Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: ThoughtCriminal on December 10, 2005, 05:52:18 PM

Title: Is it safe to store data at -ebp across window apis?
Post by: ThoughtCriminal on December 10, 2005, 05:52:18 PM
I'm writeing a program using no stack frames and I keep ebp constant.  I'm using ebp and edi a pointer to functions and data respectevly.
Code Select

API0 = 0
.CreateFile = API0+0 ; 7
.CreateFileMapping = API0+4 ; 6
.ExitProcess = API0+8 ; 1
.GetCommandLine = API0+12 ; 0
.GetLastError = API0+16 ; 0
.GetStdHandle = API0+20 ; 1
.MapViewOfFile = API0+24 ; 5
.VirtualAlloc = API0+28 ; 4
.WriteConsole = API0+32 ; 5
.WriteFile = API0+36 ; 5
INIT0 = API0+(10*4)
FetchApi = INIT0+0
ParseCmdLine = INIT0+4
CreateSections = INIT0+8
FILE_F0 = INIT0+(3*4);+4
LoadSourceFile = FILE_F0+0
ReportError = FILE_F0+4
PARSE0 = FILE_F0+(2*4)
ByteParse = PARSE0+0


CONS0 = 0
conio = CONS0+0
c_num = CONS0+4
    FILE_D0 = CONS0+(2*4)
MainFileHandle = FILE_D0+0
MapFileHandle = FILE_D0+4
MainFileLoadAddress = FILE_D0+8
FilePtrCurrent= FILE_D0+12
ERROR$0 = FILE_D0+(4*4)
serr1 = ERROR$0+0
berr1 = ERROR$0+4
serr2 = ERROR$0+8
berr2 = ERROR$0+12
serr3 = ERROR$0+16
berr3 = ERROR$0+20

Making great use of numeric equates.  My code works fine only needing the occasional push,pop becuase I really need to use them for something else.

The point is all my offsets are positive.  I get mabey 30 32-bit pointers until I reach and offset +128 where my 3 byte opcodes go to 5 o 6 bytes.  So how about negative offsets to -127?  I get about 60 then.  What I'm worried about is a API writting in the nagative offset area if I keep ebp and edi constant.  Perhaps I shoud mov ebp and edi to a safe place before calling an API if I do this.  Ane experience or advice?

Thanks.
Title: Re: Is it safe to store data at -ebp across window apis?
Post by: manhattan on December 10, 2005, 08:11:17 PM
It's a good idea. I would say it is safe because there is no reason for the function to overwrite the memory pointed to by ebp or edi. If ebp is used as a frame pointer it will be saved by the called function. It will point on the stack and not on your data.
Title: Re: Is it safe to store data at -ebp across window apis?
Post by: ThoughtCriminal on December 11, 2005, 04:59:56 AM
Thanks.  I traced into a few APIs since they do use frames, I don't.  It looks as though the stack is far away for my data sections.
Title: Re: Is it safe to store data at -ebp across window apis?
Post by: zooba on December 12, 2005, 06:45:29 AM
The stack should be in a different segment to your data, so that shouldn't be an issue.

When you call an API function they always (AFAIK) preserve ebp as part of the standard prologue:

Code Select
push ebp
mov  ebp, esp

So as long as esp is valid on calling you should be fine.
Title: Re: Is it safe to store data at -ebp across window apis?
Post by: MichaelW on December 12, 2005, 08:34:52 AM
QuoteThe stack should be in a different segment to your data, so that shouldn't be an issue.
I have seen statements to this effect before. I don't know if the statement is literally true, but it looks to me like it is not effectively true. How could this be depended on for protection when you can access data in the data segment or on the stack with CS, DS,  or SS (and probably ES), using the same offset for each segment?
Code Select

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    include \masm32\include\masm32rt.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    .data
        somedata dd 1234h
    .code
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
start:
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    print "CS = "
    mov   eax,cs
    print uhex$(eax),13,10
    print "DS = "
    mov   eax,ds
    print uhex$(eax),13,10
    print "ES = "
    mov   eax,es
    print uhex$(eax),13,10
    print "SS = "
    mov   eax,ss
    print uhex$(eax),13,10

    print "CS:data in data segment: "
    nop
    nop
    nop   
    mov   eax,cs:somedata
    print uhex$(eax),"h",13,10

    print "DS:data in data segment: "
    nop
    nop
    nop   
    mov   eax,somedata
    print uhex$(eax),"h",13,10

    print "SS:data in data segment: "
    nop
    nop
    nop   
    mov   eax,ss:somedata
    print uhex$(eax),"h",13,10

    print "CS:data on stack: "
    push  5678h
    nop
    nop
    nop
    mov   eax,esp
    mov   eax,cs:[eax]
    pop   edx
    print uhex$(eax),"h",13,10

    print "DS:data on stack: "
    push  5678h
    nop
    nop
    nop
    mov   eax,esp
    mov   eax,[eax]
    pop   edx
    print uhex$(eax),"h",13,10

    print "SS:data on stack: "
    push  5678h
    nop
    nop
    nop
    mov   eax,[esp]
    pop   edx
    print uhex$(eax),"h",13,10

    mov   eax, input(13,10,"Press enter to exit...")
    exit
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
end start

Code Select

CS = 0000001B
DS = 00000023
ES = 00000023
SS = 00000023
CS:data in data segment: 00001234h
DS:data in data segment: 00001234h
SS:data in data segment: 00001234h
CS:data on stack: 00005678h
DS:data on stack: 00005678h
SS:data on stack: 00005678h


Title: Re: Is it safe to store data at -ebp across window apis?
Post by: AeroASM on December 12, 2005, 11:12:17 AM
That is right. WIndows uses paging rather than segmentation to protect memory.
Text only | Text with Images