Some beginner questions about this assembly listing

[mitchi]

Hello guys, I have some questions here. I was just testing the ASMLIB.DLL library from Genesys in a C program to see how it went and I noticed a few things.

My first question is about function name decoration. Almost all the functions in ASMLIB.DLL are STDCALL functions and yet I don't see any name decoration on them using Dependency Viewer. For instance, I figured that the Write function would appear as  _Write@4 in Dependency Viewer because it's STDCALL but it's not decorated at all.
From what I understand, when I call the function InitConsole, I push the next instruction on the stack, I jump to a jump instruction that jumps inside my DLL. And when the function from this DLL returns, I come back to the next instruction in my code.
But I always thought that It was the function name that was decorated, but here I only see the IMPORT name decorated. It's all a bit confusing.

My other question is about this instruction :

00EF1000 E8 2B 00 00 00   call        _InitConsole@0 (0EF1030h)

I figured that this was a relative CALL at +2B bytes from this instruction. But the actual jump to InitConsole is here

00EF1030

That's more than 2B !!!

However, 2B = 43. If I count every code bytes from this instruction to the jump entry, I end up with 44, not 43.
Did I make a mistake in my count somewhere?

Code Select Expand


     8: int main()
     9: {
    10: InitConsole();
00EF1000 E8 2B 00 00 00   call        _InitConsole@0 (0EF1030h)
    11: Write("coucou\nJesuisbeau");
00EF1005 68 F4 20 EF 00   push        offset string "coucou\nJesuisbeau" (0EF20F4h)
00EF100A E8 1B 00 00 00   call        _Write@4 (0EF102Ah)
    12: Writelnf("%d %d %d %d %d", 1,2,3,4,5);
00EF100F 6A 05            push        5   
00EF1011 6A 04            push        4   
00EF1013 6A 03            push        3   
00EF1015 6A 02            push        2   
00EF1017 6A 01            push        1   
00EF1019 68 08 21 EF 00   push        offset string "%d %d %d %d %d" (0EF2108h)
00EF101E E8 13 00 00 00   call        _Writelnf (0EF1036h)
00EF1023 83 C4 18         add         esp,18h
    13:
    14:
    15:
    16: //Writexy(15,10,'c');
    17:
    18: return 0;
00EF1026 33 C0            xor         eax,eax
    19:
    20: }
00EF1028 C3               ret             
--- No source file -------------------------------------------------------------
00EF1029 CC               int         3     ; Count = 38 up to here
_Write@4:
00EF102A FF 25 AC 20 EF 00 jmp         dword ptr [__imp__Write@4 (0EF20ACh)]
_InitConsole@0:
00EF1030 FF 25 A8 20 EF 00 jmp         dword ptr [__imp__InitConsole@0 (0EF20A8h)]
_Writelnf:
00EF1036 FF 25 A4 20 EF 00 jmp         dword ptr [__imp__Writelnf (0EF20A4h)]


[Vortex]

Normally, the decorated form of external functions are visible in OMF \ MS COFF object modules, static libraries and import libraries. The final EXE \ DLL will import \ export the non-decorated version of the function name.

[mitchi]

Thanks Vortex, I'm getting a clearer view now. It's really confusing because in object files it's decorated, in DLLs it's not, in GoAsm it's not, cdecl, stdcall, etc :D

[drizz]

2nd question:

Code Select Expand

00EF1000 E8 2B 00 00 00   call        _InitConsole@0 (0EF1030h)
...
00EF1030 FF 25 A8 20 EF 00 jmp         dword ptr [__imp__InitConsole@0 (0EF20A8h)]

Eip = 00EF1000, size of call instruction is 5 bytes, destination is 00EF1030

00EF1030 - (00EF1000+5) = 2B

or, destination minus return address (00EF1030 - 00EF1005 = 2B)

[mitchi]

Ohh. I see. Thank you drizz, it's clear now  :8)