flat assembler
Message board for the users of flat assembler.

Index > Main > CALL Instruction

Author
Thread Post new topic Reply to topic
pal



Joined: 26 Aug 2008
Posts: 227
pal
So I was wondering about the near call instruction. I know how it works, but I was just seeing if I could do a work around without actually having to use call, but I ran into a problem. Is there any way to directly access the eip register. I know that $ contains eip (does it not), but an instruction like push eip wont work.

The code I was thinking about was basically this:

Code:
               push    szTitle
             push    szMessage
           ;call   MsgBox
              push    eip
         mov             eip,MsgBox
          add             esp,8
               push    0
           call    [ExitProcess]
               ret
         
    MsgBox:
         push    ebp
         mov             ebp,esp
             mov             eax,[ebp+0x08]
              mov             ebx,[ebp+0x0C]
              push    0
           push    ebx
         push    eax
         push    0
           call    [MessageBox]
                mov             esp,ebp
             pop             ebp
         pop             eip
    


Kinda pointless I know, but I'd like to know how everything works in depth, rather than just being told what everything does.

Oh and also, kind of a vague question, but the data segments, I know they can be used to pass parameters in an argument list to a procedure, but what else are they used for? How come like fs:[0x18] points to the PEB?

Cheers, pal.
Post 08 Jun 2009, 19:18
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
include 'win32ax.inc'

; To be used in 32-bit code only

; WARNING: push and pop may not work well when used with multiple params
macro push arg
{
common
local ..label

    if arg eq eip
      call ..label
    ..label:
    else
      push arg
    end if
}

macro pop arg
{
common
    if arg eq eip
      retn
    else
      push arg
    end if
}

macro mov dest, src
{
common
  if dest eq eip
    jmp src
  else
    mov dest, src
  end if
}



start:
      push    msg
      push    @f
      mov     eip, showMessage
@@:
      invoke  ExitProcess, 0

msg db "Hello world", 0



proc showMessage, msg

      invoke  MessageBox, 0, "Testing program", [msg], MB_ICONINFORMATION

      leave
      pop     eip
endp

.end start    


There was another thread already talking about this (in which I provided similar code), if someone finds it please post the link.
Post 08 Jun 2009, 19:41
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
LocoDelAssembly wrote:
There was another thread already talking about this (in which I provided similar code), if someone finds it please post the link.


Ahh sorry I forgot to look.

Thanks for the code though. So I assume there is no way to directly access the eip register?
Post 08 Jun 2009, 19:53
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Nop, except for 64-bit code, in that case:
Code:
use64

lea rax, [rip]

; fasm accepts the following but I'm unsure if are valid (not recommended to use as them assume addresses below 4 GB)
lea rax, [eip]
lea eax, [rip]
lea eax, [eip]    
Post 08 Jun 2009, 20:33
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
Ahh thank you very much man.

I aint worked with macros much, but is there a link or something as to where I can find out what sort of code they get compiled into (there is a file in TOOLS\WIN32\PREPSRC.ASM ?), if that isn't too much to ask.
Post 08 Jun 2009, 21:42
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
start:
      push    msg
      push    @f
      mov     eip, showMessage     
Code:
start:
push msg
call @f
@@:
jmp showMessage    
Post 08 Jun 2009, 21:45
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
Ahh nice one. I'll have a play around with the macros later on tongith. Thanks again.
Post 09 Jun 2009, 06:41
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
LocoDelAssembly wrote:
Code:
use64

lea rax, [rip]

; fasm accepts the following but I'm unsure if are valid (not recommended to use as them assume addresses below 4 GB)
lea rax, [eip]
lea eax, [rip]
lea eax, [eip]    

Yes, not recommended, but valid (= encodeable). See also this bugreport: http://board.flatassembler.net/topic.php?t=5942
Post 09 Jun 2009, 07:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.