security code in asm to bring up to 64bit.  I realize the compiler no longer accepts embedded asm, and rejects trying to inline it.

 

But I need to insert about 60 bytes as a place marker at the front and end of a particular function.  In asm its done with  db 1,2,3,4,5,6,7,8.   How can I do that now in pascal? i.e. insert some superfluous bytes into the function code at beginning and end?

 

Thanks.

Edited October 27 by rossh

[Remy Lebeau 1392]

19 hours ago, rossh said:

I realize the compiler no longer accepts embedded asm, and rejects trying to inline it.

In 64bit, you can't mix inline assembly with Pascal code in the same function, but you can still write entire functions in just assembly and then call them from Pasal functions.

Quote

But I need to insert about 60 bytes as a place marker at the front and end of a particular function.  In asm its done with  db 1,2,3,4,5,6,7,8.   How can I do that now in pascal? i.e. insert some superfluous bytes into the function code at beginning and end?

You can't. At least, not in a Pascal function, where you don't have access to modify the function's prolog and epilog. 

 

Edited October 27 by Remy Lebeau

[Anders Melander 1782]

13 hours ago, Remy Lebeau said:

You can't.

To be clear: You can insert a stream of pre- and postfix bytes by declaring pure asm functions containing these bytes just before and after the function. You just just can't control the exact offset of them. The compiler is free to place them anywhere (it doesn't) and it's free to take alignment into account when placing them (which it does).

 

For example this code:

procedure Prefix;
asm
  db $01, $02, $03, $04, $05, $06, $07, $08, $09, $0a, $0b, $0c, $0d, $0e, $0f
end;

procedure Test;
begin
  WriteLn('Hello world');
end;

procedure Postfix;
asm
  db $11, $12, $13, $14, $15, $16, $17, $18, $19, $1a, $1b, $1c, $1d, $1e, $1f
end;

begin
  // Dummy references to ensure prefix/postfix procs get linked in
  if (@Prefix <> @Postfix) then
    Test;
end.

is compiled to this:

Project46.dpr.9: db $01, $02, $03, $04, $05, $06, $07, $08, $09, $0a, $0b, $0c, $0d, $0e, $0f
00000000009BEEF0 0102030405060708090A0B0C0D0E0F
Project46.dpr.10: end;
00000000009BEEFF C3               ret
00000000009BEF00 <...junk...>

Project46.dpr.13: begin
00000000009BEF00 55               push rbp
00000000009BEF01 4883EC20         sub rsp,$20
00000000009BEF05 488BEC           mov rbp,rsp
Project46.dpr.14: WriteLn('Hello world');
00000000009BEF08 488B0DB1310000   mov rcx,[rel $000031b1]
00000000009BEF0F 488D1526000000   lea rdx,[rel $00000026]
00000000009BEF16 E8B573FFFF       call @Write0UString
00000000009BEF1B 4889C1           mov rcx,rax
00000000009BEF1E E80D75FFFF       call @WriteLn
00000000009BEF23 E8E85FFFFF       call @_IOTest
Project46.dpr.15: end;
00000000009BEF28 488D6520         lea rsp,[rbp+$20]
00000000009BEF2C 5D               pop rbp
00000000009BEF2D C3               ret

00000000009BEF2E <...junk...>
Project46.dpr.19: db $11, $12, $13, $14, $15, $16, $17, $18, $19, $1a, $1b, $1c, $1d, $1e, $1f
00000000009BEF60 1112131415161718191A1B1C1D1E1F
Project46.dpr.20: end;
00000000009BEF6F C3               ret

 

The problem here is the <...junk...> it inserts to maintain alignment. If you are really desperate it should be possible to take this into account and, given the offset of the pre- and postfix markers, find the actual start and end of the function if that is what you're after.

[rossh 1]

if (@Prefix <> @Postfix) then

That will work just fine.  As long as the compiler places the Pre and Post either side of the actual function, essentially encapsulating the bit we need to protect.    What happens here is the binary is parsed and encrypted, and the code is then decrypted in memory when used, all based on those text markers we insert.

 

Thank you.