flat assembler
Message board for the users of flat assembler.
Index
> Main > mov BX to EAX ~ the newbiest question Goto page Previous 1, 2, 3, 4, 5, 6 Next |
Author |
|
r22 05 Jan 2010, 00:55
Code: LEA eax, [esp] INVOKE TEST, arg1, eax, arg3 ;IS NOT THE SAME AS INVOKE TEST, arg1, esp, arg3 Problem: ESP is the STACK POINTER, using INVOKE pushes arguments to the STACK, this changes the STACK POINTER. Code: STACK ... 12345 -> ESP ... invoke GetMenuString,[hMenu],[esi+DRAWITEMSTRUCT.itemID],esp,20,XX STACK ... 12345 XX 20 20 -> what you thought was still 12345 [esi+DRAWITEMSTRUCT.itemID] [hMenu] [Return Address (address after CALL [GetMenuString])] -> ESP |
|||
05 Jan 2010, 00:55 |
|
Teehee 05 Jan 2010, 13:19
Sorry, r22, i did a wrong example. I did mean:
Code: lea eax,[esp] invoke something,eax ; is != of invoke something,esp ; ? if yes, why? But thinking better, i think i'm just having a 'brain fart' again... |
|||
05 Jan 2010, 13:19 |
|
r22 05 Jan 2010, 16:22
Teehee, perhaps you'd benefit from a debugger like OllyDbg. You'd be able to step through your assembler code 1 instruction at a time and see how the values on the stack and registers change.
|
|||
05 Jan 2010, 16:22 |
|
Borsuc 05 Jan 2010, 17:04
Teehee wrote: Sorry, r22, i did a wrong example. I did mean: You should really drop the use of invoke macro and use manual pushing instructions until you get how it works. Here's step-by-step what the above does: Code: invoke something, eax ; let's say esp=8 here... push eax ; esp=4 here call something Code: ; esp=8 here... push esp ; < pushes 8 ; esp=4 now call something Code: invoke something, eax, arg ; esp=8... mov eax, esp ; lea is the same here; eax=8 push arg ; some argument ; esp=4... push eax ; pushes 8 ... Code: invoke something, esp, arg ; esp=8... push arg ; esp=4... push esp ; pushes 4 ... _________________ Previously known as The_Grey_Beast |
|||
05 Jan 2010, 17:04 |
|
Teehee 05 Jan 2010, 17:48
Thanks guys.
Ok i'm going to see our ollydbg friend. |
|||
05 Jan 2010, 17:48 |
|
Teehee 05 Jan 2010, 18:57
What's the difference betwen
Code: call [LoadMenu] Code: call LoadMenu |
|||
05 Jan 2010, 18:57 |
|
Teehee 05 Jan 2010, 21:56
Also, how can i get the pushed value param?
Code: push 15 call MyFunc ; Call my function ; ----- MyFunc: ; how do i get 15? ret |
|||
05 Jan 2010, 21:56 |
|
Borsuc 05 Jan 2010, 23:23
call PUSHES the return address on the stack. to access '15' you have to add +4 to esp and get the value over there.
Code: mov something, [esp+4] Teehee wrote: What's the difference betwen This is used in loaded functions (like the Win32 API) because when it gets loaded, the addresses of the functions are put into those locations. You don't have to know the addresses of the functions in this case, just where you put them. (the addresses) i.e call dword [8] will call the function whose address is found at address 8. _________________ Previously known as The_Grey_Beast |
|||
05 Jan 2010, 23:23 |
|
Teehee 06 Jan 2010, 00:16
Borsuc wrote: call PUSHES the return address on the stack. to access '15' you have to add +4 to esp and get the value over there. Borsuc, but don't i need pop that value (15)? or it will keep on stack and mess everything. Check: Code: push 15 push 30 call Something ; --- Something: mov eax, [esp+4] mov ebx, [esp+8] ret Stack: Code: push 15 | | | | |_15_| <- esp push 30 | | | 30 | <- esp |_15_| call Something | XX | <- esp | 30 | |_15_| mov eax, [esp+4] mov ebx, [esp+8] | XX | <- esp | 30 | [esp+4] -> eax |_15_| [esp+8] -> ebx ret | | | 30 | <- esp |_15_| i need pop 30 and 15, but where? inside 'Something' function i suppose. But how? _________________ Sorry if bad english. |
|||
06 Jan 2010, 00:16 |
|
tthsqe 06 Jan 2010, 01:07
That's why ret can take a immediate operand as well.
Code: ret x does: ret and then: lea esp,[esp+x] Most functions that know how many arguments they have pssed to them do clean the stack, but sometimes you have to do this instead in the function that called the other function (is sprintf an example??). In your case, the function "something" could use ret 8 instead of just ret, or just do lea esp,[esp+8] in the code wherever "something" returns |
|||
06 Jan 2010, 01:07 |
|
Teehee 06 Jan 2010, 15:18
oh.. nice! thanks!
|
|||
06 Jan 2010, 15:18 |
|
pal 07 Jan 2010, 07:29
I'm replying to just one of the first questions in the thread:
TeeHee wrote: 2. is shl eax, 1 = value/2 ? (I did see that in some place...) And although MHajduk said: MHajduk wrote:
For dividing by two you should use sar as if the number is signed and is negative, using shr will produce a postitive number (as the sign bit (most significant bit) is not preserved). Code: sar eax,1 I don't think anyone pointed that out anyway. Also, just as an FYI. shl and sal are synonymous with each other. |
|||
07 Jan 2010, 07:29 |
|
Borsuc 07 Jan 2010, 17:17
In other words, sar compared to shr puts '1' bits from the left IF the left-most bit was 1 to begin with:
Code: 00011010 sar 2 --> 00000110 00011010 shr 2 --> 00000110 same thing, since the left-most bit is 0 10011010 sar 2 --> 11100110 10011010 shr 2 --> 00100110 "from the left" we get 1s in sar case, not 0s Last edited by Borsuc on 10 Jan 2010, 19:57; edited 1 time in total |
|||
07 Jan 2010, 17:17 |
|
Teehee 10 Jan 2010, 19:39
Whats the default stack size?
Thanks in advance. |
|||
10 Jan 2010, 19:39 |
|
Borsuc 10 Jan 2010, 19:56
4096
_________________ Previously known as The_Grey_Beast |
|||
10 Jan 2010, 19:56 |
|
Teehee 11 Jan 2010, 12:45
cool. There is a limit to set? or can I set, for instance, 5Mb of stack?
And... there is some precautions I must to know about a big stack size? Thanks in advance. |
|||
11 Jan 2010, 12:45 |
|
revolution 11 Jan 2010, 13:09
Teehee wrote: cool. There is a limit to set? or can I set, for instance, 5Mb of stack? |
|||
11 Jan 2010, 13:09 |
|
Teehee 11 Jan 2010, 15:33
Mine is WinXP. But would be good to know about others.
|
|||
11 Jan 2010, 15:33 |
|
revolution 11 Jan 2010, 15:39
IIRC WinXP generally gives you ~1MB stack per thread by default. Although it can be changed with .exe settings and through CreateThread. However due to paging limitations you have to "touch" the stack in steps not larger than 4kB decrements else you will be sorry (you will get access violations).
|
|||
11 Jan 2010, 15:39 |
|
Goto page Previous 1, 2, 3, 4, 5, 6 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.