flat assembler
Message board for the users of flat assembler.

Index > Windows > WindowProcedure: why push and pop registers?

Author
Thread Post new topic Reply to topic
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
why does WindProc push and pop ebx esi edi?

Code:
proc WindowProc hwnd, msg, wparam, lparam
 push    ebx esi edi
        ; ...
        pop     edi esi ebx
 ret
endp
    


well, indeed I saw another functions doing the same. Why?

_________________
Sorry if bad english.
Post 27 Dec 2009, 16:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17247
Location: In your JS exploiting you and your system
revolution
For all Windows stdcall functions ebp, ebx, esi and edi are preserved. And 'WindowProc' must comply with that standard or you will be sorry.

BTW: ebp is preserved by the 'proc' macro so you don't need to do it manually.

You can also do this:
Code:
proc WindowProc uses ebx esi edi, hwnd, msg, wparam, lparam
        ; ...
        ret
endp    
Post 27 Dec 2009, 16:43
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
What reason they are preserved?
Post 27 Dec 2009, 16:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17247
Location: In your JS exploiting you and your system
revolution
Because the caller uses those registers to hold some state information. If you overwrite the information then you will be sorry. Windows has this code
Code:
...
  mov esi,someVeryImportantValue
  mov edi,anotherVeryImportantValue
  mov ebx,VVVVImportantValue
...
  call [WindowProc] ;Windows calls your proc
  cmp esi,someVeryImportantValue
  jnz CrashProgramAndDie
  cmp edi,anotherVeryImportantValue
  jnz CrashProgramAndDie
  cmp ebx,VVVVImportantValue
  jnz CrashProgramAndDie
...    
Post 27 Dec 2009, 16:57
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Hmmm... I see. *thumbs up*
Post 27 Dec 2009, 17:03
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
It's called an ABI standard.
Just Google it, Wiki it, MSDN it...
Post 27 Dec 2009, 20:14
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.