flat assembler
Message board for the users of flat assembler.

Index > Main > mov BX to EAX ~ the newbiest question

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
What crashes?

Crash Test Dummies do it all the time.
Post 02 Jan 2010, 16:06
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
lol.. the mov ebp,esp thing, crashes... (check last post, i edited)
Post 02 Jan 2010, 16:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Does other code around it need ebp to be preserved? Because now you are corrupting the value in ebp and not restoring it.

If that does not help then you have to show more code. We can't know how or where you use that code.
Post 02 Jan 2010, 16:11
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
That code opens a Menu in a ToolBar DropDown button. It calc the position of the pressed button and display the menu at that position.
Here the entire code:
Code:
  .wm_notify:
                mov     eax, [lparam]   ; [lparam] = pointer to NMHDR struct
                call    ToolBar_OpenMenu
                jmp    .finish0    

Code:
ToolBar_OpenMenu:
                mov     ebx, [hToolBar]
                cmp     [eax+NMHDR.hwndFrom],ebx  ; is ToolBar?
                jne    @f
                cmp     [eax+NMTOOLBAR.hdr.code],TBN_DROPDOWN  ; was DropDown button pressed?
                jne    @f

                sub      esp, sizeof.RECT
                mov     ebp, esp
                invoke   SendMessage,[hToolBar],TB_GETRECT,[eax+NMTOOLBAR.iItem], esp ; get pressed button rect
                invoke   MapWindowPoints,[hToolBar],HWND_DESKTOP,ebp,2  ; convert to global pos

                invoke   LoadMenu,[hInstance],LAB_MENU
                mov      ebx, eax  ; EBX = hMenu
                invoke   GetSubMenu,eax,0
                ;inc      [rect.bottom] ; small offset
                invoke   TrackPopupMenuEx,eax,TPM_LEFTALIGN+TPM_LEFTBUTTON+TPM_VERTICAL,\
                         [ebp+RECT.left],[ebp+RECT.bottom],[hMainWnd],NULL
                invoke   DestroyMenu,ebx
                mov esp,ebp
                add      esp, sizeof.RECT
            @@: ret
    

I'm doing the esp/ebp thing just to learn how they work. (but the ebp thing is crashing the app)
Post 02 Jan 2010, 16:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
But you are not restoring the values of ebp or ebx. In Windows you need to keep those registers (and esi, edi) preserved.
Post 02 Jan 2010, 16:27
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
ohhh... now it works.. but the code get bigger. Confused

it's better using esp directly Cool
Post 02 Jan 2010, 16:40
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
The only thing i found about 'addr' says it's a macro. What does that macro do behind the scenes?
Post 02 Jan 2010, 17:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Teehee wrote:
What does that macro do behind the scenes?
Code:
..., addr v ...
;
...
lea edx,[v]
push edx
...    
Post 02 Jan 2010, 18:30
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Teehee wrote:
ohhh... now it works.. but the code get bigger. Confused

it's better using esp directly Cool
Not always.

'mov eax,[esp]' uses one more byte than 'mov eax,[ebp]'. If you have many access to esp based values then your code grows by one byte each time. It is a trade-off with the overhead to save and restore another register (usually ebp) and the cost of extra bytes with direct esp memory access.
Post 02 Jan 2010, 18:34
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
So many details... Confused
Thanks rev.
Post 02 Jan 2010, 19:14
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
But remember that without using ebp for stack-referencing (if you use esp directly), you can use ebp for anything else -- an extra register for you.

This is what I suggest you do: use a debugger like OllyDbg to step through your code, look at the lower-right panel which is the stack. See how esp changes after each push.

push [esp+4] means the value that is found at the ADDRESS of esp+4 -- if esp was 8, then it takes the VALUE at the ADDRESS 8+4=12, not the value 12 itself. If the value "100" is found at address 12, THAT is what it pushes.

After this push, esp will be decremented by 4 (when you push on the stack, it decrements) since you pushed 4 bytes. So if esp was 8, now it will be 4. If you want to push the value at address 12 again, you'll have to add +8 this time!

I recommend you use push instructions for parameters before using 'invoke' (which is a macro that does that) because it'll make it clearer to understand why esp is affected.
Post 02 Jan 2010, 19:47
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
Here is some practice code for ESP or EBP acessing...
http://board.flatassembler.net/topic.php?p=92372#92372
Not useful for anything but to visualize the regs working...
Post 02 Jan 2010, 19:58
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Borsuc wrote:
But remember that without using ebp for stack-referencing (if you use esp directly), you can use ebp for anything else -- an extra register for you.
I thought ebp points to the base of stack and therefore could not be used, or i'll lose the stack base. Smile So there is no importance to ebp?

bitshifter, thanks, very good topic.

I have some difficult to know the direction of stack. So i'm going to do a example.
let's see the stack moviment using this example:

Code:
sub    esp, 2*4 
mov    dword [esp+0*4], X 
mov    dword [esp+1*4], Y
invoke InitCommonControlsEx,esp 
add    esp, 2*4    


Code:
|       |
|       |
|       | 
|       | <- ebp, esp
+-------+

sub    esp, 2*4:

|       |
|       | <- esp-8
|       | 
|       | <- ebp
+-------+

mov    dword [esp+0*4], X:

|       |
|   X   | <- esp+0
|       | 
|       | <- ebp
+-------+

mov    dword [esp+1*4], Y:

|       |
|   X   | <- esp+0
|   Y   | <- esp+4
|       | <- ebp
+-------+

;invoke InitCommonControlsEx,esp

add    esp, 2*4:

|       |
|   X   |
|   Y   |
|       | <- ebp, esp+8
+-------+
    


Is everything alright? the X and Y keep on the stack in the end?

---
edit:
The only thing i don't understand is why i need sub instead add the esp.

In my head it is:
Code:
|       |
|       |
|       |
|       | <- ebp, esp
+-------+

add esp, 8

|       |
|       | <- esp+8
|       |
|       | <- ebp
+-------+
; etc    
Post 03 Jan 2010, 09:44
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
Teehee wrote:
The only thing i don't understand is why i need sub instead add the esp.
push instruction decrements esp by two or four bytes (it depends on the size of the operand):
Code:
 push    eax     ; esp := esp - 4
        push    bx      ; esp := esp - 2    
so to reserve some space on stack, you should use sub instruction:
Code:
      sub     esp, 512; reserve 512 bytes on the stack    
pop instruction increments esp by two or four bytes (if the size of the operand is word or double word):
Code:
       pop     edx     ; esp := esp + 4
        pop     cx      ; esp := esp + 2    
so to "release" previously reserved block of bytes on the stack, you need to increment stack pointer:
Code:
      add     esp, 24    
Post 03 Jan 2010, 16:51
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
yeah.. i know, but i can't figure out why it works like that. Do you understand?

Stack base (ebp) is the biggest/lastest position of the stack (like 0xFFFF)? if yes, so I understood.
Post 03 Jan 2010, 16:57
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
Teehee wrote:
Do you understand?
ebp is used as an auxiliary register useful when you want to group some block of assembler instructions in procedures. This register makes easier access to the parameters of the procedure (positive relative shift accordingly to the value stored in ebp) and local variables (negative relative shift).

Do you understand?
Post 03 Jan 2010, 17:09
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
MHajduk Smile
ok i understand ebp is just an auxiliary. What I'm trying to say - and that's why i asked if you understood my question - is why "sub esp", it's because esp points to last position of the stack? So I can figure why we need to sub it:
Code:
|        | 0xFFFD        |        | 0xFFFD
|        | 0xFFFE        |        | 0xFFFE <- esp-1
|        | 0xFFFF <- esp |        | 0xFFFF 
+--------+               +--------+        ; Ok!

; ---------------------------------------------------------

|        |-0x0002        |        | -0x0002
|        |-0x0001        |        | -0x0001 <- esp-1 ; lol?
|        | 0x0000 <- esp |        |  0x0000 
+--------+               +--------+        ; noooooo!    


I can't imagine this:
Code:
|        | 0x0002        |        | 0x0002
|        | 0x0001        |        | 0x0001 <- esp-1
|        | 0x0000 <- esp |        | 0x0000
+--------+               +--------+    

using sub... that's what i don't understand Sad
Post 03 Jan 2010, 17:23
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
Teehee wrote:
(...) why "sub esp", it's because esp points to last position of the stack?
IMO esp has to point to the some address which is placed inside the block reserved for stack by process. In other case sometimes not very big increment or decrement of the stack pointer would lead to such improper situations (described by you above).
Post 03 Jan 2010, 17:38
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Yes Teehee, esp points at the end address of the stack at first and decrements until out of stack space (which is not the address 0, but defined by PE format stack size for instance -- either way you don't need to know it!!!).

So when you need more stack memory you simply decrease the stack pointer, because that's how the stack operates, from highest address to lowest address.

As for ebp, ebp has no special meaning whatsoever! The reason it is "base address" is simply because people do this:
Code:
mov ebp, esp  ; <-- this is why it becomes the base, but you can use anything
sub esp, 512  ; 512 bytes stack space    
technically there's nothing special about ebp in the above... Wink

In 16-bit bp had some special addressing purposes but in 32-bit it is NOT a special register!
Post 04 Jan 2010, 00:17
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Thanks again, Borsuc. Now everything make sense *_*

1. I need to be careful to not alloc an espace bigger than stack size, right?
2. Whats default stack size?
3. To change stack size I just use
Code:
stack <value>    
right?

4. Can I alloc a big stack size and use it like a heap?
Post 04 Jan 2010, 09:10
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.