flat assembler
Message board for the users of flat assembler.

Index > Main > What does RET XX Mean?

Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Code:
;*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_
; Author: typedef aka CHX101                  *
;**********************************************
; Description: A simple program that executes
;              a function given it's pointer.
;              It uses the mandatory value of
;              the function's parameter count to
;              loop through them and push each
;              one of them on the stack and then
;              calls the function.
;*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_
;
; I was trying to make a simple pointer "checker"
; that validates data before being passed to a function.
;
; If one of the datas or data pointers is null (which is 0)
; then return and don't call the function.
;
; But I discovered that that would be hard to make.
; For example if the caller passes 0 as a parameter,
; I wouldn't know if it's there for a purpose or it
; was just an uninitialized data value.
;
; So I'll just leave it for now. I'll be thinking though Very Happy
;
;*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_
format pe gui 4.0 dll

include 'win32ax.inc'
include 'api/user32.inc'
include 'api/kernel32.inc'

entry DllMain

section '.txt' data executable readable

proc DllMain hInst:DWORD, dwReason:DWORD, reserved:DWORD

mov  eax,TRUE

     ret
endp
;*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
;UniExec : Main export function. For more info refer to uniexec.h
;
;*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
proc UniExec,function, argc, param1, param2; etc
     ;save registers
     push ebp edi esi ebx
     ;setup stack
     mov  ebp,esp
     mov  ebx,[ebp+24] ;save function pointer ebp+24
                  ;First parameter starts at ebp+24 or 18h
     mov  ecx,dword [ebp+28] ;save argument count   +28
_push:
     cmp ecx,0x0    ;Are all the needed arguments there or does function have no parameters ?
     je  _exec             ;if so call function
     push dword [ebp+28+ecx*4]  ; else keep pushing the parameters
     dec ecx              ; decrement parameter count for each parameter pushed
     jmp _push         ; go back up for more
_exec:
     call ebx            ;function was saved in ebx now call it
     pop  ebx esi edi ebp
     mov  ebp,esp    ; restore ebp
     leave                ; restore ebp again ? It crashes if left out
     retn 4                 ;transfer handle to parent caller
endp

;******
; VERSION INFO
; Version: 1.30.20
;******
proc  About
      push MB_OK + MB_ICONINFORMATION
      push const_char_title
      push const_char_msg
      push 0
      call [MessageBox]
      ret
endp

section '.' data readable 

const_char_msg         db 'Universal Executor v1.30.20',10,\
               'Copyright (c) typedef aka CHX101 2008 - 2010',10,\
              'Email: typedef_int@live.com / elite1976@live.com',0
const_char_title db 'About Universal Executor',0

section '.idata' import data readable writeable

library kernel32,'kernel32.dll',\
   user32,'user32.dll'


section '.edata' export data readable

export 'UniExec',\
       UniExec,'UniExec',\
       About  ,'About'

section '.reloc' fixups data discardable
    


Include file

Code:
#ifndef U_DLL_H_
#define U_DLL_H_

#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */

/*
Universal Function Executor

 @param function: Pointer to function cast to void*
 @param      argc: Number of arguments to be passed
 @param      ...: Any type of parameter to be passed,
                  NOTE: Must equal to argc.
*/

extern "C"
{       
int DLLIMPORT UniExec(LPVOID function,int argc=0,...);
int DLLIMPORT About(void);
}      



#endif /* U_DLL_H_ */
    



Now here's how I am using the function in C/C++

If I want to execute MessageBox(NULL,"Hello","World!",MB_OK);

I do
Code:
int number_of_MessageBox_args = 4;
UniExec( (LPVOID)&MessageBox,number_of_MessageBox_args,NULL,"Hello","World",MB_OK);
    

That runs well....
But when I run a function that returns a number I crash.
For example
Code:
int pow2( int x)
{
return x * x;
}
int argc = 1; number of arguments.

int twoSquared = UniExec( (LPVOID)&pow2,argc,2);
    

That crashes....

I found out that It's the ret 4

opcode. I do not know why It is like that so I came to ask.

What does RET XX Mean ? I just use it but do not know what XX does.

Any help ?

Thanks

PS: The question is not about C/C++ it's about the RET opcode. Why it makes the program crash when the called function returns a number.

And moreover MessageBox returns a number too but does not crash !

What's going on there.
If I use RET It becomes a bad DLL Image, If I use RET 4 It works but then some functions crash.
Why ?
Post 10 Apr 2011, 15:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
Perhaps a friendly reminder that the CPU manuals are freely available for download and explain precisely all about the RET instruction. Razz

RET value: pop the return address off the stack and add value to the stack pointer (E|R)SP.
Post 10 Apr 2011, 15:34
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
In that order?
Post 10 Apr 2011, 15:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
Tyler wrote:
In that order?
Yes. Perhaps a friendly reminder that the CPU manuals are freely available for download and explain precisely all about the RET instruction. Confused
Post 10 Apr 2011, 16:05
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
What the shit ? I have been looking for this thread LOL... You could have PM'ed that you'd moved it you know.
Post 10 Apr 2011, 16:16
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
revolution wrote:
Perhaps a friendly reminder that the CPU manuals are freely available for download and explain precisely all about the RET instruction. Razz

RET value: pop the return address off the stack and add value to the stack pointer (E|R)SP.


So,
Code:
proc a
call b
ret
endp

proc b
ret 4  =  ss:[a :[esp+4] ] ?
or
ret 4  =  ss:[b :[esp+4] ] ?
endp
    


And actually I used RETN 4 not RET 4
Post 10 Apr 2011, 16:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
typedef wrote:
What the shit ? I have been looking for this thread LOL... You could have PM'ed that you'd moved it you know.
Oops, didn't mean to make you wonder.

I thought everyone used this: http://board.flatassembler.net/search.php?search_id=recentposts
Post 10 Apr 2011, 16:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.