flat assembler
Message board for the users of flat assembler.

Index > Heap > Microsoft Visual C 8.0 bug

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
grrrrrr, this bitch just has to make my life (well... my work) harder:

(with -O2)
Code:
        win_product_id_len=MAX_WIN_PRODUCT_ID;
        printf("%d", win_product_id_len);
0040203F  push        80h  
00402044  push        offset string "%d" (4204F0h) 
00402049  mov         dword ptr [esp+10h],80h 
00402051  call        printf (41320Dh) 
00402056  add         esp,8 
        res = RegQueryValueExA(hkey, "ProductID", 0, &key_type, win_product_id, &win_product_id_len);
00402059  lea         edx,[esp+8] 
0040205D  push        edx  
0040205E  mov         edx,dword ptr [esp+1Ch] 
00402062  lea         eax,[esp+364h] 
00402069  push        eax  
0040206A  lea         ecx,[esp+14h] 
0040206E  push        ecx  
0040206F  push        0    
00402071  push        offset string "ProductID" (4204F4h) 
00402076  push        edx  
00402077  call        dword ptr [__imp__RegQueryValueExA@24 (41F010h)] 
    


problem is win_product_id_len. I set it's value, and then pass it's address to RegQueryValueExA. On input, the value is size of buffer, on output it's size of data written into buffer. But compiler obviously thinks that RegQueryValueExA doesn't read it's value and just overwrites it.

This is not problem of declaration of RegQueryValueExA:
Code:
WINADVAPI
LONG
APIENTRY
RegQueryValueExA (
    __in HKEY hKey,
    __in_opt LPCSTR lpValueName,
    __reserved LPDWORD lpReserved,
    __out_opt LPDWORD lpType,
    __out_bcount_opt(*lpcbData) LPBYTE lpData,
    __inout_opt LPDWORD lpcbData
    );    


even deleting the __inout_opt from declaration didn't help.

GRRRRRRRR
Post 27 Nov 2006, 13:20
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
The code you post looks fine to me.

The value 80h (MAX_WIN_PRODUCT_ID) is stored at [esp+8] (win_product_id_len)
Code:
00402049  mov         dword ptr [esp+10h],80h    
note, it is "+10" because there were two PUSHes before the MOV

Then, later, the address is passed to RegQueryValueExA
Code:
00402059  lea         edx,[esp+8]
0040205D  push        edx    
I can't find any overwrite of the value at [esp+8].

Did I miss something?
Post 27 Nov 2006, 14:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
shit, looks like you are right. missed that line Smile

then it was maybe just problem of debugger, which was displaying wrong value

and to make things funnier, MSVC is generating another code now, so i can't test it...
Post 27 Nov 2006, 14:42
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I wonder why VC decided to do:
Code:
00402049  mov         dword ptr [esp+10h],80h 
00402051  call        printf (41320Dh) 
    
Instead of
Code:
00402049  mov         dword ptr [esp+8],80h 
0040203F  push        80h    


Where is the performance gaining on that?
Post 27 Nov 2006, 14:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
I expect there is no performance gain in that particular sequence. But, importantly, there is no performance loss either. In the general case though there can be an advantage to early PUSHing before CALLing, and also, if the value 80h was instead a register, storing it late can allow better out of order scheduling, so sometimes it may gain a clock tick (or two).
Post 27 Nov 2006, 14:57
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.