Hello topic, with some questions inside

[zer0code]

Thanks again JJ, im gonna download Olly right now!
About EBP, i did read about it but i never see any example of it in use. It'll get better as soon as i start using Olly
But again, thanks for you, dave and hutch for all your efforts to explain me all of this  :U . I own you guys a lot hehe

[dedndave]

sometimes, ESP is used to directly access parameters, rather than EBP
it can be a little smaller and faster
but, if there are many accesses to parameters or local variables, it is usually best to use EBP
when using ESP directly, it is entirely up to you to keep track of stack locations
i believe that instructions that access the stack via [EBP+/-nn] are somewhat optimized by the manufacturers

[zer0code]

Now i guess i fully understood the "mechanics" behind the stack frame

Code Select Expand


        ; assuming RET at [ESP + 0]
        push    ebx          [ESP - 4]
        push    esi           [ESP - 8]     
        push    edi           [ESP - 12]
        push    ebp          [ESP - 16]
        mov     ebp,esp    ; saves ESP @ EBP
        sub     esp,12       ; create room for 3 DWORDS (3 locals, which you used down below)     

        mov     ebx,[ebp+20]     ;Parm1 - with esp saved, to get the first param i just have to move up all those 16 bytes PLUS 4, this explains the [EBP+20]
        mov     esi,[ebp+24]      ;Parm2 - same logic with second param, EBP + 24
        mov     edi,[ebp+28]      ;Parm3 - same here, EBP + 28

        mov     eax,[ebp-4]       ;Local1 - first local
        mov     ecx,[ebp-8]       ;Local2 - second
        mov     edx,[ebp-12]      ;Local3 - third


These "locals" are just FREE mem spaces i created by moving ESP down 3*DWORD_VALUES. So i can move data inside these free spaces and do any math i want?
Interesting...
what helped me understood was a picture, here

http://pdffreedownloading.com/A-Tiny-Guide-to-Programming-in-32-bit-x86-Assembly-Language-

But, according to that picture, the first parameter should be at [ebp+24], since that by moving 4 bytes from the first push, i would hit the RET address. Is that correct? Nah it's not correct, its [EBP+20] (ret was already adressed as +0), i just
"sometimes" (almost everytime) complicate what is simple  :lol

This is only for studying and general understanding of ASM, i dont plan to manage it by myself  :bg

[jj2007]

These "locals" are just FREE mem spaces i created by moving ESP down 3*DWORD_VALUES. So i can move data inside these free spaces and do any math i want?

Exactly. See Align 16 of a LOCAL buffer for use with SSE2 for an advanced example manipulating ebp. Actually, LOCAL is just a macro that assigns human-readable names to [ebp+nnn].

Check also the MyTest proc uses esi edi arg1, arg2 syntax and see what happens with esi+edi when such a proc hits ret.

Again: Olly is your friend :bg

P.S.: That tiny guide seems really good for noobs. Much more useful than the old 16-bit stuff that you usually find in such guides.

[zer0code]

Thank again JJ! I just downloaded Olly  :8)
Its really incredible as you said, but i think i'll need some time to get used to it lol

I'm glad you liked that guide, it helped me out a lot on understading Dave's code. now it's way clear
And i'm gonna check your proc asap too!
:U

the more i study, the more i want to learn about asm!