can someone please the stack frame for me? I see custom stack frames like
push ebp
mov ebp, esp
sub esp, __LOCAL_SIZE
mov esp, ebp
pop ebp
ret
also does __LOCAL_Size exist in masm? or an equivilant?
__LOCAL_SIZE, is used to allocate space for local variables on the stack frame in your custom prolog code. This constant contains a value determined by the compiler, and it represents the number of bytes of local variables.
__LOCAL_SIZE includes all user-defined local variables as well as compiler-generated temporary variables. __LOCAL_SIZE may be used as an immediate operand or in an expression. For example:
mov eax, __LOCAL_SIZE /* Immediate operand */
mov eax, __LOCAL_SIZE + 4 /* Expression */
mov eax, [ebp - __LOCAL_SIZE] /* Expression */
what i've come up with is
OPTION PROLOGUE:NONE
OPTION EPILOGUE:NONE
myproc proc ab,cd,ef,gh,ij
LOCAL myvar:DWORD
LOCAL mybuf[255]:BYTE
LOCAL myvar2:DWORD
push ebp
mov ebp, esp
sub esp, 263
mov esi, [ebp + 8]
invoke MessageBox,0,esi,NULL,MB_OK
mov esp, ebp
pop ebp
ret
myproc endp
OPTION PROLOGUE:PrologueDef
OPTION EPILOGUE:EpilogueDef
doesn't work, can someone help me? thanks
The three problems I can see are:
The LOCAL directives are being ignored.
The sub esp, 263 is disturbing the alignment of the stack, and even though the mov esp, ebp is restoring the alignment before the procedure returns, the stack is misaligned for the call to MessageBox. The stack adjustment needs to be a multiple of 4.
The return instruction is not removing the parameters from the stack. For this procedure it should be ret 20.
thanks! why 20 though?
The 20 is the number of bytes in the parameters, 5 parameters * 4 bytes each. The processor will add this number to the stack pointer after the return. This effectively removes the parameters from the stack by correctng for the 5 push operations that put the parameters on the stack.