flat assembler
Message board for the users of flat assembler.

Index > Windows > Beginning with assembly language.

Author
Thread Post new topic Reply to topic
davi_ralph



Joined: 04 Nov 2016
Posts: 1
davi_ralph 04 Nov 2016, 21:46
I'm reading a book about assembly and trying to learn a little about this language. I got a code to understand what he's doing but I'm having trouble, could explain what makes the code below?
Code:
push ebp //put in top the stack, right?
mov ebp, esp //mov the value esp to ebp
push ecx // ok...
mov eax, [ebp+8] //What's ebp+8? 
add eax, [ebp+0Ch] //What's ebp+0Ch?  
add eax, [ebp+10h] //What's ebp+10h
mov [ebp-4], eax //What's ebp-4
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
    

In summary what makes this piece of code? I could not understand.

Any good book recommendation?
Post 04 Nov 2016, 21:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 05 Nov 2016, 00:28
This looks like C-call standard. Parameter are pushed to the stack before the call to the function, and then read from the stack using EBP within the function.
Post 05 Nov 2016, 00:28
View user's profile Send private message Visit poster's website Reply with quote
MrFox



Joined: 17 Aug 2016
Posts: 52
Location: Russia
MrFox 05 Nov 2016, 04:56
Code:
push ebp // Save EBP (base pointer)
mov ebp, esp // Put current Stack Pointer value to EBP
push ecx
mov eax, [ebp+8] // ebp+8 is what earlier was ESP+8 (stack pointer+8)
add eax, [ebp+0Ch]   // 0Ch=12 (hexadecimal vs decimal)
add eax, [ebp+10h]   // 10h=16 ('h' character is hexadecimal)
mov [ebp-4], eax 
mov eax, [ebp-4] 
mov esp, ebp 
pop ebp 
retn    

'Push' instruction decrements ESP register value (stack pointer) by a number of bytes equal to the size of the argument that comes with 'push' and then writes the argument to memory address pointed by ESP (so called 'Stack'). So the last 'push'-ed value may always be referred to as [esp]. Since the processor decrements the stack pointer, values that were push-ed before can be accessed as [esp+2] or whatever number, according to the size of previously pushed arguments.

Of course you can use any other register as a stack base index instead of ESP (mov ebp,esp; mov eax,[ebp+2])

your ECX is saved AFTER the stack pointer was put to EBP so [ebp-4] will exactly address your ECX value pushed in the stack.

Your proc sums three doubleword arguments passed to the proc (pushed to the stack before the proc was called) and puts the result to eax on return.

May be called like:
Code:
pushd 100
pushd 200
pushd 300
call myproc
add esp,12
; At this point eax value will be 600    



A few comments:
Code:
push ebp // Save EBP (base pointer)
mov ebp, esp // Put current Stack Pointer value to EBP

push ecx
// No matter what exactly was 'pushed' here
// because later on, this memory cell is used
// for WRITING, so here it could look like
// push EAX, push EBX, etc (anything that is 4 bytes width)
// or even: sub esp,4

// Summing block
mov eax, [ebp+8] // eax=1st argument, 4 bytes in size
add eax, [ebp+0Ch]   // eax+=2nd argument
add eax, [ebp+10h]   // eax+=3rd argument

mov [ebp-4], eax
// Save the sum total to memory address
// where we pushed ECX at the beginning

mov eax, [ebp-4]
// Get that back to EAX (I dunno why, cuz it is already in EAX)

mov esp, ebp
// Restore stack pointer

pop ebp 
// Restore base pointer

retn
//go back to the callee, whose address is now on top of stack.
//Same as:
//add esp,4
//jmp [esp-4]

    
Post 05 Nov 2016, 04:56
View user's profile Send private message Reply with quote
MrFox



Joined: 17 Aug 2016
Posts: 52
Location: Russia
MrFox 05 Nov 2016, 05:51
I'd like to admit that all this tangled stuff with EBP and storing result in stack doesn't make sense for such simple routines. This proc could be easily rewritten as:
Code:
myproc:
mov eax, [esp+4] ; changed indexes cuz there's no 'push ebp'
add eax, [esp+8]
add eax, [esp+12]
retn    

So, yours really looks like a disassembled C procedure, something like:
Code:
DWORD Sum(DWORD a,b,c) return a+b+c;    

The only case when that fuss with storing result in memory makes sense is for more complicated things that return more than one result (e.g. actual result + error code). In such cases, it is convenient to use stack pointer as a frame pointer to address the results after the proc exits. Otherwise, simply putting the result to EAX and utilizing it on exit will suffice.
Post 05 Nov 2016, 05:51
View user's profile Send private message Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo 05 Nov 2016, 21:52
davi_ralph wrote:
Any good book recommendation?


http://pacman128.github.io/pcasm/
Post 05 Nov 2016, 21:52
View user's profile Send private message Visit poster's website Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 06 Nov 2016, 07:52
davi_ralph wrote:

Any good book recommendation?


The DOS edition of Randall Hyde's The Art of Assembly Programming is a good and thorough introduction to assembly programming, most of which applies to 32-bit assembly programming as well.
http://www.plantation-productions.com/Webster/www.artofasm.com/DOS/pdf/0_AoAPDF.html
Post 06 Nov 2016, 07:52
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.