flat assembler
Message board for the users of flat assembler.

Index > Main > Need help!

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone! I have little problem here..
Code:
proc something
pushad
invoke blabla.. ;returns code to eax register
popad ;NEED EAX UNCHANGED!!!
ret
endp    

I have to do popad instruction and keep eax register unchanged.. How can I do that without having global/local variables ? If I push it into the stack, then popad fails to write correct values in registers.. Thank you.
Post 22 Jun 2011, 09:00
View user's profile Send private message Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Hello Wink
Code:
proc something
pusha
invoke blabla.. ;returns code to eax register
mov        [esp+28],eax
popa
ret
endp      

_________________
Nil Volentibus Arduum Razz
Post 22 Jun 2011, 09:18
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you! Smile
Post 22 Jun 2011, 09:58
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
still stuck Sad I can't control the stack...
Code:
proc main
push host
call gethostaddr
ret

proc gethostaddr
pushad ;save registers
invoke gethostbyname,dword[esp+0x24] ;ARG1 = host variable.
mov eax,[eax+0x0C]
mov eax,[eax]
mov eax,[eax] ;get ip address
mov dword[esp+0x24],eax ;overwrite ARG1 with host address
popad ;pop all registers
mov eax,dword[esp+0x4] ;save ARG1 (modified with IP address) into eax.
ret ;return.
endp    


but stack looks like this before executing ret!

Code:
0x00 - return to caller process
0x04 - ip address (modified ARG1)
0x08 - ExitThread    


how can I destroy it ? Sad also, problem is that, when returning to caller, stack looks like this:
Code:
0x00 - ip address (modified ARG1)
0x04 - ExitThread    

after doing something like this:
Code:
add esp,4    

it looks like:
Code:
0x00 - ExitThread    

and after RET, debugger says thread was ended but program is still running.. I don't understand what's problem Sad HELP!
Post 22 Jun 2011, 10:35
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Overflow: push/pop only those registers you want to remain unchanged.
Post 22 Jun 2011, 10:51
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
@vid
okay.. I just wanted this method )) Thread closed now. Thank you all.
Post 22 Jun 2011, 11:01
View user's profile Send private message Reply with quote
JoeCoder1



Joined: 13 Jun 2011
Posts: 62
JoeCoder1
Overflowz wrote:
Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you! Smile


I think the stack grows down so you can offset + from the stack. If you offset - from the stack I think you will segfault? Somebody knows the answer for sure?
Post 22 Jun 2011, 11:02
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
damnit.. still same problem with pushes too..
can somebody try that code in debugger ? Thanks..
Post 22 Jun 2011, 11:07
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
JoeCoder: Yes, stack grows down so it should have been + offset. If you offset - from ESP, you will simply write to unused part of stack and nothing will happen unless you cross bottom of the stack. There you can hit stack guard page (google it) or get violation if you go too far down.
Post 22 Jun 2011, 11:07
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
JoeCoder1



Joined: 13 Jun 2011
Posts: 62
JoeCoder1
Thanks Vid Smile It was my suspicion. And I think it's a pretty smart design because you can use + offset to get vars while they're still on the stack.
Post 22 Jun 2011, 11:15
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Here's another code. It works FINE but I think something is problem with gethostbyname API... did anyone had same problem before ?
Code:
proc gethostaddr url
mov eax,[url]
invoke gethostbyname,eax
mov eax,[eax+0x0C]
mov eax,[eax]
mov eax,[eax]
ret
endp    
Post 22 Jun 2011, 11:17
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
gethostbyname can return error. You seem not to be checking it. See http://tinyurl.com/69625t8
Post 22 Jun 2011, 12:15
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Code:

 PUSH    WSAData
     PUSH    22H
 CALL    [WSAStartup]
        TEST    EAX,EAX
     JNZ     @Error

  PUSH   Hostname
     CALL    [gethostbyname]            ; note that this proc is deprecated from Microsoft , use getaddrinfo 
    TEST    EAX,EAX                     ; EAX = Address hostent Structure
        JZ     @Error






;---------
; Data
;---------

Hostname          DB 'www.google.it',0
WSAData         DD ?

    

_________________
Nil Volentibus Arduum Razz
Post 22 Jun 2011, 12:15
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
@vid
@DJ Mauretto
I'm attaching it into debugger and watching all what code does. No errors were found.
The call was successful, returned the address of url. After RET, it returned to caller - OK. and after another RET instruction it jumped to ExitThread - OK. After ExitThread it said Thread was successfully terminated but program keeps running itself. I've tested it on virtual XP and there were no problems, only on Win7.. Any suggestions ?
Post 22 Jun 2011, 12:32
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Then probably your problem lies outside of code you posted.

Quote:
I'm attaching it into debugger and watching all what code does.

Instead, your code should be checking for error at the runtime.
Post 22 Jun 2011, 12:47
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Okay.. I'll try to figure out what I'm doing wrong. Thanks anyway guys Wink
Post 22 Jun 2011, 13:22
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.