News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

protecting proc with push and pop

Started by bcddd214, October 11, 2011, 12:02:43 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

dedndave

#15
October 12, 2011, 12:26:40 PM Last Edit: October 12, 2011, 03:14:34 PM by dedndave
i got that to work however, i had to use the following lines at the top...
Code Select
        INCLUDE    Irvine32.inc
        INCLUDELIB Irvine32.lib
        INCLUDELIB kernel32.lib
        INCLUDELIB user32.lib

and, i had to provide kernel32.lib and user32.lib
i don't have the complete irvine package - just a few INC's and LIB's
so, i borrowed a kernel32.lib and user32.lib from the masm32 package
he may have taken care of these files in his batch file

i used the following lines to assemble and link
Code Select
ml /c /coff test.asm
Link /SUBSYSTEM:CONSOLE /OPT:NOREF test.obj

Code Select
Enter Your Name: Dave
4

your life would be much simpler if you installed the masm32 package   :U

see attached...

bcddd214

#16
October 13, 2011, 12:11:02 AM
I am ever so curious what you did my friend.
What is 'repnz   scasb'?
Is this an alternate to using the ebp pointer register?

jj2007

#17
October 13, 2011, 12:36:30 AM
\masm32\help\opcodes.chm is your friend - look for scas :U

dedndave

#18
October 13, 2011, 12:53:51 AM
SCAS means "scan string"
it comes in different sizes
SCASB for bytes
SCASW for words
SCASD for dwords

it compares the value in AL (or AX or EAX) against the value at [EDI]
EDI is then incremented (or decremented, according to the direction flag) to point to the next memory location

with the REP prefix, the operation is repeated by the count in ECX
REPNZ means "repeat if not zero"
so, it keeps going until it either finds a match or the count in ECX becomes zero
in that code, i set ECX to -1, which is the same as 4,294,967,295
that way, it will basically keep going until it finds a match

when done, i subtract the remaining count in ECX from 4,294,967,294 (-2) for the length
we don't want to count the zero terminator, so it is one less than the start count

the EBP register is used in that routine, only to get the lpString value from the stack
the assembler takes care of that code, so it will show up in a disassembly, but not in the source file
this is called a procedure "prologue" (at the beginning) and "epilogue" (at the end)
the assembler restores EBP and adjusts the stack at exit automatically
Print
Go Up Pages 1 2
User actions