Index
> Windows > C Library Example question? |
| Author |
|
|
rhyno_dagreat 23 Apr 2010, 15:01
Upon further inspection of the code, I notice you add four when you only have one parameter, and eight when you have two... Does this mean that you have to change the stack pointer yourself after you push values on the stack, so not to overwrite anything? And I thought that the stack pointer automatically changed when something was pushed on the stack...
|
|||
23 Apr 2010, 15:01 |
|
|
rhyno_dagreat 23 Apr 2010, 15:17
Also, I'm playing around with some code I wrote based off of this (a simple "Hello World!" program), and I'm wondering... does it matter which order the sections are in? The reason I ask is because it wasn't working when I had the data sections before the code section (.data and .idata).
Also, I noticed when I tried to jmp to the imports directly, rather than making a call to a wrapper it didn't work... Why is that? Sorry, I'm just trying to learn.  |
|||
|
23 Apr 2010, 15:17 |
|
|
bitshifter 23 Apr 2010, 15:34
From the looks of your code it seems to be _cdecl calling convention.
|
|||
|
23 Apr 2010, 15:34 |
|
|
rhyno_dagreat 23 Apr 2010, 15:49
What's the "_cdecl calling convention"? Sorry... I'm still very new at this.
|
|||
|
23 Apr 2010, 15:49 |
|
|
a115433 23 Apr 2010, 16:10
cdecl = arguments removed by caller.
|
|||
|
23 Apr 2010, 16:10 |
|
|
ManOfSteel 23 Apr 2010, 16:57
|
|||
|
23 Apr 2010, 16:57 |
|
|
Tyler 23 Apr 2010, 21:47
The add esp,* is to remove the parameters from the stack. You're pushing a 4 byte pointer onto the stack as an arg and removing it after the function you call returns.
|
|||
|
23 Apr 2010, 21:47 |
|
|
edfed 23 Apr 2010, 23:01
note: add esp,4 is equivalent to pop reg32, but without reg overwriting.
something fun would be to do pop dword[ss:esp], it will do exactlly the same thing, but slower because of the memory transfert from [ss:esp] to [ss:esp]... like a move eax,eax... |
|||
|
23 Apr 2010, 23:01 |
|
|
Tyler 24 Apr 2010, 03:28
edfed wrote:
A very novel idea... Although slower, it seems like it would be a lot less error prone, because of how clear it is as to what you're doing and why. |
|||
|
24 Apr 2010, 03:28 |
|
|
baldr 24 Apr 2010, 09:25
edfed wrote: something fun would be to do pop dword[ss:esp], it will do exactlly the same thing, but slower because of the memory transfert from [ss:esp] to [ss:esp]... Quote: If the ESP register is used as a base register for addressing a destination operand in memory, the POP instruction computes the effective address of the operand after it increments the ESP register. |
|||
|
24 Apr 2010, 09:25 |
|
|
peter 26 Apr 2010, 01:44
|
|||
|
26 Apr 2010, 01:44 |
|
< Last Thread | Next Thread > |
Forum Rules:
|