Hi,
Look in the disassembly at mov edx,dword ptr [rsp+48h]. var11 (which seats at [rsp+48h]) has not been zeroed and may contain garbage.
OPTION FRAME:AUTO
OPTION WIN64:11
OPTION ZEROLOCALS:1
OPTION LITERALS:ON
includelib \masm32\lib64\msvcrt.lib
printf proto :ptr, :vararg
.data
.code
proc1 proc
LOCAL var1 : dword
LOCAL var2 : dword
LOCAL var3 : dword
LOCAL var4 : dword
LOCAL var5 : dword
LOCAL var6 : dword
LOCAL var7 : dword
LOCAL var8 : dword
LOCAL var9 : dword
LOCAL var10 : dword
LOCAL var11 : dword
int 3
invoke printf, CSTR("Value of var11 is %d\n"), var11
ret
proc1 endp
main proc
invoke proc1
ret
main endp
end
COMMENT %
00007ff7`2b0a1000 4883ec58 sub rsp,58h
00007ff7`2b0a1004 b838000000 mov eax,38h
00007ff7`2b0a1009 ffc8 dec eax
00007ff7`2b0a100b c6040400 mov byte ptr [rsp+rax],0
00007ff7`2b0a100f 75f8 jne utest+0x1009 (00007ff7`2b0a1009)
00007ff7`2b0a1011 cc int 3
00007ff7`2b0a1012 8b542448 mov edx,dword ptr [rsp+48h]
00007ff7`2b0a1016 48b900300a2bf77f0000 mov rcx,offset utest+0x3000 (00007ff7`2b0a3000)
00007ff7`2b0a1020 e820000000 call utest+0x1045 (00007ff7`2b0a1045)
00007ff7`2b0a1025 4883c458 add rsp,58h
00007ff7`2b0a1029 c3 ret
%
Thanks AW,
Will look at that
That was 1 byte short, fix is in proc.c line 3336:
if (info->localsize <= 128)
{
AddLineQueueX("mov %r, %u", T_EAX, info->localsize);
AddLineQueueX("dw 02ebh"); /* jmp L2 */
AddLineQueueX("dec %r", T_EAX); /* L1: */
AddLineQueueX("mov byte ptr [%r + %r], 0", T_RSP, T_RAX); /* L2: */
AddLineQueueX("dw 0F875h");/* jne L1: */
}
will be fixed in next release
Quote from: habran on May 23, 2019, 12:10:13 AM
will be fixed in next release
Thank you! :Thmbsup: