News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

tracing back parameter address

Started by journeyman, June 28, 2019, 11:57:34 PM

Previous topic - Next topic

journeyman

hey guys,

im going through kip's book chap8ex10 where its asking me to print out the parameter addresses like so:


main proc
INVOKE mySample, 11111111h, 22222222h, 33333333h
call WaitMsg
INVOKE ExitProcess, 0
main endp

mySample proc, first:DWORD, second:DWORD, third:DWORD
paramCount = 3
invoke showParams, paramCount
ret
mySample endp

showParams proc, pCount:DWORD
nop ; my code here
ret
showParams endp


results should look like below
Stack parameters :
---------------------------
Address 0012FF80 = 00001234
Address 0012FF84 = 00005000
Address 0012FF88 = 00006543

now in this exercise, i understand that everytime a procedure is called, it will push parameter values to stack if there is any, push return address and push ebp to create stack frame for that proc.

my plan is to just count backwards based on the number of parameters, ret & ebp for every procedure called but im not sure if this is what im supposed to do. seems really 'crude'.

just wondering if you could please give some suggestion if im on the right path?

thanks alot!

Biterider

Hi journeyman
Short answer: it depends on the calling convention.
Check this link: https://en.wikipedia.org/wiki/X86_calling_conventions

A good reading for a better understanding is the MASM Programmer's Guide. Page 152 describes in detail what happens with the local variables, paramters, return address etc. for an x86 system.

Biterider

aw27

Something like this works (use Irvine functions in place of printf, if you want).


include <path to Irvine32.inc>

mySample proto first:DWORD, second:DWORD, third:DWORD
showParams proto pCount:DWORD
includelib kernel32.lib
includelib user32.lib
includelib msvcrt.lib ; Use Irvine library function (WriteString?) in place of printf
includelib irvine32.lib

.data
Msg db 'Address %08X = %08X',10,0

.code

main proc
INVOKE mySample, 11111111h, 22222222h, 33333333h
call WaitMsg
INVOKE ExitProcess, 0
main endp

mySample proc first:DWORD, second:DWORD, third:DWORD
paramCount = 3
invoke showParams, paramCount
ret
mySample endp

showParams proc uses ebx pCount:DWORD
mov ebx, 0
@@:
cmp ebx, pCount
jae @F
lea ecx, [ebp+20+4*ebx]
mov edx, [ecx]
invoke printf, addr Msg, ecx, edx
inc ebx
jmp short @B
@@:
ret
showParams endp

end



Output:
Address 0093F7B8 = 11111111
Address 0093F7BC = 22222222
Address 0093F7C0 = 33333333
Press any key to continue...

journeyman

thanks for the suggestion biterider & AW!  :eusa_pray: