I've been working on outputting a bitmap image to the screen, the bitmap is 50 pixels by 50 pixels, but when i try to draw the bits to a DDB using setdibits it fails and then i get a black box on the screen because the CreateCompatibleBitmap makes a 50 by 50 pixel black bitmap. Does anybody know why SetDIBits is failing or how to fix it.
Main body of my code
includelib user32.lib
include externals.asm
include wincons.asm
.data
include variables.asm
include pic.asm
.code
start proc
mov holder, rsp
and rsp, -16
sub rsp, 32
call __imp_GetDesktopWindow
mov rcx, rax
getdcfail:
call __imp_GetDC
cmp rax, 0
je getdcfail
mov screendc, rax
mov rcx, rax
call __imp_CreateCompatibleDC
mov picdc, rax
mov rcx, rax
mov rdx, 50
mov r8, 50
call __imp_CreateCompatibleBitmap
mov rcx, picdc
mov rdx, rax
mov r13, rax
mov r8, 0
mov r9, 50
lea r12, [pic1colorbytes]
push r12
lea r12, [bitmapinfo]
push r12
push DIB_RGB_COLORS
call __imp_SetDIBits
add rsp, 24
mov rcx, picdc
mov rdx, r13
call __imp_SelectObject
mov rbx, 10000000
drawscreen:
mov rcx, screendc
mov rdx, 0
mov r8, 0
mov r9, 50
push 50
push picdc
push 0
push 0
push 0CC0020h; srccopy is hex cc0020
call __imp_bitblt
add rsp, 40
dec rbx
cmp rbx, 0
jne drawscreen
releasedcfail:
mov rdx, screendc
xor rcx, rcx
call __imp_ReleaseDC
cmp rax, 0
je releasedcfail
;mov rcx, picdc
;call __imp_DeleteDC
xor rcx, rcx
call __imp_ExitProcess
mov rsp, holder
ret
start endp
end
externals.asm
extern __imp_GetDC:qword
extern __imp_ReleaseDC:qword
extern __imp_GetDesktopWindow:qword
extern __imp_ExitProcess:QWORD
extern __imp_SetDIBits:qword
extern __imp_BitBlt:qword
extern __imp_CreateDIBitmap:qword
extern __imp_DeleteObject:qword
extern __imp_DeleteDC:qword
extern __imp_CreateCompatibleBitmap:qword
extern __imp_SelectObject:qword
extern __imp_CreateCompatibleDC:qword
extern __imp_GetDesktopWindow:qword
wincons.asm
DIB_RGB_COLORS equ <0>
variables.asm
align qword
holder qword ?
screendc qword ?
picdc qword ?
pic.asm was a 50 by 50 dib created with photoshop, then all the hex values extracted and allocated as bytes. this is the beginning part of pic.asm, whole thing is 10061 lines long
align dword
pic1:
byte 042H
byte 04DH
byte 048H
byte 027H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 036H
byte 000H
byte 000H
byte 000H
bitmapinfo:
byte 028H
byte 000H
byte 000H
byte 000H
byte 032H
byte 000H
byte 000H
byte 000H
byte 032H
byte 000H
byte 000H
byte 000H
byte 001H
byte 000H
byte 020H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 012H
byte 027H
byte 000H
byte 000H
byte 023H
byte 02EH
byte 000H
byte 000H
byte 023H
byte 02EH
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
pic1colorbytes:
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
SetDIBits was failing simply because i didn't understand calling conversion fully. I thought when it said "all other parameters are passed to the stack" i thought of the opcode push, but what it meant was setting the parameters by mov with an offset. so when i changed the calling conversion it outputted the bitmap, but in monochrome. I then learned that it was because i was using picdc with createCompatibleBitmap and i instead needed to use screenDC so when i fixed that it outputted properly.
Here is the fixed code, only the main body was changed everything else stayed the same.
includelib user32.lib
include externals.asm
include wincons.asm
.data
include variables.asm
include pic.asm
.code
start proc frame
DB 48h
push rbx
.pushreg rbx
push r13
.pushreg r13
push rbp
.pushreg rbp
sub rsp, 80
.allocstack 80
lea rbp, [rsp + 80]
.setframe rbp, 80
.endprolog
call __imp_GetDesktopWindow
mov rcx, rax
getdcfail:
call __imp_GetDC
cmp rax, 0
je getdcfail
mov screendc, rax
mov rcx, rax
call __imp_CreateCompatibleDC
mov picdc, rax
mov rcx, screendc
mov rdx, 50
mov r8, 50
call __imp_CreateCompatibleBitmap
mov rcx, screendc
mov rdx, rax
mov r13, rax
mov r8, 0
mov r9, 50
lea rax, [bitmapinfo + 28h]
mov qword ptr [rsp + 20h], rax
lea rax, [bitmapinfo]
mov qword ptr [rsp + 28h], rax
mov eax, 0
mov dword ptr [rsp + 30h], eax
call __imp_SetDIBits
mov rcx, picdc
mov rdx, r13
call __imp_SelectObject
mov rbx, 10000000
drawscreen:
mov rcx, screendc
mov rdx, 0
mov r8, 0
mov r9, 50
mov qword ptr [rsp + 20h], 50
mov rax, picdc
mov qword ptr [rsp + 28h], rax
mov qword ptr [rsp + 30h], 0
mov qword ptr [rsp + 38h], 0
mov qword ptr [rsp + 40h], 0CC0020h; srccopy is hex cc0020
call __imp_bitblt
dec rbx
cmp rbx, 0
jne drawscreen
releasedcfail:
mov rdx, screendc
xor rcx, rcx
call __imp_ReleaseDC
cmp rax, 0
je releasedcfail
;mov rcx, picdc
;call __imp_DeleteDC
xor rcx, rcx
call __imp_ExitProcess
mov rsp, rbp
pop rbp
pop r13
pop rbx
ret
start endp
end
EDIT: I fixed a few more errors in my code pointed out by Raymond Chen
Related
I'm trying to add arrA and arrB and store the values into arrC and print out.. once I run the code it takes me to infinite loop. How can I break the loop? Any suggestions greatly appreciated.
ExitProcess PROTO
WriteHex64 PROTO
.data
arrA BYTE 10h, 30h
arrB BYTE 0E0h, 40h
arrC BYTE 0, 0
string BYTE ", ", 00h
.code
main PROC
nop
mov rdi, OFFSET arrA
mov rsi, OFFSET arrB
mov rbx, OFFSET arrC
mov rdx, OFFSET string
mov rcx, LENGTHOF arrA
mov rax, 0
L1:
mov rax, [rdi]
mov rax, [rsi]
add rdi, TYPE arrA
add rsi, TYPE arrB
mov [rbx], rax
add rbx, TYPE arrC
call WriteHex64
call WriteString
loop L1
nop
mov ecx, 0
call ExitProcess
main ENDP
END
This question already has answers here:
How do AX, AH, AL map onto EAX?
(6 answers)
Closed 2 years ago.
First, it is my first assembly. And I use it with "NASM" and "64bit ASM" and "Intel" code and Mac OS.
When I try to write strdup function, it didn't work with al.
In using my strdup function, the string was broken.
So, my code is here.
global _strdup
extern _malloc
section .text
_strdup:
xor rcx, rcx
jmp strlen
strlen:
cmp [rdi + rcx], byte 0
je malloc
inc rcx
jmp strlen
malloc:
inc rcx
push rdi
mov rdi, rcx
call _malloc
pop rdi
cmp rax, 0
je error
xor rcx, rcx
jmp copy
copy:
mov al, byte [rdi + rcx]
mov byte [rax + rcx], al
cmp al, byte 0
je return
jmp increment
increment:
inc rcx
jmp copy
error:
mov rax, 0
ret
return:
ret
But, when I write same code with dl not al, it works!
global _strdup
extern _malloc
section .text
_strdup:
xor rcx, rcx
jmp strlen
strlen:
cmp [rdi + rcx], byte 0
je malloc
inc rcx
jmp strlen
malloc:
inc rcx
push rdi
mov rdi, rcx
call _malloc
pop rdi
cmp rax, 0
je error
xor rcx, rcx
jmp copy
copy:
mov dl, byte [rdi + rcx]
mov byte [rax + rcx], dl
cmp dl, byte 0
je return
jmp increment
increment:
inc rcx
jmp copy
error:
mov rax, 0
ret
return:
ret
I don't know why dl works and the difference between al and dl.
Anyone know about it? Thanks.
al is the smallest part of rax while dl is the smallest part of rdx. Changing al will change the value of rax as well.
Why your code is not working with al?
copy:
mov al, byte [rdi + rcx] ; you move "byte [rdi + rcx]" in "al"
; thus changing the value of "rax" as well.
; the result of the following statement becomes unexpected
mov byte [rax + rcx], al
But when you do it with dl, rax is not affected and hence your program works as expected.
Try the following code and run it through debugger to see the effect of changing the value of al on `rax:
section .text
global main
main:
nop
mov rax, 1000
mov al, byte 10
nop
Result:
After mov rax, 1000, value of rax: 1000
00000000 00000000 00000000 00000000 00000000 00000000 00000011 11101000
After mov al, 10, value of rax: 778
00000000 00000000 00000000 00000000 00000000 00000000 00000011 00001010
^^^^^^^^
So, changing al will affect rax.
I have a program so far all it does is tries to create a D2D1Factory but i get the error message E_NOINTERFACE and I thought I had the right IID_ID2D1Factory and I've checked multiple times in multiple places. Can somebody tell me why its failing and/or how to fix it.
My code
include externals.asm
include wincons.asm
include vtable.asm
.data
include variables.asm
;include pic.asm
include riid.asm
.code
start proc frame
DB 48h
push rbx
.pushreg rbx
push r13
.pushreg r13
push rbp
.pushreg rbp
sub rsp, 80
.allocstack 80
lea rbp, [rsp + 80]
.setframe rbp, 80
.endprolog
mov rcx, D2D1_FACTORY_TYPE_SINGLE_THREADED
lea rdx, IID_ID2D1Factory
mov r8, D2D1_DEBUG_LEVEL_NONE
lea r9, ID2D1Factory
call __imp_D2D1CreateFactory
drawscreen:
jnc drawscreen
xor rcx, rcx
call __imp_ExitProcess
mov rsp, rbp
pop rbp
pop r13
pop rbx
ret
start endp
end
Externals.asm
extern __imp_GetDC:qword
extern __imp_ReleaseDC:qword
extern __imp_GetDesktopWindow:qword
extern __imp_ExitProcess:QWORD
extern __imp_SetDIBits:qword
extern __imp_BitBlt:qword
extern __imp_CreateDIBitmap:qword
extern __imp_DeleteObject:qword
extern __imp_DeleteDC:qword
extern __imp_CreateCompatibleBitmap:qword
extern __imp_SelectObject:qword
extern __imp_CreateCompatibleDC:qword
extern __imp_GetDesktopWindow:qword
extern __imp_GetLastError:qword
extern __imp_GetAsyncKeyState:word
extern __imp_D2D1CreateFactory:qword
Variables.asm
align qword
screendc qword ?
picdc qword ?
ID2D1Factory qword ?
Wincons.asm
DIB_RGB_COLORS equ <0>
SRCCOPY equ <0CC0020h>
D2D1_DEBUG_LEVEL_NONE equ <0>
D2D1_FACTORY_TYPE_SINGLE_THREADED equ <0>
And finally riid.asm
IID_IUnknown Dword 000000000h
word 00000h
word 00000h
word 0C000h
byte 000h
byte 000h
byte 000h
byte 000h
byte 000h
byte 046h
IID_ID2D1RenderTarget Dword 02cd90694h
word 012e2h
word 011dch
byte 09fh
byte 0edh
byte 000h
byte 011h
byte 043h
byte 0a0h
byte 055h
byte 0f9h
IID_ID2D1Factory Dword 006152247h
word 06f50h
word 0465ah
word 09245h
byte 011h
byte 08bh
byte 0fdh
byte 03bh
byte 060h
byte 007h
You didn't define the UUID for IID_ID2D1Factory correctly. The problem is that the Microsoft binary encoding of UUIDs requires that the last two components of the UUID {06152247-6f50-465a-9245-118bfd3b6007} be in big-endian format, unlike the first three components which are in little-endian order. So it should be:
IID_ID2D1Factory Dword 006152247h
word 06f50h
word 0465ah
byte 092h
byte 045h
byte 011h
byte 08bh
byte 0fdh
byte 03bh
byte 060h
byte 007h
Instead of defining this UUIDs yourself, it would be easier and less error prone to use the definitions in uuid.lib included in the Windows SDK.
Im trying to create a program to output a picture to the screen, but when i do visual studio masm throws the exception Exception thrown at 0x00007FFEA0F15ADE (gdi32.dll) in assemblydraw.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF. and i dont know why this is happening or how to fix it.
Main code block
includelib user32.lib
include externals.asm
.data
include variables.asm
include pic.asm
.code
start proc
mov holder, rsp
and rsp, -16
sub rsp, 32
xor rcx, rcx
getdcfail:
call __imp_GetDC
cmp rax, 0
je getdcfail
mov screendc, rax
mov rbx, 2000000000
mov rcx, screendc
lea rdx, bitmapinfo
mov r8, 4; cbm_init
lea r9, pic1colorbytes
push rdx
push 0
call __imp_createdibitmap
mov picdc, rax
drawscreen:
mov rcx, screendc
mov rdx, 0
mov r8, 0
mov r9, 50
push 50
push picdc
push 0
push 0
push 0cc0020h; srccopy is hex cc0020
call __imp_bitblt
dec rbx
nop
nop
nop
nop
nop
nop
nop
nop
nop
cmp rbx, 0
jne drawscreen
releasedcfail:
mov rdx, screendc
xor rcx, rcx
call __imp_ReleaseDC
cmp rax, 0
je releasedcfail
mov rcx, picdc
call __imp_DeleteObject
xor rcx, rcx
call __imp_ExitProcess
mov rsp, holder
ret
start endp
end
Externals.asm
extrn __imp_GetDC:qword
extrn __imp_ReleaseDC:qword
extrn __imp_GetDesktopWindow:qword
extern __imp_ExitProcess:QWORD
extern __imp_SetDIBitsToDevice:qword
extern __imp_BitBlt:qword
extern __imp_CreateDIBitmap:qword
extern __imp_DeleteObject:qword
First part of pic.asm, a dib created by photoshop, and translated to hex codes to be put in my program
align qword
pic1:
byte 042H
byte 04DH
byte 048H
byte 027H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 036H
byte 000H
byte 000H
byte 000H
bitmapinfo:
byte 028H
byte 000H
byte 000H
byte 000H
byte 032H
byte 000H
byte 000H
byte 000H
byte 032H
byte 000H
byte 000H
byte 000H
byte 001H
byte 000H
byte 020H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 012H
byte 027H
byte 000H
byte 000H
byte 023H
byte 02EH
byte 000H
byte 000H
byte 023H
byte 02EH
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
byte 000H
pic1colorbytes:
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
byte 000H
byte 0FFH
byte 0FFH
byte 0FFH
I am trying to optimize several assembly procedures for size, I am not concerned about the speed.
The optimizations I am familiar with are situations as follows:
;the following two lines
mov rbp, rsp
add rbp, 50h
;can be changed to
lea rbp, [rsp+50h]
What other optimizations I can use to reduce the number of bytes in the following procedure?
I am not asking anyone to fully optimize this procedure, just point out where I can improve.
;get procedure address
asmGetProc proc
push rcx ;pointer to function name
push rdx ;DllBase address (IMAGE_DOS_HEADER pointer)
push r8 ;pointer to IMAGE_EXPORT_DIRECTORY
push r9 ;IMAGE_EXPORT_DIRECTORY->NumberOfNames
;IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals[r9]
push rbx ;saved pointer to function name
push r10 ;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfNames
;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals
;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfFunctions
mov rbx, rcx ;save the function name pointer to rax
mov r8d, [rdx+3ch] ;IMAGE_DOS_HEADER->e_lfanew (DWORD) (Offset to IMAGE_NT_HEADERS64)
add r8, rdx ;add DllBase to the e_lfanew offset
add r8, 88h ;18h - IMAGE_NT_HEADERS64->OptionalHeader (IMAGE_OPTIONAL_HEADER64) 18h bytes
;70h - skip entire IMAGE_OPTIONAL_HEADER64 structure
;r8 points to the IMAGE_DATA_DIRECTORY structure
mov r8d, [r8] ;IMAGE_DATA_DIRECTORY->VirtualAddress (DWORD)
add r8, rdx ;add DllBase to VirtualAddress (IMAGE_EXPORT_DIRECTORY)
mov r9d, [r8+18h] ;IMAGE_EXPORT_DIRECTORY->NumberOfNames
mov r10d, [r8+20h] ;IMAGE_EXPORT_DIRECTORY->AddressOfNames (DWORD)
add r10, rdx ;add DllBase to AddressOfNames (DWORD)
for_each_function:
;decrement function name counter
dec r9
;load current index of AddressOfNames into r11
lea rcx, [r10 + 4 * r9] ;AddressOfNames[i] - function string RVA (relative virtual address)
mov ecx, [rcx] ;r11d is the AddressOfName[r9] RVA (DWORD)
add rcx, rdx ;add DllBase to string RVA DWORD
call asmHsh ;hash the function name
cmp rax, rbx ;compare the function name hash with the passed hash
jnz for_each_function ;jump to top of loop is not a match
;r8 - export directory
;r9 - function name counter
;r10 - AddressOfNameOrdinals / AddressOfFunctions array
;rax - final point to function
mov r10d, [r8+24h] ;IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals (DWORD)
add r10, rdx ;add DllBase to AddressOfNameOrdinals DWORD
mov r9w, [r10+2*r9] ;AddressOfNameOrdinals[2*r9] - (2*r9 = 2 bytes * function name counter)
mov r10d, [r8+1ch] ;IMAGE_EXPORT_DIRECTORY->AddressOfFunctions (DWORD)
add r10, rdx ;add DllBase to AddressOfFunctions DWORD
mov eax, [r10+r9*4] ;AddressOfFunctions[4*r9] - (4*r9 = 4 bytes * function ordinal)
add rax, rdx ;add DllBase to function ordinal RVA DWORD
pop r10
pop rbx
pop r9
pop r8
pop rdx
pop rcx
ret ;return from procedure
asmGetProc endp
EDIT: Added asmHsh (my bad)
;hash function (djb2)
asmHsh proc
;rcx - null terminated function name
push rcx
push rdx
mov rax, 5381d
hl:
mov rdx, rax
shl rax, 5
add rax, rdx
xor al, [rcx]
inc rcx
;check for null termination
mov dl, [rcx]
cmp dl, 00h
jne short hl
pop rdx
pop rcx
ret
asmHsh endp
Optimizing assembly for space in 64-bit mode one should: (1) use DWORD width when that suffices (less prefixes); (2) stick to the old X86 registers eax-edx / esi / edi / ebp (tighter encoding).
Hopefully what's done below illustrates the idea. ML64 assembled the original routines to 135 bytes and the modified version to 103 bytes.
Examples of changes: (1) used rbp / rsi / rdi instead of r8 / r9 / r10; (2) shrunk instruction sequences that could be accomplished via multi-component address modes; (3) used DWORD dec where the data is known to be 32-bits; (4) used IMUL in place of shift/add.
" ;- " is in front of removed lines " ;## delta " is appended to added lines, where delta is the byte difference the new code produced. No attempt was made to adjust the comments.
;hash function (djb2)
asmHsh proc
;rcx - null terminated function name
push rcx
;-push rdx ;## -1
mov rax, 5381d
hl:
;- mov rdx, rax
;- shl rax, 5
;- add rax, rdx
imul rax,rax,33 ;## -6
xor al, [rcx]
inc rcx
;check for null termination
;-mov dl, [rcx]
;-cmp dl, 00h
cmp byte ptr [rcx], 00h ;## -2
jne short hl
;-pop rdx ;## -1
pop rcx
ret
asmHsh endp
;get procedure address
asmGetProc proc
push rcx ;pointer to function name
push rdx ;DllBase address (IMAGE_DOS_HEADER pointer)
;-push r8 ;pointer to IMAGE_EXPORT_DIRECTORY
push rbp ;## -1
;-push r9 ;IMAGE_EXPORT_DIRECTORY->NumberOfNames
push rsi ;## -1
;IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals[r9]
push rbx ;saved pointer to function name
;-push r10 ;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfNames
push rdi ;## -1
;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals
;pointer to IMAGE_EXPORT_DIRECTORY->AddressOfFunctions
mov rbx, rcx ;save the function name pointer to rax
;-mov r8d, [rdx+3ch] ;IMAGE_DOS_HEADER->e_lfanew (DWORD) (Offset to IMAGE_NT_HEADERS64)
mov ebp, [rdx+3ch] ;## -1
;-add r8, rdx ;add DllBase to the e_lfanew offset
;-add r8, 88h ;18h - IMAGE_NT_HEADERS64->OptionalHeader (IMAGE_OPTIONAL_HEADER64) 18h bytes
;- ;70h - skip entire IMAGE_OPTIONAL_HEADER64 structure
;- ;r8 points to the IMAGE_DATA_DIRECTORY structure
;-mov r8d, [r8] ;IMAGE_DATA_DIRECTORY->VirtualAddress (DWORD)
mov ebp, [rbp+rdx+88h] ;## -5
;-add r8, rdx ;add DllBase to VirtualAddress (IMAGE_EXPORT_DIRECTORY)
add rbp, rdx ;## 0
;-mov r9d, [r8+18h] ;IMAGE_EXPORT_DIRECTORY->NumberOfNames
mov esi, [rbp+18h] ;## -1
;-mov r10d, [r8+20h] ;IMAGE_EXPORT_DIRECTORY->AddressOfNames (DWORD)
mov edi, [rbp+20h] ;## -1
;-add r10, rdx ;add DllBase to AddressOfNames (DWORD)
add rdi, rdx ;## 0
for_each_function:
;decrement function name counter
;- dec r9
dec esi ;## -1
;load current index of AddressOfNames into r11
;- lea rcx, [r10 + 4 * r9] ;AddressOfNames[i] - function string RVA (relative virtual address)
;- mov ecx, [rcx] ;r11d is the AddressOfName[r9] RVA (DWORD)
mov ecx, [rdi + 4 * rsi] ;## -3
add rcx, rdx ;add DllBase to string RVA DWORD
call asmHsh ;hash the function name
cmp rax, rbx ;compare the function name hash with the passed hash
jnz for_each_function ;jump to top of loop is not a match
;r8 - export directory
;r9 - function name counter
;r10 - AddressOfNameOrdinals / AddressOfFunctions array
;rax - final point to function
;-mov r10d, [r8+24h] ;IMAGE_EXPORT_DIRECTORY->AddressOfNameOrdinals (DWORD)
mov edi, [rbp+24h];## -1
;-add r10, rdx ;add DllBase to AddressOfNameOrdinals DWORD
add rdi, rdx; ## 0
;-mov r9w, [r10+2*r9] ;AddressOfNameOrdinals[2*r9] - (2*r9 = 2 bytes * function name counter)
mov si, [rdi+2*rsi] ;## -1
;-mov r10d, [r8+1ch] ;IMAGE_EXPORT_DIRECTORY->AddressOfFunctions (DWORD)
mov edi, [rbp+1ch] ;## -1
;-add r10, rdx ;add DllBase to AddressOfFunctions DWORD
add rdi, rdx ;## 0
;-mov eax, [r10+r9*4] ;AddressOfFunctions[4*r9] - (4*r9 = 4 bytes * function ordinal)
mov eax, [rdi+rsi*4] ; ## -1
add rax, rdx ;add DllBase to function ordinal RVA DWORD
;-pop r10
pop rdi ; ## -1
pop rbx
;-pop r9
pop rsi
;-pop r8
pop rbp ;## -1
pop rdx
pop rcx
ret ;return from procedure
asmGetProc endp