Need help!

Index > Main > Need help!

Author

Thread

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

Hello everyone! I have little problem here..

Code:

proc something
pushad
invoke blabla.. ;returns code to eax register
popad ;NEED EAX UNCHANGED!!!
ret
endp

I have to do popad instruction and keep eax register unchanged.. How can I do that without having global/local variables ? If I push it into the stack, then popad fails to write correct values in registers.. Thank you.

22 Jun 2011, 09:00

DJ Mauretto

Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy

DJ Mauretto

Hello

Code:

proc something
pusha
invoke blabla.. ;returns code to eax register
mov        [esp+28],eax
popa
ret
endp

_________________
Nil Volentibus Arduum Razz

22 Jun 2011, 09:18

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you! Smile

22 Jun 2011, 09:58

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

still stuck Sad

I can't control the stack...

Code:

proc main
push host
call gethostaddr
ret

proc gethostaddr
pushad ;save registers
invoke gethostbyname,dword[esp+0x24] ;ARG1 = host variable.
mov eax,[eax+0x0C]
mov eax,[eax]
mov eax,[eax] ;get ip address
mov dword[esp+0x24],eax ;overwrite ARG1 with host address
popad ;pop all registers
mov eax,dword[esp+0x4] ;save ARG1 (modified with IP address) into eax.
ret ;return.
endp

but stack looks like this before executing ret!

Code:

0x00 - return to caller process
0x04 - ip address (modified ARG1)
0x08 - ExitThread

how can I destroy it ? Sad

also, problem is that, when returning to caller, stack looks like this:

Code:

0x00 - ip address (modified ARG1)
0x04 - ExitThread

after doing something like this:

Code:

add esp,4

it looks like:

Code:

0x00 - ExitThread

and after RET, debugger says thread was ended but program is still running.. I don't understand what's problem Sad

HELP!

22 Jun 2011, 10:35

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid

Overflow: push/pop only those registers you want to remain unchanged.

22 Jun 2011, 10:51

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

@vid
okay.. I just wanted this method )) Thread closed now. Thank you all.

22 Jun 2011, 11:01

JoeCoder1

Joined: 13 Jun 2011
Posts: 62

JoeCoder1

Overflowz wrote:

Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you!

I think the stack grows down so you can offset + from the stack. If you offset - from the stack I think you will segfault? Somebody knows the answer for sure?

22 Jun 2011, 11:02

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

damnit.. still same problem with pushes too..
can somebody try that code in debugger ? Thanks..

22 Jun 2011, 11:07

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid

JoeCoder: Yes, stack grows down so it should have been + offset. If you offset - from ESP, you will simply write to unused part of stack and nothing will happen unless you cross bottom of the stack. There you can hit stack guard page (google it) or get violation if you go too far down.

22 Jun 2011, 11:07

JoeCoder1

Joined: 13 Jun 2011
Posts: 62

JoeCoder1

Thanks Vid Smile

It was my suspicion. And I think it's a pretty smart design because you can use + offset to get vars while they're still on the stack.

22 Jun 2011, 11:15

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

Here's another code. It works FINE but I think something is problem with gethostbyname API... did anyone had same problem before ?

Code:

proc gethostaddr url
mov eax,[url]
invoke gethostbyname,eax
mov eax,[eax+0x0C]
mov eax,[eax]
mov eax,[eax]
ret
endp

22 Jun 2011, 11:17

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid

gethostbyname can return error. You seem not to be checking it. See http://tinyurl.com/69625t8

22 Jun 2011, 12:15

DJ Mauretto

Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy

DJ Mauretto

Code:


 PUSH    WSAData
     PUSH    22H
 CALL    [WSAStartup]
        TEST    EAX,EAX
     JNZ     @Error

  PUSH   Hostname
     CALL    [gethostbyname]            ; note that this proc is deprecated from Microsoft , use getaddrinfo 
    TEST    EAX,EAX                     ; EAX = Address hostent Structure
        JZ     @Error






;---------
; Data
;---------

Hostname          DB 'www.google.it',0
WSAData         DD ?

_________________
Nil Volentibus Arduum Razz

22 Jun 2011, 12:15

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

@vid
@DJ Mauretto
I'm attaching it into debugger and watching all what code does. No errors were found.
The call was successful, returned the address of url. After RET, it returned to caller - OK. and after another RET instruction it jumped to ExitThread - OK. After ExitThread it said Thread was successfully terminated but program keeps running itself. I've tested it on virtual XP and there were no problems, only on Win7.. Any suggestions ?

22 Jun 2011, 12:32

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid

Then probably your problem lies outside of code you posted.

Quote:

I'm attaching it into debugger and watching all what code does.

Instead, your code should be checking for error at the runtime.

22 Jun 2011, 12:47

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz

Okay.. I'll try to figure out what I'm doing wrong. Thanks anyway guys Wink

22 Jun 2011, 13:22

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum