flat assembler
Message board for the users of flat assembler.
Index
> Windows > What's the problem here? (ECX clobbered by API calls) |
Author |
|
edfed 17 Jan 2012, 00:32
maybe ReadFile trash ecx...
|
|||
17 Jan 2012, 00:32 |
|
rohagymeg 17 Jan 2012, 00:51
Thanks edfed! So how do I know which function does what to which register?
|
|||
17 Jan 2012, 00:51 |
|
typedef 17 Jan 2012, 01:02
Does ReadFile destroy EBX, if so.. then that could be the problem.
Try PUSH EBX / POP EBX |
|||
17 Jan 2012, 01:02 |
|
Yardman 17 Jan 2012, 01:20
[ Post removed by author. ]
Last edited by Yardman on 04 Apr 2012, 04:52; edited 1 time in total |
|||
17 Jan 2012, 01:20 |
|
typedef 17 Jan 2012, 01:47
Yardman wrote: There goes typedef talking through his arse again. Did you make windows ? |
|||
17 Jan 2012, 01:47 |
|
Tyler 17 Jan 2012, 02:32
typedef wrote:
|
|||
17 Jan 2012, 02:32 |
|
typedef 17 Jan 2012, 02:37
Tyler wrote:
Is it required to have a Yardie talk shit to you because you uploaded a picture of a false malware alarm on his code ? (http://board.flatassembler.net/topic.php?p=139518#139518) I don't think so. |
|||
17 Jan 2012, 02:37 |
|
revolution 17 Jan 2012, 04:44
typedef: Read about the standard call convention. What Yardman says is correct. EAX, ECX, EDX and EFLAGS are to be considered clobbered by all API functions all other registers except ESP and EIP are preserved. ESP is updated according to the number of parameters used and EIP is of course set to the following instruction.
|
|||
17 Jan 2012, 04:44 |
|
LocoDelAssembly 17 Jan 2012, 05:28
However, there is something more simpler to consider, the OP stated that when using EBX to save HeapAlloc result (first code block), it worked, but failed with ECX (second code block), so how it comes that preserving EBX may be needed to solve the problem?? (I believe this is was the main cause for Yardman's reaction, the stdcall thing is of secondary or no importance at all. Personally, I think typedef already knew about both stdcall and that ReadFile adheres to that calling convention.)
|
|||
17 Jan 2012, 05:28 |
|
sinsi 17 Jan 2012, 06:40
http://agner.org/optimize/
Look for "5. Calling conventions for different C++ compilers and operating systems" |
|||
17 Jan 2012, 06:40 |
|
AsmGuru62 17 Jan 2012, 11:35
API preserves EBX,ESI,EDI,ESP,EBP (plus Direction Flag is ALWAYS 0) -- so these can be used to hold stuff between API calls.
The rest of registers may change -- these include EAX,ECX,EDX. Important! If user code changes the Direction Flag to one -- it MUST restore it back to 0, otherwise some API will fail. Windows 'thinks' that DF=0 at all times, so we should keep the same 'thinking' pattern. Last edited by AsmGuru62 on 17 Jan 2012, 17:43; edited 2 times in total |
|||
17 Jan 2012, 11:35 |
|
LocoDelAssembly 17 Jan 2012, 15:05
AsmGuru62, Windows 'thinks' that DF = 0 at all times, (i.e. pointers are incremented, not decremented).
http://msdn.microsoft.com/en-us/library/7td56tzs%28VS.80%29.aspx (Yeah, I know it talks about the C run-time here, but by just inspecting EFLAGS at program entry point, you'll notice DF will also be cleared) |
|||
17 Jan 2012, 15:05 |
|
AsmGuru62 17 Jan 2012, 17:42
Oh... right! -- DF=0. My bad! I edited my post.
|
|||
17 Jan 2012, 17:42 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.