flat assembler
Message board for the users of flat assembler.

Index > Windows > Stack frames in Delphi

Author
Thread Post new topic Reply to topic
CandyMan



Joined: 04 Sep 2009
Posts: 414
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 22 Feb 2014, 18:52
32-bit Delphi
Code:
push ebp
mov ebp,esp
sub esp,N*4
;...
mov ecx,[ebp] ; Previous EBP
;...
pop ebp
ret
    


64-bit Delphi
Code:
push rbp
sub rsp,N*8
mov rbp,rsp
;...
mov rcx,? ; Previous RBP
;...
lea rsp,[rbp+N*8]
pop rbp
ret
    


How to get pointer to previous RBP if don't know what N is equal?

_________________
smaller is better
Post 22 Feb 2014, 18:52
View user's profile Send private message Reply with quote
tthsqe



Joined: 20 May 2009
Posts: 767
tthsqe 22 Feb 2014, 23:54
Unclear what you are trying to do in these examples.
If you don't know N, how can you write sub rsp,N*8 and lea rsp,[rbp+N*8]? Clearly who/whatever wrote these two instructions would know N.
Post 22 Feb 2014, 23:54
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 23 Feb 2014, 06:00
Post 23 Feb 2014, 06:00
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 414
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 23 Feb 2014, 12:09
I would like to write exception call stack unit. In 32-bit mode there is no problem.
Post 23 Feb 2014, 12:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 23 Feb 2014, 12:25
If Delphi always uses the same prolog code then you can use the function address and read the contents of the value of N from the encoding:
Code:
push rbp        ;db 0x55
sub rsp,3*8     ;db 0x48,0x83,0ec, db N*8       <--- byte values from -128 to +124

push rbp        ;db 0x55
sub rsp,30*8    ;db 0x48,0x81,0ec, dd N*8       <--- dword values from -2G to +2G    
Post 23 Feb 2014, 12:25
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 23 Feb 2014, 12:51
CandyMan,

That'll probably take some efforts to implement it right. Given this simple program, Delphi XE5 generates peculiar x86-64 code:
Code:
{$APPTYPE CONSOLE}
program HelloWorld;
  procedure Say(a0, a1, a2, a3: LongInt; const It: string);
    procedure SayIt(b0: LongInt);
      procedure ReallySayIt(c0: LongInt);
        procedure SayItAtOnceYouDummKopf(d0: LongInt); begin WriteLn(It); end;
      begin SayItAtOnceYouDummKopf(3); end;
    begin ReallySayIt(2); end;
  begin SayIt(1); end;
begin
  Say(0, 0, 0, 0, 'Hello, world!');
end.    
Not to mention intermittent nops and xor r#,r# instead of shorter xor e#, e#, it does pass enclosing rbp as a hidden argument to the nested routines (__thiscall Wink).
Post 23 Feb 2014, 12:51
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.