stack help needed....

[marco_xx]

Hi ,

i have read something about stack but its 16 bit (dos example).
see this code:

Code Select Expand


.486

print_string proc , string1 , box_title

mov edi, [ebp+4]
mov esi,[ebp+8]

invoke messagebox,0,edi,esi,0

ret

print_string endp




i wonder if the ebp+X is right?

[raymond]

Code:
.486

print_string proc , string1 , box_title

mov edi, [ebp+4]
mov esi,[ebp+8]

invoke messagebox,0,edi,esi,0

ret

print_string endp

I would be very curious to know why anyone would ever want to write such a procedure when it would be so much simpler to invoke the MessageBox API directly instead of calling another procedure to perform that only function. It reminds me of some dissassembled C code which I have seen in the past. :dazzled:

Raymond

[marco_xx]

i have some .c code dissasembled and i want to convert it to asm.

Sometimes you have todo some mixed code programming wich sucs becouse of the size overhead.
Everytime i see a .list orso i see push ebp+4 etc..... so i figured lets get what i need and create some smaller asm code.
Thats why i want to know the ebp+X values for arguments.

[evlncrn8]

think in 16 bit stack is word, so it'd be ebp+2 and ebp+4 maybe...
and you're using 32 bit registers, u sure the code is from 16 bit?

[PBrennick]

A 32 bit regist is always 4 bytes that is why it is written the way you posted it. Each one takes 4 bytes on the stack. So it is correct as written. But as Raymond said, you should simplify it. If you are unsure how to do it, then continue with the brute force type approach you are using and then we can always help you if you get into a bind.

You are converting a dissassembly and not a source so I wont be helping you with this project, but others might.

Good luck,
Paul

[hutch--]

marco,

The code you have posted is 32 bit code and what you need to know to answer your question is how the stack works when you call a procedure. The procedure you have put in your post would probably be STDCALL and the API it calls is STDCALL so I will post that type of example.

The stack is a "last on,first off" piece of memory which is accessed in various ways in ESP but for procedure calls it is almost exclusively the instructions PUSH and subsequently CALL. Take the MessageBox API call as its easy to show.

Code Select Expand


push wstyle
push OFFSET titletxt
push OFFSET msgtxt
push hParent
call MessageBoxA


You have 5 pieces of information on the stack pushed in reverse order with the last one being placed on the stack by the CALL mnemonic. For the procedure that is called it receives the stack in the order,

1. The return address
2,3,4,5 arguments for the function.

This tells you WHERE the information is on the stack.Return address is at ESP, 1st arg is at ESP+4, 2nd arg at ESP+8 etc ....

If the procedure has a stack frame the return address is EBP+4, 1st arg at EBP+8, 2nd arg at EBP+12 etc ....