Problems with stack

[guga]

Hi guys, i´m having some problems with the stack pointer of a function.

I translated the benchmark app from Steve http://masm32.com/board/index.php?topic=208.0 and built a new function like this:

Code: [Select]

call BenchMarkAlgo D$nam1, 1, av1, Algoritm1

Code: [Select]

Proc BenchMarkAlgo:
    Arguments @Name, @Indicator, @pav, @AlgoOffset

    call SzCmp D@Name, {B$ "Unused ", 0}
    If eax = 0
        call Indicator D@Indicator
        call 'kernel32.GetTickCount'
        push eax
            mov esi iterate

        B1:
            call D@AlgoOffset
            sub esi 1 | jne B1<
            call 'kernel32.GetTickCount'
        pop ecx
        sub eax ecx
        mov edi D@pav
        add D$edi eax
        call 'kernel32.SleepEx' algo_delay, 0
    End_If

EndP

Code: [Select]

Proc Algoritm1:
    Uses esi, edi

    call utoa esi, D$pbuf

EndP

The problem is that the app is crashing due to bad parameters when using the pointer to Algoritm1 as a member of a function

I´m quite sure that call D@AlgoOffset must be something like

call D@AlgoOffset D@ARg1, D@ARg2 ....(with the proper members names, i mean @Name, @Indicator, @pav, @AlgoOffset)

And Algoritm1 must also have parameters such as:

Code: [Select]

Proc Algoritm1:
    Arguments @Arg01, @Arg02.....(With proper names ?)
    Uses esi, edi

    call utoa esi, D$pbuf

EndP

The question is how many ???? How to count them is i pushed onto the stack the Algoritm1 function ???

[guga]

That´s weird. Even on Steve´s app when i pass it through Ida or Olly it crashes
Does it supposed to run on WinXp ?

The error msg seems to be a problem with rpcrt4.dll ????

[guga]

That´s weird on anther file the problems shows up.

[dedndave]

i can't see how the functions you are using might be related to ole32.dll   :redface:

but - the problem might be related to the lack of preservation of EBX ESI EDI in your routine

i am not familiar with RosAsm syntax - i was hoping someone else would look at this one - lol

[guga]

Dave, can u test Steve´s app on Olly to see if it crashes too ?

[dedndave]

well - the app did not crash for me - you can see my post in the linked thread   :P

let me play with it under olly and get back to you.....

[dedndave]

i guess i don't understand the problem
probably because i don't understand RosAsm syntax
doesn't this require a RET instruction ????

Code: [Select]

Proc Algoritm1:
    Uses esi, edi

    call utoa esi, D$pbuf

EndP

[guga]

The Proc and EndP macros are the regular stdcall calling convention.
Macro "uses" are the register preservation (push/pop)

Unrolling the macro they are simply this:

Code: [Select]

Algoritm1:
   
    push ebp
    mov ebp esp

    push esi
    push edi
    push ebx

    call utoa esi, D$pbuf ; <---- "D$" token is the same as in dword ptr:[pBuf] in masm

    pop ebx
    pop edi
    pop esi

    mov esp ebp
    pop ebp
    ret
Since the function have no arguments...ret xx = ret 0. So, simply used as ret in RosAsm

[guga]

Ok....i found why it was crashing in other files. It was due to a F. troyan called jaksta on my system:

C:\Windows\Jaksta\AC\x64\jaudcap.dll

I suceeded to delete this crap and cleaned the registry windows. Now Ida, olly can debug properly others apps. I´ll reboot and give a try on my translation before test to see if it still crashes. (Well...if it do crash i´ll be sure it was something i made wrong and not due to a F. troyan  :icon_mrgreen:)

[guga]

OK, finally suceed to make it work :)

It was, in fact a damn troyan (now completelly removed from my system  )

Here is the final app translated.I built the masm macros as functions, to make easier to maintain.

Many thanks to Steve for this great benchmark app.

[dedndave]

glad i could help   :lol:

[guga]

 :t :P