CALL instruction question

kemicza · June 16, 2010, 06:27:58 PM

Hi guys,

It's been a while since I posted here, but I've been around and reading surfing the forums from time to time.

I've a question what the difference is between a normal call such as:
call MyFunction

and
mov eax,offset MyFunction
call eax

Both should work the same way right? But when I debug it and change it manually it crashed after a while.

Thanks in advance

ecube · June 16, 2010, 06:56:07 PM

using offset isn't a great idea, but yeah it's the same as calling directly, is still calling an address only difference obviously is it's in a register.

lea eax,MyFunction
call eax

is better

kemicza · June 16, 2010, 06:59:28 PM

Hi E^cube thanks for the fast reply

Yeah I was assuming the same, but still why does it crash after a while. When I put a breakpoint on the call and then step into it it goes fine. But later when I step into another call the app crashes for some reason. I checked the stack values etc, everything is the same, but still it crashes.

qWord · June 16, 2010, 06:59:59 PM

Quote from: E^cube on June 16, 2010, 06:56:07 PM
using offset isn't a great idea,

Why?

dedndave · June 16, 2010, 07:10:39 PM

if CALL MyFunc works and CALL EAX does not, it is because there should be a value in EAX that is being destroyed
otherwise, there is nothing wrong with CALL EAX - it can be a little bit faster, depending on how the address is loaded

clive · June 16, 2010, 07:14:10 PM

call xyx is relative, where as call eax is absolute. The former is better for location independent code and reduces the number of relocations the loader has to do. Most EXE have the relocations stripped, but DLL and SYS files should have them.

Your code is crashing for some other reason, as you haven't posted it, it will be particularly hard for anyone to guess where your bug is.

kemicza · June 16, 2010, 07:19:59 PM

dedndave yes that's a possibility, but I've tried calling without using a register as well, like this:
call dword ptr [static address]

Still it crashes, which is really weird. I'm going to look more in to it, I thought it was a small problem.

@clive: I'm wondering why it crashes, all I'm doing is replacing call address with call dword ptr [static address]. Shouldn't it work the same way?

Thanks

dedndave · June 16, 2010, 07:25:33 PM

Clive may be onto something, there
perhaps you have not correctly converted the relative address to absolute

kemicza · June 16, 2010, 07:35:53 PM

Problem fixed. Everything works fine, the problem was a stupid mistake of mine. The offset was wrong, so I actually called the wrong function/procedure.

Such mistakes always happen to me. Sorry guys! And thanks for helping out.

Farabi · June 16, 2010, 11:07:07 PM

Quote from: kemicza on June 16, 2010, 07:35:53 PM
Problem fixed. Everything works fine, the problem was a stupid mistake of mine. The offset was wrong, so I actually called the wrong function/procedure.

Such mistakes always happen to me. Sorry guys! And thanks for helping out.

Dont forget to adjust the stack balance.

News:

CALL instruction question

kemicza

ecube

kemicza

qWord

dedndave

clive

kemicza

dedndave

kemicza

Farabi