Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to chose the right implement for calling a function foo than written in c. foo gets 1 arguments 0x100fa500.
the first answer is:
sub esp,2
mov word[esp],0xa500
sub esp,2
mov word[esp] , 0x100f
call foo
add esp 4
and the second:
sub esp,2
mov word[esp],0x100f
sub esp,2
mov word[esp] , 0xa500
call foo
why the second is true? I think the first implement the right push parameter and then call
Aside from the missing
add esp, 4at the end, the second version is correct, as the Intel architecture is little-endian. This means that a DWORD is stored in memory with its least significant BYTE or WORD occupying the lower memory address. In your case,0xA500is the least significant WORD of the DWORD, and the second version correctly places it in the lower 2-bytes of a 4-byte area of the stack.