flat assembler - Variables on the stack buffer

Index > Main > Variables on the stack buffer - the virtual directive

Author

Thread

pete

Joined: 20 Apr 2009
Posts: 110

pete 27 Jan 2010, 11:12

Hello!

I have a problem with the virtual directive used to access buffers on the stack, or more concrete: to push the address of "virtual-named" buffers on the stack, please see below:

Code:

function_start:
        sub     esp,0x28
    push    ebp esi edi ebx
     mov     ebp,esp
     virtual at ebp+0x10
         buffer1 dd ?
                buffer2 dd ?
                ...
 end virtual
 mov     [buffer1],0x0000'0033
      push    buffer1         ;I want to push the address of buffer1
                              ;on the stack... how?

Thanks in advance for any help!

27 Jan 2010, 11:12

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system

revolution 27 Jan 2010, 11:14

Code:

lea eax,[buffer1]
push eax

27 Jan 2010, 11:14

pete

Joined: 20 Apr 2009
Posts: 110

pete 27 Jan 2010, 11:51

Thanks revolution but why?
I thought "buffer1" is always replaced with "ebp+0x10", "buffer2" with "ebp+0x10+4" and so on. Why can't "buffer1" be pushed?

27 Jan 2010, 11:51

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system

revolution 27 Jan 2010, 11:57

You can't do this:

Code:

push ebp+0x10

27 Jan 2010, 11:57

pete

Joined: 20 Apr 2009
Posts: 110

pete 27 Jan 2010, 12:03

I can compile "push ebp+0x10" with fasm 1.68 but it produces "push 0x10" without any error or warning.

27 Jan 2010, 12:03

pete

Joined: 20 Apr 2009
Posts: 110

pete 27 Jan 2010, 12:08

Well, thanks for your help revolution!

27 Jan 2010, 12:08

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system

revolution 27 Jan 2010, 12:08

Actually it compiles to 'push ebp' and 'push 0x10'. Which is clearly not what you want from the above code.

27 Jan 2010, 12:08

pete

Joined: 20 Apr 2009
Posts: 110

pete 27 Jan 2010, 12:09

Ah, yep!

27 Jan 2010, 12:09

Borsuc

Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania

Borsuc 27 Jan 2010, 17:12

I always hated that 'feature' to push multiple symbols on one line, it causes confusion sometimes. Confused

27 Jan 2010, 17:12

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 27 Jan 2010, 22:28

(vid here) That's weird. If buffer1 was preprocessor symbol that equates to ebp+0x10 (three tokens), then okay. But why does this work that way with label, which should be a single token???

27 Jan 2010, 22:28

LocoDelAssembly
Your code has a bug

Joined: 06 May 2005
Posts: 4624
Location: Argentina

LocoDelAssembly 28 Jan 2010, 00:19

vid, the "push ebp+0x10" was tried literally, "push buffer1" in the first posted code completely fails compilation with "Error: invalid value".

28 Jan 2010, 00:19

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system

revolution 28 Jan 2010, 02:05

Think of it like "push (ebp+0x10)" And perhaps you see the reason better.

28 Jan 2010, 02:05

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum