Text only | Text with Images

The MASM Forum

Miscellaneous => Irvine Book Questions. => Topic started by: journeyman on June 28, 2019, 11:57:34 PM

Title: tracing back parameter address
Post by: journeyman on June 28, 2019, 11:57:34 PM
hey guys,

im going through kip's book chap8ex10 where its asking me to print out the parameter addresses like so:

Code Select

main proc
INVOKE mySample, 11111111h, 22222222h, 33333333h
call WaitMsg
INVOKE ExitProcess, 0
main endp

mySample proc, first:DWORD, second:DWORD, third:DWORD
paramCount = 3
invoke showParams, paramCount
ret
mySample endp

showParams proc, pCount:DWORD
nop ; my code here
ret
showParams endp


results should look like below
Stack parameters :
---------------------------
Address 0012FF80 = 00001234
Address 0012FF84 = 00005000
Address 0012FF88 = 00006543

now in this exercise, i understand that everytime a procedure is called, it will push parameter values to stack if there is any, push return address and push ebp to create stack frame for that proc.

my plan is to just count backwards based on the number of parameters, ret & ebp for every procedure called but im not sure if this is what im supposed to do. seems really 'crude'.

just wondering if you could please give some suggestion if im on the right path?

thanks alot!
Title: Re: tracing back parameter address
Post by: Biterider on June 29, 2019, 12:43:15 AM
Hi journeyman
Short answer: it depends on the calling convention.
Check this link: https://en.wikipedia.org/wiki/X86_calling_conventions (https://en.wikipedia.org/wiki/X86_calling_conventions)

A good reading for a better understanding is the MASM Programmer's Guide. Page 152 describes in detail what happens with the local variables, paramters, return address etc. for an x86 system.

Biterider
Title: Re: tracing back parameter address
Post by: aw27 on June 29, 2019, 03:42:14 AM
Something like this works (use Irvine functions in place of printf, if you want).

Code Select

include <path to Irvine32.inc>

mySample proto first:DWORD, second:DWORD, third:DWORD
showParams proto pCount:DWORD
includelib kernel32.lib
includelib user32.lib
includelib msvcrt.lib ; Use Irvine library function (WriteString?) in place of printf
includelib irvine32.lib

.data
Msg db 'Address %08X = %08X',10,0

.code

main proc
INVOKE mySample, 11111111h, 22222222h, 33333333h
call WaitMsg
INVOKE ExitProcess, 0
main endp

mySample proc first:DWORD, second:DWORD, third:DWORD
paramCount = 3
invoke showParams, paramCount
ret
mySample endp

showParams proc uses ebx pCount:DWORD
mov ebx, 0
@@:
cmp ebx, pCount
jae @F
lea ecx, [ebp+20+4*ebx]
mov edx, [ecx]
invoke printf, addr Msg, ecx, edx
inc ebx
jmp short @B
@@:
ret
showParams endp

end



Output:
Address 0093F7B8 = 11111111
Address 0093F7BC = 22222222
Address 0093F7C0 = 33333333
Press any key to continue...
Title: Re: tracing back parameter address
Post by: journeyman on June 29, 2019, 09:12:07 AM
thanks for the suggestion biterider & AW!  :eusa_pray:
Text only | Text with Images