Win32 calls. Register usage?

Index > Windows > Win32 calls. Register usage?

Goto page 1, 2, 3 ... 9, 10, 11 Next

Author

Thread

booter

Joined: 08 Dec 2006
Posts: 67

booter

Which registers are used by Win32 calls?
I mean, should it always be like that?

Code:

pushad
invoke someWin32
mov  dword [esp+28],eax ; return eax
popad

Thanks

15 May 2009, 02:41

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

The Win32 API uses Stdcall.

15 May 2009, 03:41

bitshifter

Joined: 04 Dec 2007
Posts: 786
Location: Massachusetts, USA

bitshifter

Also note that a few like wsprintf use cdecl calling convention.
You would want to use the cinvoke instruction on those types.

_________________
Coding a 3D game engine with fasm is like trying to eat an elephant,
you just have to keep focused and take it one 'byte' at a time.

16 May 2009, 11:42

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

bitshifter wrote:

Also note that a few like wsprintf use cdecl calling convention.

Actually, just that one function only.

16 May 2009, 12:37

pal

Joined: 26 Aug 2008
Posts: 227

pal

Why would you pushad then move a value into a register for it to be removed when you use popad.

Quote:

Pushes the contents of the general-purpose registers onto the stack. The registers are stored on the stack in the following order: EAX, ECX, EDX, EBX, EBP, ESP (original value), EBP, ESI, and EDI (if the current operand-size attribute is 32) and AX, CX, DX, BX, SP (original value), BP, SI, and DI (if the operand-size attribute is 16). (These instructions perform the reverse operation of the POPA/POPAD instructions.) The value pushed for the ESP or SP register is its value before prior to pushing the first register (see the "Operation" section below).

The PUSHA (push all) and PUSHAD (push all double) mnemonics reference the same opcode. The PUSHA instruction is intended for use when the operand-size attribute is 16 and the PUSHAD instruction for when the operand-size attribute is 32. Some assemblers may force the operand size to 16 when PUSHA is used and to 32 when PUSHAD is used. Others may treat these mnemonics as synonyms (PUSHA/PUSHAD) and use the current setting of the operand-size attribute to determine the size of values to be pushed from the stack, regardless of the mnemonic used.

In the real-address mode, if the ESP or SP register is 1, 3, or 5 when the PUSHA/PUSHAD instruction is executed, the processor shuts down due to a lack of stack space. No exception is generated to indicate this condition.

16 May 2009, 17:14

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

[esp+28] points the the location where eax will be poped from.

16 May 2009, 17:34

manfred

Joined: 28 Feb 2009
Posts: 43
Location: Racibórz, Poland

manfred

revolution wrote:

Actually, just that one function only.

Did you mean "Actually, just those two functions only"?

_________________
Sorry for my English...

16 May 2009, 18:29

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

If you like, wsprintfA and wsprintfW.

16 May 2009, 19:42

Borsuc

Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania

Borsuc

cdecl is stupid. Seriously why the hell should the caller clean the stack? Does it expect you to call the same function twice or something?

16 May 2009, 19:45

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

For variable argument counts. Else how?

16 May 2009, 19:46

LocoDelAssembly
Your code has a bug

Joined: 06 May 2005
Posts: 4624
Location: Argentina

LocoDelAssembly

Quote:

Does it expect you to call the same function twice or something?

That doesn't justify the convention as the parameters are considered garbage at return so you must load them again.

Code:

// Example of a function that would destroy the parameter (supposing no optimizations are performed)
int sum(int a, int b)
{
  a += b; // Allowed, parameters work like pre-initialized variables
  return a;
}

// Some caller
accum = 0;
for (i = 0; i < 10; i++)
  for (j = 0; j < 10; j++)
    accum += sum(j,i); // Here would be an error reusing the 2nd parameter

There must be some benefit over stdcall, but parameter reusing is not one of them.

16 May 2009, 23:10

Borsuc

Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania

Borsuc

revolution wrote:

For variable argument counts. Else how?

The function can do that as well.

What Loco said further outlines it. I seriously think it should be scrapped totally.

_________________
Previously known as The_Grey_Beast

16 May 2009, 23:15

Plue

Joined: 15 Dec 2005
Posts: 151

Plue

> There must be some benefit over stdcall
Yes, most c compilers use it by default. And vararg functions are somewhat faster (although all other functions are slower).

Really, there is no benefit. It was simply designed by sillies and now we're stuck with it.

17 May 2009, 14:12

f0dder

Joined: 19 Feb 2004
Posts: 3170
Location: Denmark

f0dder

Borsuc: how would you make a VARARG function do stack cleanup?

Plue wrote:

Really, there is no benefit. It was simply designed by sillies and now we're stuck with it.

"Stuck with it"? If you don't like cdecl, write your functions as stdcall or fastcall, problem solved. Decent compilers will optimize inter-module calls anyway, and if calling convention is a speed issue for your cross-module function calls, your code design is probably wrong.

By the way, you don't have to "add esp, xx" after every function call for cdecl...

17 May 2009, 14:28

manfred

Joined: 28 Feb 2009
Posts: 43
Location: Racibórz, Poland

manfred

Vararg function doing stack cleanup, simple solution:

Code:

func:
; foo bar
; ecx=sizeof(args)
pop edx
add esp, ecx
jmp edx

_________________
Sorry for my English...

17 May 2009, 15:25

f0dder

Joined: 19 Feb 2004
Posts: 3170
Location: Denmark

f0dder

manfred: which will defeat the CALL/RET pairing optimization that some CPUs have. Also, in the case that arguments aren't exactly matched, you will be returning to never-never land.

17 May 2009, 15:50

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 18646
Location: In your JS exploiting you and your system

revolution

Let's go and visit Peter Pan and friends:

Code:

...
mov ebp,esp
stdcall printf,"%d%d%d%d%d",eax ;oops only one parameter!
mov esp,ebp
ret

printf:
;foo bar
pop edx
add esp,4*5
jmp edx

Works well. And didn't get to see Peter Pan at all Sad

Yeah, I know, a corner case, but just sayin'.

17 May 2009, 15:59

manfred

Joined: 28 Feb 2009
Posts: 43
Location: Racibórz, Poland

manfred

f0dder wrote:

manfred: which will defeat the CALL/RET pairing optimization that some CPUs have.

I know. I said this is simple solution, there must be some better, but more complicated.

_________________
Sorry for my English...

17 May 2009, 18:12

Borsuc

Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania

Borsuc

f0dder wrote:

Borsuc: how would you make a VARARG function do
stack cleanup?

Well a solution has been presented. I'm not sure how the call/ret pairing works but does this make it work? (even though it's more bloated than the alternative with jmp)

Code:

push string  ; assume it is "%d%d"
push eax
push ecx
push 2*4
call printf
...


printf:
pop eax
pop ecx
add esp, ecx
push eax
ret

And if you care about speed, well. Don't use VARARG functions Wink

f0dder wrote:

"Stuck with it"? If you don't like cdecl, write your functions as stdcall or fastcall, problem solved.

Nope, what if you use an API that uses it?

f0dder wrote:

By the way, you don't have to "add esp, xx" after every function call for cdecl...

How?

_________________
Previously known as The_Grey_Beast

Last edited by Borsuc on 18 May 2009, 17:25; edited 1 time in total

17 May 2009, 21:15

f0dder

Joined: 19 Feb 2004
Posts: 3170
Location: Denmark

f0dder

Borsuc wrote:

Nope, what if you use an API that uses it?

Just how many (Windows) API calls use it? Sure, if you're dealing with third-party libraries without source available, you're stuck... but imho isn't not exactly a big deal anyway.

Borsuc wrote:

f0dder wrote:
By the way, you don't have to "add esp, xx" after every function call for cdecl...
How?

Simple, as long as you aren't dealing with loops, you can (at the cost of som additionally used stack space) defer the "ADD ESP, xx" part until after several calls have been made - several compilers can do this.

17 May 2009, 21:39

Goto page 1, 2, 3 ... 9, 10, 11 Next

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum