flat assembler
Message board for the users of flat assembler.
Index
> Windows > Purpose of sub rsp,20h... in invoke macro |
Author |
|
AsmGuru62 06 Jan 2023, 21:00
Before x64 Windows API call --- the caller (you) must reserve the shadow room for four 64-bit parameters. And that is where 0x20 coming from.
|
|||
06 Jan 2023, 21:00 |
|
revolution 07 Jan 2023, 01:31
To expand upon AsmGuru62's comment.
The reason you must do that is because the Win64 ABI requires it. If you don't do it then your stack will likely be corrupted by the called function. For simple test code that just exits after the call you won't notice the bad stack and it appears to work fine. But for larger code you will quickly notice the stack has been corrupted when your program crashes. Last edited by revolution on 09 Jan 2023, 12:17; edited 1 time in total |
|||
07 Jan 2023, 01:31 |
|
macgub 09 Jan 2023, 11:58
To expand upon Hotwire's question.
I would ask about Win32 bit ABI. I now that preserving ebx and ebp registers is obligatory. What about esi and edi - I guess I need save/restore it before/after win invoke call. I read somewhere about ebp is a need as proc frame. Can I use as following: Code: push ebp mov ebp,esp sub esp,300 sub ebp,128 ; I achive [ebp+128] to [ebp-128] shorter addresses to local data add esp,300 pop ebp Any other revelations about win32 ABI? Network is full about win64 not win32 - so I aske here. Sorry if it was written in some other place of board. Thanks for answers!! |
|||
09 Jan 2023, 11:58 |
|
revolution 09 Jan 2023, 12:16
Win32 uses the STDCALL calling convention:
EBX, EBP, ESI and EDI must be preserved by the callee As long as you push and later pop ebp then you can do whatever you want with it within your function. The only caveat is that a debugger might incorrectly try to examine the stack and show you some wrong values. |
|||
09 Jan 2023, 12:16 |
|
macgub 09 Jan 2023, 13:04
revolution wrote: The only caveat is that a debugger might incorrectly try to examine the stack and show you some wrong values. So - it displays why I sometimes have debugging problems. - Sometimes when I exchange int3 to nop instruction x64dbg (it 32 bit version) wont properly continue run apps I debug.. Thanks for tips... |
|||
09 Jan 2023, 13:04 |
|
revolution 09 Jan 2023, 13:22
macgub wrote: So - it displays why I sometimes have debugging problems. - Sometimes when I exchange int3 to nop instruction x64dbg (it 32 bit version) wont properly continue run apps I debug.. |
|||
09 Jan 2023, 13:22 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.