Intel + assembly language programming (fifth edition)-Chapter 1 advanced process

Stdcall: If you see EBP + a few, you have to ret 4 * n unless the proc uses parameter defined by the pseudo command, the parameter

C add ESP, 8 after caller call addtewo

 

1. Why sometimes an error occurs when RET is returned: stdcall Convention subprogram addtwo needs to clear parameters

Description of RET 8 (mov ESP, add ESP after EBP ret, 8 clear parameters)

The C Convention is that the caller directly add ESP, 8 directly clears and finds the return address.

C. It is agreed to first (the call has been returned) clean up when other callers are returned
Stdcall first returns to the caller and then cleans up

-------------------------------------------------------------------------------

Shun-anti + Parameters

The key lies in parameter value assignment (push and mov before the process call) and parameter access.

When assigning values to push 5 and push 6, pay attention to ret 8.

The parameter accesses mov eax, [EBP + 12] mov eax, [EBP + 8]. At this time, the returned result can be normal without looking at ret.

Parameter order:

If there are four reverse parameters, 1 [EBP + 20] 2 [EBP + 16] 3 [EBP + 12] 4 [EBP + 8]

C ++ (4,3, 2,1)

-------------------

2. The call sub-process contains the local variables push EBP mov EBP, esp sub ESP, and 8. The two variables change ESP at this time.

The partial variable mov ESP should be destroyed before the end, And ebp ret can return correct results.

Sequential use of local variables 1st EBP-4 2nd EBP-8 3rd EBP-12 ESP at the last local variable position so mov ESP, EBP

Slave --------------------------------------------------------------------------------------------------------------------------------

3: process parameters ()

Stdcall: Ret 4 * n

C: Add ESP, 4 * n

The complete proc with parameters does not consider RET + count

 

 

 

4. Local variables:
(1) Use Lea to return the runtime variable address to facilitate double-Word Alignment

(2) enter and leave serve local variables

(3) Local declaration of multi-variables (automatically open up variable space, automatic leave)

 

 

I.Process Parameters: Register parameters of two basic types(Mov)And stack parameters(Push ).

The irvine32 and irine16 libraries use register parameters (MoVNoPush); Disadvantage: the code is messy, and the stack parametersRequiredThe stack is pressed by the call process.

(1) fast and messy register Parameters

 Pushad <br/> mov ESI, offset array; Start offset address <br/> mov ECx, lengthof array; number <br/> mov EBX, type array; double-Word Format <br/> call dumpmem; Display memory content <br/> popad </P> <p>

 

(2) Flexible stack parameters (Reverse Order of parameters)

Push type array <br/> push lengehof array <br/> push offset array <br/> call dumpmem

 

 

Two types of stack parameters: Value parameter (Change and constant value ),Reference parameter (variable address) # Passing an array is also an address ##

(1) Value Transfer (variables and constants)

Assembly: <br/>. data <br/> val1 DWORD 5 <br/> val2 DWORD 6 <br/>. code <br/> push val2 <br/> push val1 <br/> call addtwo </P> <p> C ++: <br/> int sum = addtwo (val1, val2) // Reverse Sequence </P> <p>

 

Call front Stack

 

 

 

 

(2) Transfer references

Assembly: <br/> push offset val2 <br/> push offset val1 <br/> call swap </P> <p> C ++: <br/> swap (& val1, & val2 );

Stack before swap call

 

 

 

Pass an array:

. Data <br/> array DWORD 50 DUP (?) ; Array not initialized <br/>. Code <br/> push offset array <br/> call arrayfill <br/>

 

Ii. Access to stack parameters (C ++)

1 preparation:

AccessSub-Process ParametersPrepare two steps:

Addtwo proc

Push EBP; save EBP

MoV EBP, esp; Use EBP to replace ESP access parameters; esp is good for other things

 

 

2: Access:

 Addtwo proc <br/> push EBP <br/> mov EBP, esp; base address of the stack framework </P> <p> mov eax, [EBP + 12]; 2nd parameters <br/> Add eax, [ebjp + 8]; 1st parameters <br/> pop EBP; esp points to the return address <br/> ret; pop EIP; normal Return of ESP + 4 <br/>; If ESP is not changed, <br/>; MoV ESP, EBP </P> <p> addtwo proc <br/>

3: Stack cleanup:

 

 

 

 

Three solutions:

(1) Add ESP, 8

RET

(2) If push EBP exists

MoV EBP, ESP

MoV ESP, EBP

RET

(3) stdcall call conventions:

Pop EBP

RET 8; 1 is RET 4, 2 is 8, 3 is 12 ,....

 

 

1) (push reason) movzx expands 8-bit and 16-bit parameters: If the parameter is 8-bit or 16-bit, it cannot push 'X' push word1 (word)

Use the movzx variable to indirectly expand one register.

. Data

Charval byte 'X'

. Code

Push charval; Error

Call uppercase

 

Change:

Movzx eax, charval

Push eax

Call uppercase

Uppercase proc <br/> push EBP <br/> mov EBP, esp </P> <p> mov Al, [esp + 8]; al = character <br/> CMP Al, 'a'; less than 'A' <br/> JB L1; yes: Jump out <br/> CMP Al, 'z '; greater than 'Z' <br/> ja L1; yes: quits <br/> sub Al, 32; NO: converts uppercase letters <br/> L1: Pop EBP; stack cleanup <br/> RET 4 <br/> uppercase endp

Bytes -----------------------------------------------------------------------------------------------------

2) 16 digits

. Data

Word1 word 1234 H

Word2 word 4111 H

. Code

Push word1

Push word2

Call addtwo; Error

Change:

Movzx eax, word1

Push eax

Movzx eax, word2

Push eax

Call addtwo

Bytes --------------------------------------------------------------------------------------------------

3) 64-bit long integer:

. Data

Logval DQ 1234567890 abcdefh

. Code

Push dword ptr logval + 4; double letter 12345678

Push dword ptr logval; low dual character 90 abcdef

Call writehex 64

 

 

 

 

-----------------------------------------------------------------------

 

------------------------------------------------------------------------

Iii. Local Variables

1. Local variables are created on the runtime stack, and are located under the base address pointer (EBP) in the memory. The default value is not given for assembly and is initialized at runtime.

 

 

C ++ local variables X and local variables Y:

Void mysub ()

{

Int x = 10;

Int y = 20;

 

}

Space of two variables in 8 bytes

Disassembly c Convention: Create, assign values, and remove variables from the stack

 

 Mysub proc <br/> push EBP <br/> mov EBP, esp <br/> sub ESP, 8; Create local variable <br/> mov dword ptr [ebp-4], 10; x <br/> mov dword ptr [ebp-8], 20; y <br/> mov ESP, EBP; delete a local variable on the stack <br/> pop EBP <br/> RET <br/> mysub endp <br/>

 

 

If there is no mov ESP, EBP

ESP has an error on the book at location 20 (it is a problem at location 10) and the graph has written ESP on the EBP-8 2nd variables.Upper

 

2 Lea command returns the offset address during dynamic running (ADDR and offset return the 32-bit offset value in protection mode), because the. Model directive in irvine32.inc specifies the flat memory mode.

(1) address for obtaining global variables: mov register, offset variable name (page 73 of Lao Luo's book)

(2) EBP 40100 h for local variable EBP operations

Variable 1 ebp-4 = 400fch

The EBP varies with the execution environment of the program and is not determined during compilation, so the offset cannot be obtained.

Get variable address: Lea, [ebp-4]

(3) Real parameter assignment: The invoke parameter uses a local variable address: (invoke uses ADDR together, but cannot be invoke test eax and ADDR szh together with eax). Lea and offset cannot be used.In addition, if an array points to 2nd elements, it requires + 4 invoke swap, ADDR [R + 1], ADDR [R + 4].Page 1

ADDR global variable name (in this case, use the offset method)

And the local variable name (the address is automatically assigned to eax using the lea command, and eax replaces the variable address)

But in ADDR, neither [EBP] nor mov can be used together.

 

 

Error:

 

Another use of Lea

 

(4) PTR: Access parameters of different types: (page 71)

12

1234 5678 H

Load memory 78 56 34 12

Fetch: 12 34 56 78

1: 12 h

2: 3412 H 34

3: 7812 3412 H

Opposite to memory

-----------------------------------------------------

 

(5) enter and leave command local variable usage

(6) Local declaration variables (the number of digits and [] Arrays can be expressed together with PTR)

Leava is automatically generated later to delete the local variable space.

Note that the BYTE Variable declaration will allocate extra space.

Note that the BYTE Variable declaration will allocate extra space.

(6). Stack 4096 reserves additional stack space

Summary

Invoke, ADDR, Proc, and proto commands

 

Proc

 

Parameter Name: The type can also be typedef and struct variables and the following pointer

 

If there is a reference parameter, the immediate number cannot be passed. sub proc da: PTR word mov ESI, da invoke sub, H a protection error occurs. The memory is H outside the data segment.

 

PROTO

Call order

(1) Change proc to proto

(2) Remove the uses register if there is a uses pseudocommand

(3) type and implementation must match

 

 

 

 

Create multiple modules OBJ in two ways:

(1) extern)

(2) invoke and proto

 

1. In a process, the variable name becomes private to avoid conflicts with other modules.

2 multi-process option proc: Private all processes become private

Publec export public sub1, sub2, sub3

The mian entry must be public. Otherwise, the entry cannot be found.

 

 

Call;

Extrn sub @ 0: Proc

 

Call sub @ 0 0 indicates the parameter. If the two parameters are 8

Cross-border use of variables and symbols

Variables and symbols are private by default. You must export them using public to specify the name.

Public count, sym1

Sym1 = 10; symbol

. Data

Count DWORD 0

External access: extern name: Type

Symbol: the type defined by EQU and = is abs.

Variable: type is byte, dowrd PTR byte

Entern: One: Word, two: sdword, three: PTR byte, four: ABS

Externdef replaces public and extern

 

A module of vars. Inc.

Externdef count: DWORD, sym: ABS

 

1 call: Include vars. Inc is used in sub. ASM call.

 

 

Titile sub1.asm

. 386

. Model flat, stdcall

Include vars. inc

Sym1 = 10

. Data

Count DWORD 0

End

The program entry label is omitted after end, And the runtime stack does not need to be declared.

 

 

The mian must end main

2

Daily