Could use your help here, /g/.
I'm getting a buffer overflow, and it's coming from somewhere within this block of code. I've been trying to weed it out for the last 6 hours with no luck.
Any thoughts?
Noone?
>>53532593
.0001% of /g/ knows assembly.
...step through it?
>>53532486
not an asm programmer so i can only offer a general debugging tip.
if its consistently reproducible then try just removing code and rerunning it. eventually either the bug will disappear in which case you're on to it, or the bug will remain and you've only got 3 lines of code left and you're onto it.
if you hit the situation where you remove a line and the bug goes away but you still cant work out why then put that line back and remove a different line. and so on.
that any help?
>>53532741
That's not a really good tip you know.
>>53532758
why not? its worked for me many many times.
>>53532741
>just removing code and rerunning it
It's at least 50000 lines long and it jumps literally all over the place. It'd be like cutting a square out of a folded piece of paper, you unfold it and end up with holes everywhere and probably not where you intended. I'm scared I've written myself into a completely unmanageable corner.
Doesn't really help at all, but thanks for trying.
>>53532726
yeah, this. I don't know x86 but that's usually the best action.
>>53532769
ok pajeet
You're going to need to give a lot more information if you want help. What is it supposed to do? and why are you programming assembly
>>53532773
>t's at least 50000 lines long
i've used this technique on 250kloc of c++, works well.
>and it jumps literally all over the place
yeah thats your problem. you've written spaghetti, dont do that cos, as you're finding out, it makes it all but impossible to debug.
>>53532486
>he fell for the assembly meme
enjoy your "fast" code thats slower than what any decent compiler can give you.
>>53532788
Stepping through it, the error itself happens at 00414368, but edx only has 8 bits in it, and the pointer is set to a 32 bit block that's available. It shouldn't be overflowing. I'm tearing my hair out.
>what is it supposed to do
It's a server interface.
>why are you programming assembly
So it's illegible to the competition when they inevitably steal it. Unfortunately that makes it virtually illegible to me too.
>>53532836
>So it's illegible to the competition when they inevitably steal it.
Your competition has access to your software repos? Wut?
>>53532813
Unfortunately I get paid to write spaghetti, see >>53532836
>>53532850
They don't have access to shit, but the corporate servers get hit all the time. They hired a team of assembly programmers for this exact reason, to slow them down by writing complete spaghetti. It's perfectly manageable in the framework they give us, but when stupid shit like this happens that simply shouldn't be happening it makes it very difficult.
>>53532875
>hired a team of assembly programmers for this exact reason, to slow them down
And now you have two problems: the security issues, and the programming team summoning demonic horrors from their computers.
>>53532836
When the anon before said a lot more, he really meant a lot more. Post complete stack traceback when the error occured, the last (hundreds of) executed instructions, values of all registers. If your program tries to access memory regions, you might need to post those too. If it's your program, why don't you have symbols? If your program has several different threads, and you're sharing resources, well, good luck.
>>53532875
>perfectly manageable
>stupid shit
DOOD! What can I say, fucken pick one! Stupid shit ALWAYS happens.
And the more complex it is the more often it will happen.
Anyhoo, back to the removing lines of code thing. Arent there any places you can insert stubs? If you have 50kloc of code you need to start reducing the problem. As I said not an asm programmer, but you have to cut this down.
>somewhere within this block of code.
How have you established that?
>>53532836
>Stepping through it, the error itself happens at 00414368, but edx only has 8 bits in it, and the pointer is set to a 32 bit block that's available. It shouldn't be overflowing. I'm tearing my hair out.
I don't do assembly but is that line pushing it onto the stack?
>>53532959
Those calls go to subs that call straight back, so it's something on that page.
>>53532919
Done all that man. Thats how I know the pointer's in the right place, the register has the right data and the memory is free.
Everything is as it should be, it tries to write the memory, and it overflows. I was wondering if there's something about x86 I've forgotten or overlooked that would force an overflow from an otherwise free and correctly sized block.
>If your program has several different threads, and you're sharing resources, well, good luck.
>pic related
>>53533003
Yeah, and it's overflowing.
>>53533003
it seems to yes
>>53532836
I don't think it's a bit thing, pushes can cause stack overflow themselves, OS sometimes put limits on stack sizes.
>>53533044
>OS sometimes put limits on stack sizes.
It's actually coded to expand the stack due to the heavy use it gets. Maybe something's causing Windows to reduce it again there.
Thanks for the lead. I wasnt expecting anon to actually help me debug it, was looking for something like this.
why don't you just compile C code and delete the source code? and when you want to edit the program just rewrite the source code? I'm sure that would be easier than debugging this clusterfuck you've got
>>53532701
So me and OP?
I can't be bothered to look through your code OP so your out of luck.
>>53533151
>just rewrite the source code
>>53533108
Me again, I know more about ARM assembly, but IIRC , stack size normally dynamically increases at run time, but the operating systems can put a hard limit on that themselves .
From what I see you're programming assembler inside old Visual Basic that produces native Win32 exe? In that case, your code will need to play nice with COM. VB generated code takes care of this automatically. Since you're doing assembly - which is btw, even more insane than designing your own COM object in C++ - you may want to start digging here:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680573(v=vs.85).aspx
>>53533197
It manages its stack across non-consecutive memory blocks that move around in available memory. That's an area of the program I figured was perfect and didn't plan to even look at again seeing as Windows shouldn't even be able to figure out how much memory it's using letalone limit it. I'm thinking it's missing a commit for some reason. Could just be one of the other devs pranking me desu.
Gonna ask them about that before I waste any more time on this.
>>53532486
load it up in a debugger and step through it senpai
>>53533329
>other devs pranking me
If it turns out to be that what does /g/ think an appropriate response would be?
Me? I'd be breaking legs.
>>53533360
If it is it'd be pretty easy for me to have him fired and thrown in prison, but that's a bit extreme for a prank imo. If someone's actually deliberately sabotaged it then that's exactly whats going to happen.
>>53533233
>giving me a link to COM objects on MSDN
Uh, thanks, but it's not my first day on the job.
>>53533329
I don't know how your getting it to write to non-consecutive memory, so I can't help you there. AFIK, OSs like to allocate memory for the stack at runtime before anything actually gets pushed to it, so even if windows can't keep track of where you writing, it might be confused and die (or keep track of how many times you've written?). Anyways yeah, it's starting to get in deep levels of fucky for me now, and I'm just spit balling.
>>53532593
I sadly only know the IBM Z/OS assembly which is different instruction set and shit, will be learning x86 over the summer though
>>53532486
Stop using assembly and use a real language
>>53533360
>>53533542
>>53533595
I was right, the commit code's been messed with. 00414BCB should push eax, but it's pushing edx twice. And someone left a note for me too...
>3A,18_3,0950
That's not code. If 0950's a time, 18_3 would be a date, and 3A is a meeting room iirc...
Kinda scared right now..
Well anyway, the original problem's solved. Thanks for the assist.
>>53533710
Damn that's some cryptic shit, good luck man, it might be a good thing.
>>53533710
>If 0950's a time, 18_3 would be a date, and 3A is a meeting room iirc...
how ominous
maybe you should take a rest Friday
>>53533710
>If 0950's a time, 18_3 would be a date, and 3A is a meeting room iirc
Crap dude, do you work for the nsa or sumfin? Thats freakin obscure!
>>53533710
You should update after that meeting man, let us know if you're not dead.
>>53533741
>>53533742
>>53533780
>>53533795
Don't want to leave you guys hanging even though I should probably shut the fuck up right about now, but seeing as you did help me I'll throw you a bone. This is a virus we've been contracted to write for a government client. I don't have access to the payload side of it so I have no idea what it does, but we're expected to have it ready by July. I'm responsible for keeping it hidden from commercial antivirus software.
I have no idea what this is about but I know it's not going to be good. I'm gonna inform my bosses and see what they want me to do. Fuck going to prison.
Thanks again for the help.
>>53533826
>Thanks again for the help.
No problem, most interesting thread on here in a looooooong while.
>>53533826
Holy shit man, guess I'm gonna read up on my assembly.
>>53533826
How do I get your job? I do assembly all day but it's boring embedded dev
>>53532875
Perhaps someone stole your code then altered your spaghetti a little and reuploaded it. Freezing your development effort at the previous version. Secured readable code -> obfuscator -> release smdh sempai
>>53533826
I was gonna say something about jumping the stack around in the memory being dangerous and typical virus stuff, and obscuring how your code works seemed shady but you had a good reason for it. Damn that was a wild ride. Good luck man.
You know, I consider myself somewhat of an assembly geek sometimes, but to be quite honest, you should not be using assembly as an obfuscation technique, OP. It just means that you're going to have a damned hard time debugging the code yourself. If the problem is that hackers are outright stealing your source code, the consider writing code that doesn't suck.
Security through obscurity is not security. Period.
In any case, the code you're showing us looks worse than a disassembled C program. I do not envy you for the job you've signed up for.
>>53534041
eh why does assembly exist if its not even useful
>>53534060
>>>53534041
>
>>53534060
>>>53534041
>assembly is not even useful
Oh wow
>>53533169
yeah sure
>>53534060
>why does assembly exist
Because your computer doesn't know C. You do need to understand assembly if you want to design a compiler. You also need to understand a certain amount of it if you want to write a kernel or bootloader, depending on the architecture. For x86, this is especially true, because it's a goddamn mess at boot time... albeit a well-documented mess.
You also kind of need to know assembly if you're a security researcher. For shellcode and reverse engineering and such...
>it's not even useful
Aside from the cases I just mentioned, it's also useful to know if you want to write optimized software. Some programs may be written partially in assembly in performance-critical areas. An example of this is the GNU Multiprecision library, which is used for arbitrary precision arithmetic. Since many CPUs have specialized instructions for this type of task, libgmp is partially written in assembly... for a lot of different ISAs. It has a generic C equivalent for those sections if there isn't an assembly version available for one's processor.
It's also useful for writing incredibly tiny programs. Which doesn't really see much use, except in the demoscene. And demoscenes.... are pretty goddamn cool
https://www.youtube.com/watch?v=rAUM89Xu7jo
>>53534200
>incredibly tiny programs
Yeah, elite in 32k on the bbc model b, its still un-freaking-believable
>>53533710
maybe you have a multiple personality disorder op
I'm sure plenty of /g/ know assembly, but programming and debugging it without high level code? That takes a much higher level of autism.
>>53534389
>that book
My sides are officially gone
Asm thread?
Someone crack launchbox 5.8 pls
$50 plus forced christian bible verses are a bit too much
>>53534200
>ask question in the most retarded way possible
>get good response
Works every time. Thanks, actually been curious to learn some Assembly just for shits and giggles (I've only seen high level programming). Seems lite it'd be quite the project though
>>53533710
>>53533826
Spoopy. Generate a key pair and post one here, tomorrow after the meeting start a thread with pic:
>>53532593
and a short message encoded with the other key so we know you haven't been v&. Don't tell us anything more about what you are doing unless you think it will help. Good luck OP.
>>53532486
Only x8086
>>53534789
>>53533710
Are you all retarded?
>>53533108
Expand the stack? I'm sorry what.
kek this thread shows /g/ doesn't actually know assembly
>>53536481
^ this is the dumbest thread I think I've ever seen
Upvoted
>>53533197
What the actual fuck. The stack _size_?
>>53532773
You're a moron who knows nothing, gtfo child. Leave the exploitation to people who know what they're talking about
>>53532826
yeah give me an ELF binary that's ~1kb and that can download and execute on a file totally in memory and with some tweaks can work on any architecture still being under 700 bytes and we'll talk.
Sorry for the repost, used the wrong word platforms.
>>53535023
>>53532593
I'll post the key tomomorrow afternoon.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
hQEMA6wDpuLyfKw3AQgAgAtg973NgCkZI9EhmnfsonEur+IIEdzCaakCqaCR8aQz
HTptYA/eXEXMg54MUWsFc8zZo3hhyMeUvyFN9H1U0FDufL66plAv3jQQFtZuXgII
doPq1G6A+TL5iP3vqrSKH6ImwBJRgI+QzL21Gun+5sN9guizyXj+f0Tn5uSzXguv
gZmI0YukSFQzIPDohAuG4SDKaY5rTB9+mrS0NpOSwRsY0xNhA2qSDmO16FzUjGeE
AjjMzknUMUMNc7ejUDUM39Bu6gZr7SGR6daJ9Ft0AHLJsiPnCB/saFqX0V5nCMwp
cWXAjJIsYddwc7bE1hbqTVITI9KQgJzhxPuHFWTCG9JIAU4c2r3o2+aA4WRI3Or4
evrwAIqqiBy+aoQ8X4s/3eDQZnajqjdBR7YNxsZz7OV2+8E9iXZLismG3OGVMqXG
ZjwGkFG9Ab1U
=WbXq
-----END PGP MESSAGE-----
>>53532773
>I'm scared I've written myself into a completely unmanageable corner.
assembly is a completely unmanageable to begin with
>>53536658
or you could not, you're either trolling or retarded or both. Govt/govt contractors don't fucking use vb6 to write assembly, or debug it. It's a security risk and they wouldn't allow it or any of their outside contractors to use it on their work machine, I have to have a separate windows 10 encrypted computer with a whole bunch of approved software at home and for work
>>53536687
Good for you buddy
>>53532486
>2016
>fucking with assembly
Get used to poor and worthless. These will be staples of your life.
>>53532486
>coming to /g/ for help
op fuck off to stackoverflow
>>53532741
That's so asinine it hurt me
>>53533710
Why the bad vibe? You may have just discovered a cicada styled hint, and its discovery may have just established you as the most talented hack on the team. Might be a bonus on the way man.
>>53536819
Yotsuba already found the cicadas. She had some help though.
>>53532486
>no comments in assembly
>frustrated
I wonder why?
>>53536877
what the fuck is a semicolon
>>53536837
elaborate
>>53536915
Apparent OP doesn't know
>>53532486
>>53533108
If you do consider a stack overflow, why not insert a debug code in the line before the bug happens and try to deliberately overflow the stack?
you could test for different value/register combinations... should cancel out at least some options
>>53537198
Read the thread, the program was sabotaged. I've fixed it hours ago.
>>53537239
>prematurely posting
dealwithit.jpg
>>53537239
k go back to lying about writing malware faggot
>everyone mad OP is a literal spook virus writer and they aren't
pretty funny desu ne
>>53537836
Upvoted bro!
run it in a debugger and set a fucking breakpoint dumbass. why the fuck are you using vb6? windows assembly should be done in fasm
>>53532486
Make sure your pushes balance out with pops, or you save/adjust the esp.
>>53538172
Likely because the class is taught with masm. Mine was too, but you can compile mask code in vb15 no problem.
>PROPRIETARY SPAGHETTI
no thanks, the memes are too strong
