flat assembler
Message board for the users of flat assembler.

Index > Main > mov BX to EAX ~ the newbiest question

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Question:
Why do I need to load effective address (lea)?
I mean, if 'esp' is the address, and '[esp]' is the value of address, so why do lea?

Code:
lea      eax, [esp]
invoke   GetMenuString,[hMenu],[esi+DRAWITEMSTRUCT.itemID],eax,20,XX ; ok!
; Why not just:
invoke   GetMenuString,[hMenu],[esi+DRAWITEMSTRUCT.itemID],esp,20,XX ; error! u do not lea!
    
Post 05 Jan 2010, 00:27
View user's profile Send private message Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Code:
LEA eax, [esp]
INVOKE TEST, arg1, eax, arg3

;IS NOT THE SAME AS
INVOKE TEST, arg1, esp, arg3
    


Problem: ESP is the STACK POINTER, using INVOKE pushes arguments to the STACK, this changes the STACK POINTER.

Code:
STACK
...
12345 -> ESP
...

invoke   GetMenuString,[hMenu],[esi+DRAWITEMSTRUCT.itemID],esp,20,XX

STACK
...
12345
XX
20
20 -> what you thought was still 12345
[esi+DRAWITEMSTRUCT.itemID]
[hMenu]
[Return Address (address after CALL [GetMenuString])] -> ESP
    
Post 05 Jan 2010, 00:55
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Sorry, r22, i did a wrong example. I did mean:

Code:
lea eax,[esp]
invoke something,eax
; is != of
invoke something,esp
; ? if yes, why?
    


But thinking better, i think i'm just having a 'brain fart' again...
Post 05 Jan 2010, 13:19
View user's profile Send private message Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Teehee, perhaps you'd benefit from a debugger like OllyDbg. You'd be able to step through your assembler code 1 instruction at a time and see how the values on the stack and registers change.
Post 05 Jan 2010, 16:22
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Teehee wrote:
Sorry, r22, i did a wrong example. I did mean:

Code:
lea eax,[esp]
invoke something,eax
; is != of
invoke something,esp
; ? if yes, why?
    


But thinking better, i think i'm just having a 'brain fart' again...
Actually that's ok, since esp is at the end and gets pushed first.

You should really drop the use of invoke macro and use manual pushing instructions until you get how it works. Wink

Here's step-by-step what the above does:

Code:
invoke something, eax

; let's say esp=8 here...

push eax
; esp=4 here
call something    
Code:
; esp=8 here...
push esp  ; < pushes 8
; esp=4 now
call something    
HOWEVER:
Code:
invoke something, eax, arg

; esp=8...
mov eax, esp  ; lea is the same here; eax=8

push arg  ; some argument
; esp=4... Wink
push eax ; pushes 8
...    
Code:
invoke something, esp, arg

; esp=8...
push arg
; esp=4... Wink
push esp ; pushes 4 Exclamation
...    
in other words, the address is changed from the desired '8' to '4' because you pushed another parameter before, and this MODIFIED esp.

_________________
Previously known as The_Grey_Beast
Post 05 Jan 2010, 17:04
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Thanks guys.
Ok i'm going to see our ollydbg friend. Smile
Post 05 Jan 2010, 17:48
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
What's the difference betwen
Code:
call    [LoadMenu]    
and
Code:
call    LoadMenu    
?
Post 05 Jan 2010, 18:57
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Also, how can i get the pushed value param?

Code:
push 15
call MyFunc ; Call my function
; -----
MyFunc:
    ; how do i get 15?
ret    
Post 05 Jan 2010, 21:56
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
call PUSHES the return address on the stack. to access '15' you have to add +4 to esp and get the value over there.

Code:
mov something, [esp+4]    


Teehee wrote:
What's the difference betwen
Code:
call    [LoadMenu]    
and
Code:
call    LoadMenu    
?
Well obviously the former, because of the brackets, calls the function whose address is found at the value of "LoadMenu".

This is used in loaded functions (like the Win32 API) because when it gets loaded, the addresses of the functions are put into those locations. You don't have to know the addresses of the functions in this case, just where you put them. (the addresses)

i.e call dword [8] will call the function whose address is found at address 8.

_________________
Previously known as The_Grey_Beast
Post 05 Jan 2010, 23:23
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Borsuc wrote:
call PUSHES the return address on the stack. to access '15' you have to add +4 to esp and get the value over there.

Code:
mov something, [esp+4]    

Borsuc, but don't i need pop that value (15)? or it will keep on stack and mess everything.

Check:
Code:
push 15
push 30
call Something
; ---
Something:
        mov eax, [esp+4]
    mov ebx, [esp+8]
ret    

Stack:
Code:
push 15

|    |
|    |
|_15_| <- esp

push 30

|    |
| 30 | <- esp
|_15_|

call      Something

| XX | <- esp
| 30 |
|_15_|

mov        eax, [esp+4]
mov     ebx, [esp+8]

| XX | <- esp
| 30 | [esp+4] -> eax
|_15_| [esp+8] -> ebx

ret

|    |
| 30 | <- esp
|_15_|
    

i need pop 30 and 15, but where? inside 'Something' function i suppose. But how?

_________________
Sorry if bad english.
Post 06 Jan 2010, 00:16
View user's profile Send private message Reply with quote
tthsqe



Joined: 20 May 2009
Posts: 724
tthsqe
That's why ret can take a immediate operand as well.
Code:
     ret x
does:
     ret
 and then:
     lea esp,[esp+x]    

Most functions that know how many arguments they have pssed to them do clean the stack, but sometimes you have to do this instead in the function that called the other function (is sprintf an example??). In your case, the function "something" could use ret 8 instead of just ret, or just do lea esp,[esp+8] in the code wherever "something" returns
Post 06 Jan 2010, 01:07
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
oh.. nice! thanks!
Post 06 Jan 2010, 15:18
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
I'm replying to just one of the first questions in the thread:

TeeHee wrote:
2. is shl eax, 1 = value/2 ? (I did see that in some place...)


And although MHajduk said:

MHajduk wrote:

Code:
shl eax, 1 ; eax := 2*eax
shr eax, 1 ; eax := eax / 2
    



For dividing by two you should use sar as if the number is signed and is negative, using shr will produce a postitive number (as the sign bit (most significant bit) is not preserved).

Code:
sar eax,1    


I don't think anyone pointed that out anyway.

Also, just as an FYI. shl and sal are synonymous with each other.
Post 07 Jan 2010, 07:29
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
In other words, sar compared to shr puts '1' bits from the left IF the left-most bit was 1 to begin with:

Code:
00011010   sar  2  -->  00000110
00011010   shr  2  -->  00000110

same thing, since the left-most bit is 0

10011010   sar  2  -->  11100110
10011010   shr  2  -->  00100110

"from the left" we get 1s in sar case, not 0s    


Last edited by Borsuc on 10 Jan 2010, 19:57; edited 1 time in total
Post 07 Jan 2010, 17:17
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Whats the default stack size?
Thanks in advance.
Post 10 Jan 2010, 19:39
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
4096 Smile

_________________
Previously known as The_Grey_Beast
Post 10 Jan 2010, 19:56
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
cool. There is a limit to set? or can I set, for instance, 5Mb of stack?
And... there is some precautions I must to know about a big stack size?
Thanks in advance.
Post 11 Jan 2010, 12:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
Teehee wrote:
cool. There is a limit to set? or can I set, for instance, 5Mb of stack?
And... there is some precautions I must to know about a big stack size?
It depends upon your OS. State your OS so someone can answer your Q.
Post 11 Jan 2010, 13:09
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 568
Location: Brazil
Teehee
Mine is WinXP. But would be good to know about others.
Post 11 Jan 2010, 15:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
IIRC WinXP generally gives you ~1MB stack per thread by default. Although it can be changed with .exe settings and through CreateThread. However due to paging limitations you have to "touch" the stack in steps not larger than 4kB decrements else you will be sorry (you will get access violations).
Post 11 Jan 2010, 15:39
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.