flat assembler
Message board for the users of flat assembler.

Index > Windows > About Stack Frames & instructions ENTER/LEAVE

Author
Thread Post new topic Reply to topic
Picnic



Joined: 05 May 2007
Posts: 1404
Location: Piraeus, Greece
Picnic 07 Jul 2009, 20:57
Hi all,
I'm trying to better realize usage of instructions enter and leave in fasm.
Is my sample correct, and do i have to align the stack ?

Code:
        format PE CONSOLE 4.0

        include 'win32ax.inc'
.data
        msg db '%d bytes reserved.',0
.code
main:
        mov eax, 128
        push eax
        push msg
        call DisplayMsg

        invoke ExitProcess, 0

DisplayMsg:
        enter 128,0
        lea eax, dword [ebp-128]
        cinvoke wsprintf, eax, dword [ebp+8], dword [ebp+12]
        lea eax, dword [ebp-128]
        invoke MessageBox, HWND_DESKTOP, eax, '', MB_OK
        leave
        ret 8
.end main
    
Post 07 Jul 2009, 20:57
View user's profile Send private message Visit poster's website Reply with quote
asmcoder



Joined: 02 Jun 2008
Posts: 784
asmcoder 08 Jul 2009, 08:00
[content deleted]


Last edited by asmcoder on 14 Aug 2009, 14:49; edited 1 time in total
Post 08 Jul 2009, 08:00
View user's profile Send private message Reply with quote
Pirata Derek



Joined: 31 Oct 2008
Posts: 259
Location: Italy
Pirata Derek 08 Jul 2009, 11:27
This is an example of using ENTER instruction:
Please, check how many simple is...
Code:
 Format PE GUI 5.0
 entry start

 section '.code' code readable executable

 start: pushd 3
        pushd 2
        pushd 1
        call PROCEDURE ; the same of STDCALL ....,1,2,3
        ret

 ; nesting level = 0
 PROCEDURE: enter 3*4,0 ; 3 parameters of 4 bytes (dword)
            mov eax,[ebp+8+4*0] ; first parameter
            mov ebx,[ebp+8+4*1] ; second parameter
            mov ecx,[ebp+8+4*2] ; third parameter
            nop
            leave
            ret 3*4 ; relase 12 bytes of stack    

use: ENTER (number of bytes to reserve),(nesting level) Wink
Post 08 Jul 2009, 11:27
View user's profile Send private message Send e-mail Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 08 Jul 2009, 16:17
thimis, it is correct. ENTER and LEAVE can be simulated like this:
Code:
; enter X, 0
push ebp
mov  ebp, esp
sub  esp, X

; leave
mov  esp, ebp
pop  ebp    
Post 08 Jul 2009, 16:17
View user's profile Send private message Reply with quote
asmcoder



Joined: 02 Jun 2008
Posts: 784
asmcoder 08 Jul 2009, 16:42
[content deleted]


Last edited by asmcoder on 14 Aug 2009, 14:49; edited 1 time in total
Post 08 Jul 2009, 16:42
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4075
Location: vpcmpistri
bitRAKE 08 Jul 2009, 16:47
LocoDelAssembly's simulation only works for ENTER #,0 (most common case). The second parameter for ENTER copies data from address pointed to by EBP onto the stack - up to 31 dwords can be copied.

Having a common tail on procedures eases code reuse. Usually smaller code is generated because accessing local/parameter data from ESP requires one byte more than EBP. Can be faster because EBP remains constant throughout procedure - ESP has dependencies with PUSH/POP/CALL. Useful for recursion or stack based procedures where local stack use is dynamic - LEAVE restores parent frame.

Here is a symbolic framework to ease use of ENTER/LEAVE.
Let FASM calculate all the constants and ease changes, imho.
Code:
MyWndProc:
      enter .frame,0
      virtual at ebp-.frame
               .hBrush rd 1
                .pt     PT
          .rect   RECT
                .atom   rw 1

            .frame = NOT 3 AND ($-$$+3)
                 rb $$+.frame-$ ; dword stack alignment

          .EBP    rd 1    ; value on entry

                .RET    rd 1    ; to caller
; parameters from caller:
                .hWnd   rd 1
                .uMsg   rd 1
                .wParam rd 1
                .lParam rd 1

            .params = $-.hWnd
   end virtual

     cmp [.uMsg],WM_CREATE

   .
   .
   .

       leave
       retn .params    
...the VIRTUAL block also acts like a procedure stack map - might help with debugging.
Post 08 Jul 2009, 16:47
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 08 Jul 2009, 17:44
asmcoder, your idea requires too many precious registers for something that can be done safely by just using EBP (PROC macro does this). And to avoid issues by miscalculating offsets you can simply use bitRAKE's proposal (though, your idea still made possible to fuck offsets).
Post 08 Jul 2009, 17:44
View user's profile Send private message Reply with quote
eskizo



Joined: 22 Nov 2005
Posts: 59
eskizo 09 Jul 2009, 13:15
LocoDelAssembly,

Code:
push ebp
mov  ebp, esp
sub  esp, 12 

; dword a, b, c;

mov dword [ebp-4], eax
mov dword [epb-8], ebx
mov dword [ebp-12], ecx

; a = eax; b = ebx; c = ecx;

...

mov  esp, ebp
pop  ebp    


Is this correct? Do I have to use retn x in this code? thanks
Post 09 Jul 2009, 13:15
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal 09 Jul 2009, 13:36
That code will work yes as you restore esp. You can add an add esp,12 in there if you want to. The ret is fine, but make sure you add it in there to return from any procedure.
Post 09 Jul 2009, 13:36
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 09 Jul 2009, 13:48
eskizo, yes. Don't forget to RETN 4*args_passed (it is not part of LEAVE but necessary to return control to the caller).
Post 09 Jul 2009, 13:48
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania
Borsuc 09 Jul 2009, 15:03
it has a typo, epb instead of ebp somewhere Razz

_________________
Previously known as The_Grey_Beast
Post 09 Jul 2009, 15:03
View user's profile Send private message Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1404
Location: Piraeus, Greece
Picnic 09 Jul 2009, 18:01
Quite hepful posts. Thank you all guys.
Post 09 Jul 2009, 18:01
View user's profile Send private message Visit poster's website Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal 09 Jul 2009, 20:19
No args are passed so it would be retn 4*0 or just retn. The values he allocates are on the stack locally.
Post 09 Jul 2009, 20:19
View user's profile Send private message Reply with quote
eskizo



Joined: 22 Nov 2005
Posts: 59
eskizo 10 Jul 2009, 13:26
Well, this is a very helpful post for begginers, then:

Code:
nop
call Something
nop
..

Something:

    push ebp
    mov  ebp, esp
    sub  esp, 8           ; dword a, b;

    xor eax, ebx
    mov [ebp-4], eax
    ...

    add eax, 0x1234
    mov [ebp-8], eax
    ...

    mov  esp, ebp
    pop  ebp
    ret
    


I think this is OK too. But could someone give me an "Arguments passing" example (easy to understand) ? thankyou guys!
Post 10 Jul 2009, 13:26
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20453
Location: In your JS exploiting you and your system
revolution 10 Jul 2009, 13:32
eskizo wrote:
But could someone give me an "Arguments passing" example (easy to understand) ? thankyou guys!
See the third post in this thread by Pirata Derek.
Post 10 Jul 2009, 13:32
View user's profile Send private message Visit poster's website Reply with quote
Pirata Derek



Joined: 31 Oct 2008
Posts: 259
Location: Italy
Pirata Derek 11 Jul 2009, 11:20
The package below contains the macros for PROC32 that creates procedures using the ENTER instruction.

also contains the NEW version of FASM assembled that has the ENTER instruction! (Disassemble FASM.exe to check them)

Cool


Description: ENTER procedures macro with new Enter FASM
Download
Filename: ENTER procs.zip
Filesize: 64.76 KB
Downloaded: 339 Time(s)

Post 11 Jul 2009, 11:20
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.