I have 2 assembly methods:
DWToHex PROTO:DWORDmodifies binary integer number of typeDWORDpassed as in input parameter
insideEAXinto a hexadecimal representation, pointer to which is passed inside the single parameter. It is function used for debug purpose and it works fine.ProcA PROTO:DWORD– does nothing except for corrupting the content ofEAXbelow is the code:
(sorry for the formatting -c seems like the regular code formatting did not work here)
; #########################################################################
`.386 ; set processor type`
`.model flat, stdcall ; memory model & calling convention`
`option casemap :none ; case sensitive`
`.code`
; #########################################################################
procA public addrSTD:DWORD
ret
ProcA endp
; #########################################################################
end
Here is the debug trace:
.data
MsgBoxCaption4 db "before calling", 0
MsgBoxCaption5 db "after calling", 0
.data?
N DWORD ?
NTXT db 16 dup(?)
.code
mov eax, N
invoke cx_DWToHex, addr NTXT
invoke MessageBox, NULL, addr NTXT, addr MsgBoxCaption4, MB_OK ; show eax as hexadecimal
mov eax, N ; ***** point A ****
invoke ProcA, addr sdt ; ***** point B ****
; mov eax, N
invoke cx_DWToHex, addr NTXT
invoke MessageBox, NULL, addr NTXT, addr MsgBoxCaption5, MB_OK ; show eax as hexadecimal
……………………………………………………………………………….
Question:
Why the content of EAX in point A in point B is not the same?
The
invokedirective you use for callingProcAis supposed to get the address of ‘sdt’, and push it on the stack. More than likely, it generates code similar towhich destroys the contents of
eax. You can verify this by looking at the disassembly of the generated code.