I was told that using ecx then calling RtlFillMemory could change ecx. Why/What do APIs change registers to and do I know which APIs change which registers? Sounds like I would need a simple way to retain (or push) all my registers before I call any API because they might get adjusted.
In the in help folder of MASM32 there is a file called asmintro.hlp. In the "Register Preservation Convention" section, you will find all the information you need to know about register preservation.
About eax, ecx and edx, they can freely be modified by any procedures call and don't expect them to be the same when procedures returns.
About ebx, esi and edi, they will remain the same.
:U
A rule of thumb is to assume that EAX, ECX and EDX will always be modified by any Win32 API, or any C/C++ function.
Quote from: thomas_remkus on June 14, 2007, 04:13:06 PM
I was told that using ecx then calling RtlFillMemory could change ecx. Why/What do APIs change registers to and do I know which APIs change which registers? Sounds like I would need a simple way to retain (or push) all my registers before I call any API because they might get adjusted.
Windows calls will preserve ESI, EDI and EBX, also depending on the calling convention they will also restore ESP and EBP. All other registers are subject to change and though they may not change in one Windows version that is no guarantee that they will not be modified in another version (can't count how many times that rule has caught me and caused a lot of grief tracking it down) so you should assume that they are volatile. You can easily preserve all registers with the opcode pair PUSHAD/POPAD that will store/retrieve the registers on the stack, however it is probably more efficient to push/pop only those you will require or even better still to use the non-volatile registers to hold any data that must span a procedure or API call.
Donkey
This is what I needed. Thanks all!