Tomasz Grysztar
I couldn't reproduce the bug in Windows today, but luckily it was still manifesting in Linux. The problem is how you handle the stack:
Code: |
mov [command_line],esp
pop eax
lea esp,[esp+eax*4]
pop eax
pop [environment]
call get_params
|
|
This is what happens at the beginning.
argc and
argv are beyond the stack limits, but are still on the stack and are gonna be used. Keeping data above (at addresses lower than) the current stack pointer is careless by itself, but then you do multiple calls and overwrite pointers to the command line arguments in your own code. In my examples
call convert_definition_option is the instruction that overwrites the pointer to the source file name with the return pointer.
P.S. I made a little trace with gdb, if you'd like to look in there. There's a state of registers in the order
eax,
ebx,
ecx,
edx,
esi,
edi,
ebp,
esp after each instruction executed.