___asm alternative for 64 bit on windows

Question

4.70/5 (3 votes)

See more:

Hi,

We have our application which is written in C++. At some places we check if any debugger is attached to the application by following code

C++

char IsDbgPresent = 0;
__asm {
mov eax, fs:[30h]
mov al, [eax + 2h]
mov IsDbgPresent, al
}

if(IsDbgPresent)
{
 MessageBox(NULL, TEXT("Debugger Found!"), TEXT("Debugger Found!"), 0);
return true;
ExitProcess(1);
}

When i tried to use the same code for 64 bit version, I found that __asm is no longer supported for 64 bit . I am aware that i can use IsDebuggerPresent instead of above code.

Can anybody let me know if we can translate above code to C/C++.

Thanks in advance.

Posted 21-Feb-13 0:14am

PrafullaVedante

Add a Solution

3 solutions

Solution 1

The 32-bit registers are extended with 'r' registers, so 64-bit extensions of EAX, EBX, ECX, ESP are named RAX, RBX, RCX, RSP, etc. Please see:
http://en.wikipedia.org/wiki/X86-64[^],
http://forum.codecall.net/topic/52853-x86-64-register-chart/[^].

—SA

Posted 21-Feb-13 5:34am

Sergey Alexandrovich Kryukov

Updated 21-Feb-13 5:35am

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Matthew Faithfull · Accepted Answer · 2013-02-21T12:17:00

You're correct. Inline assembler is not supported by Microsoft's 64bit compilers and there is no direct equivalent in C or C++ for the inline assembler you show. Partly because there is no way to address the FS register even indirectly from C/C++ code. You can use MASM with a separate assembler source file and link the result.
There is one way to solve this which I am currently working on and that is to use a Just In Time (JIT) assembler to generate callable assembly language code at runtime. Such a JIT is available for free at the AsmJit[^] project and soon within the QOR[^] but it is a large ammount of code to inlclude within your project for the sake of 1 function.

parths · Accepted Answer · 2013-02-21T21:10:00

Solution 3

Did you try Intrinsics[^]?

Something like this could work:

C++

unsigned long tmp = __readfsdword(0x30);
IsDbgPresent = *((char *)(tmp + 0x2));

I'm not sure if the offsets would change for 64 bit code, I tried to search but couldn't find any info on that.

Posted 21-Feb-13 21:10pm

parths

Comments

Matthew Faithfull 22-Feb-13 4:32am

Good call, Id'd forgetten all about __readfsdword