MASM is saying "missing operator in expression" but I see no problem with the assembly.
I'm trying to manually call windows syscalls in x86 asm, I've grabbed the syscall offset from fs for NtFlushInstructionCache from https://j00ru.vexillium.org/syscalls/nt/64/
C declaration:
extern "C" NTSTATUS NewNtFlushInstructionCache(HANDLE ProcessHandle, PVOID BaseAddress, ULONG NumberOfBytesToFlush);
Here's my asm:
.model flat
.486
.code
NewNtFlushInstructionCache PROC
mov eax, 39h
xor ecx, ecx
lea edx, [esp + 4]
call large DWORD PTR fs:[0C0h]
add esp, 4
ret 14h
NewNtFlushInstructionCache ENDP
END
The error is "missing operator in expression" on this line: call large DWORD PTR fs:[0C0h]
Any help? Can fs not be accessed directly from assembly?
The LARGE modifier for the memory operand is an artifact of the IDA/IDA Pro disassembler and not understood by MASM. In MASM it is simply done without specifying LARGE:
call DWORD PTR fs:[0C0h]
LARGE is a memory model, and not a modifier for memory operands.
By default FS and GS are set to ASSUME FS:error so when those segment registers are used they will produce an Error A2183. ASSUME FS:nothing overrides the behaviour and allows you to use FS freely. Place ASSUME FS:nothing at some point before using FS like this:
ASSUME FS:nothing
call DWORD PTR fs:[0C0h]