flat assembler
Message board for the users of flat assembler.

Index > Windows > The Stack Under Win32

Author
Thread Post new topic Reply to topic
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
I've been looking at the stack before the call(or whatever) to my program and all I see is a bunch of this
Code:
”ûv PýÔÿ õ³Rw PýmsO~         Pý             ÿ     ÿÿÿÿM×Nw!‰       ìÿ ȳRw @  Pý                 @  Pý    Actx        0  Ü                        4   |                            Nï&˜  D   à  `      ºq2ó@  J   Œ        [IY-¬  2   à         ÍêÎ2à  B   $  6      È_P8\  ^   ¼  h      D(±$  V   |  ˜           ì         |  Ð        L  ´           Œ        Œ*           -  ˜         8.  Ì         /  ð             ô/  (         0        SsHd,               Œ      ˜  ,   ^   ^                                          $   8       C : \ W i n d o w s \ W i n S x s \&  D   d  `     ºq2óÄ  J          [IY-0  2   d        ÍêÎ2d
  B   ¨
  6     È_P8à
  ^   @  h     D(±¨  V      ˜     M i c r o s o f t . W i n d o w s . S y s t e m C o m p a t i b l e     l        Ð     ,   Ü  §ûL¡$Ê                                          ¸   
                      M i c r o s o f t . W i n d o w s . S y s t e m C o m p a t i b l e , p r o c e s s o r A r c h i t e c t u r e = " x 8 6 " , p u b l i c K e y T o k e n = " 6 5 9 5 b 6 4 1 4 4 c c f 1 d f " , t y p e = " w i n 3 2 " , v e r s i o n = " 6 . 0 . 7 6 0 0 . 1 6 3 8 5 " S y s t e m   D e f a u l t   C o n t e x t   x 8 6 _ m i c r o s o f t . w i n d o w s . s y s t e m c o m p a t i b l e _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 6 . 0 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 4 9 a d c c b d e 8 1 6 9 a 0 3   M i c r o s o f t . W i n d o w s . I s o l a t i o n A u t o m a t i o n   l         |     ú   €  ëۏI&Ê                                          °   |                      M i c r o s o f t . W i n d o w s . I s o l a t i o n A u t o m a t i o n , p r o c e s s o r A r c h i t e c t u r e = " x 8 6 " , p u b l i c K e y T o k e n = " 6 5 9 5 b 6 4 1 4 4 c c f 1 d f " , t y p e = " w i n 3 2 " , v e r s i o n = " 1 . 0 . 0 . 0 " C : \ W i n d o w s \ W i n S x S \ m a n i f e s t s \ x 8 6 _ m i c r o s o f t . w i n d o w s . i s o l a t i o n a u t o m a t i o n _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 1 . 0 . 0 . 0 _ n o n e _ 3 5 d 3 5 7 a 6 6 c 3 8 a d e 4 . m a n i f e s t   x 8 6 _ m i c r o s o f t . w i n d o w s . i s o l a t i o n a u t o m a t i o n _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 1 . 0 . 0 . 0 _ n o n e _ 3 5 d 3 5 7 a 6 6 c 3 8 a d e 4     M i c r o s o f t . W i n d o w s . G d i P l u s   l       ú   Ð     ð   Ê  ¤ÿ7‡&Ê                                          ¦   ¼                        M i c r o s o f t . W i n d o w s . G d i P l u s , p r o c e s s o r A r c h i t e c t u r e = " x 8 6 " , p u b l i c K e y T o k e n = " 6 5 9 5 b 6 4 1 4 4 c c f 1 d f " , t y p e = " w i n 3 2 " , v e r s i o n = " 1 . 1 . 7 6 0 0 . 1 6 3 8 5 " C : \ W i n d o w s \ W i n S x S \ m a n i f e s t s \ x 8 6 _ m i c r o s o f t . w i n d o w s . g d i p l u s _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 1 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 7 2 f c 7 c b f 8 6 1 2 2 5 c a . m a n i f e s t   x 8 6 _ m i c r o s o f t . w i n d o w s . g d i p l u s _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 1 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 7 2 f c 7 c b f 8 6 1 2 2 5 c a   M i c r o s o f t . W i n d o w s . C o m m o n - C o n t r o l s   l                   ¡eÕº%Ê                                          ¸   $
                      M i c r o s o f t . W i n d o w s . C o m m o n - C o n t r o l s , p r o c e s s o r A r c h i t e c t u r e = " x 8 6 " , p u b l i c K e y T o k e n = " 6 5 9 5 b 6 4 1 4 4 c c f 1 d f " , t y p e = " w i n 3 2 " , v e r s i o n = " 5 . 8 2 . 7 6 0 0 . 1 6 3 8 5 " C : \ W i n d o w s \ W i n S x S \ m a n i f e s t s \ x 8 6 _ m i c r o s o f t . w i n d o w s . c o m m o n - c o n t r o l s _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 5 . 8 2 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ e b f 8 2 f c 3 6 c 7 5 8 a d 5 . m a n i f e s t   x 8 6 _ m i c r o s o f t . w i n d o w s . c o m m o n - c o n t r o l s _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 5 . 8 2 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ e b f 8 2 f c 3 6 c 7 5 8 a d 5     M i c r o s o f t . W i n d o w s . I s o l a t i o n A u t o m a t i o n . P r o x y S t u b   l       &  ¬       Ò  ¼Ï/Æ%Ê             
    

What is it? For more interesting results, should I look below(I guess "above" would be more correct, but below seems more logical) esp or ebp?
Post 29 Mar 2010, 07:13
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Tyler,

How do you think, where do automatic variables live?
Post 29 Mar 2010, 07:30
View user's profile Send private message Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
What are automatic variables? Do you mean environment variable or argc/argv, or something else?
Post 29 Mar 2010, 07:48
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 713
Location: Adelaide
sinsi
Local vars live below esp ([esp-x]), the return address of a call lives at [esp+0] and parameters live at [esp+4*n].
Anything above your parmeters is, well, anything - leftover parameters from old calls, leftover locals from old calls etc.
Post 29 Mar 2010, 07:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Everything (including local variables) should "live" above esp. Putting stuff below esp is generally not a good idea since it will likely get clobbered next time you push or call something.
Post 29 Mar 2010, 08:05
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Oooh, I see what I said wrong. When I said below, I was thinking of the stack as a literal stack, I'm actually adding to esp.

But what is all that? I get that its some functions params, but what is it for, and what would happen if I changed it?
Post 29 Mar 2010, 08:10
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 713
Location: Adelaide
sinsi
oops, yeah, esp != ebp.
Everything should be [esp+something].
Post 29 Mar 2010, 08:13
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
Tyler wrote:
But what is all that? I get that its some functions params, but what is it for, and what would happen if I changed it?

This can be the garbage, or this can be parameters of parent procedures - the procedures from which your current procedure is called.
Post 29 Mar 2010, 09:12
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
zhak,

Not only parameters: local (i.e. automatic) variables are allocated on stack as well.
Post 29 Mar 2010, 09:16
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
Yes, sure. and local variables as well
Post 29 Mar 2010, 09:17
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Tyler,

In Pascal (oh yeah, Algol family… Dijkstra, Wirth, Backus and Naur) inner procedures can access outer procedures' parameters and variables. In most implementations this is done via stack (cf. enter).
Post 29 Mar 2010, 10:12
View user's profile Send private message Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
I guess what I thought was weird about this(~3am when I posted), is that there are strings on the stack, why? I've always assumed the only way(only EASY way) to pass strings, is with a pointer, right?
Post 04 Apr 2010, 03:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Code:
;...
sub esp,1024 ;make space for a string
mov ebx,esp ;point to it
invoke lstcpy,ebx,"I'm a string"
invoke SomeAPIFunction,ebx ;pass a string pointer to a function
add esp,1024 ;we are finished with it
;...    
Post 04 Apr 2010, 04:21
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Oh, my problem is how I tend to think of the stack as a mechanism that can ONLY be access in reversed order(FIFO), but I get it now, I see that the stack can be used for much more. Thanks for clarifying.
Post 04 Apr 2010, 04:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.