Index
> Windows > C Library Example question? |
| Author |
|
|
rhyno_dagreat
Upon further inspection of the code, I notice you add four when you only have one parameter, and eight when you have two... Does this mean that you have to change the stack pointer yourself after you push values on the stack, so not to overwrite anything? And I thought that the stack pointer automatically changed when something was pushed on the stack...
|
|||
23 Apr 2010, 15:01 |
|
|
rhyno_dagreat
Also, I'm playing around with some code I wrote based off of this (a simple "Hello World!" program), and I'm wondering... does it matter which order the sections are in? The reason I ask is because it wasn't working when I had the data sections before the code section (.data and .idata).
Also, I noticed when I tried to jmp to the imports directly, rather than making a call to a wrapper it didn't work... Why is that? Sorry, I'm just trying to learn.  |
|||
|
23 Apr 2010, 15:17 |
|
|
bitshifter
From the looks of your code it seems to be _cdecl calling convention.
|
|||
|
23 Apr 2010, 15:34 |
|
|
rhyno_dagreat
What's the "_cdecl calling convention"? Sorry... I'm still very new at this.
|
|||
|
23 Apr 2010, 15:49 |
|
|
a115433
cdecl = arguments removed by caller.
|
|||
|
23 Apr 2010, 16:10 |
|
|
ManOfSteel
|
|||
|
23 Apr 2010, 16:57 |
|
|
Tyler
The add esp,* is to remove the parameters from the stack. You're pushing a 4 byte pointer onto the stack as an arg and removing it after the function you call returns.
|
|||
|
23 Apr 2010, 21:47 |
|
|
edfed
note: add esp,4 is equivalent to pop reg32, but without reg overwriting.
something fun would be to do pop dword[ss:esp], it will do exactlly the same thing, but slower because of the memory transfert from [ss:esp] to [ss:esp]... like a move eax,eax... |
|||
|
23 Apr 2010, 23:01 |
|
|
Tyler
edfed wrote:
A very novel idea... Although slower, it seems like it would be a lot less error prone, because of how clear it is as to what you're doing and why. |
|||
|
24 Apr 2010, 03:28 |
|
|
baldr
edfed wrote: something fun would be to do pop dword[ss:esp], it will do exactlly the same thing, but slower because of the memory transfert from [ss:esp] to [ss:esp]... Quote: If the ESP register is used as a base register for addressing a destination operand in memory, the POP instruction computes the effective address of the operand after it increments the ESP register. |
|||
|
24 Apr 2010, 09:25 |
|
|
peter
|
|||
|
26 Apr 2010, 01:44 |
|
< Last Thread | Next Thread > |
Forum Rules:
|