Home/ Questions/Q 7801347
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T00:55:11+00:00

This is C++ using x86 inline assembly [Intel syntax] Function: DWORD *Call ( size_t

  • 0

This is C++ using x86 inline assembly [Intel syntax]

Function:

     DWORD *Call ( size_t lArgs, ... ){

    DWORD *_ret = new DWORD[lArgs];

    __asm {
        xor edx, edx
        xor esi, esi
        xor edi, edi
        inc edx
start:
        cmp edx, lArgs
        je end
        push eax
        push edx
        push esi
        mov esi, 0x04
        imul esi, edx
        mov ecx, esi
        add ecx, _ret
        push ecx
        call dword ptr[ebp+esi] //Doesn't return to the next instruction, returns to the caller of the parent function.
        pop ecx
        mov [ecx], eax
        pop eax
        pop edx
        pop esi
        inc edx
        jmp start
end:
        mov eax, _ret
        ret
    }
}

The purpose of this function is to call multiple functions/addresses without calling them individually.

Why I’m having you debug it?
I have to start school for the day, and I need to have it done by evening.

Thanks alot, iDomo

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thank you for a complete compile-able example, it makes solving problems much easier.

    According to your Call function signature, when the stack frame is set up, the lArgs is at ebp+8 , and the pointers start at ebp+C. And you have a few other issues. Here’s a corrected version with some push/pop optimizations and cleanup, tested on MSVC 2010 (16.00.40219.01) :

    DWORD *Call ( size_t lArgs, ... ) {

    DWORD *_ret = new DWORD[lArgs];

    __asm {
        xor edx, edx
        xor esi, esi
        xor edi, edi
        inc edx
        push esi
start:
        cmp edx, lArgs
        ; since you started counting at 1 instead of 0
        ; you need to stop *after* reaching lArgs
        ja end
        push edx
        ; you're trying to call [ebp+0xC+edx*4-4]
        ; a simpler way of expressing that - 4*edx + 8
        ; (4*edx is the same as edx << 2)
        mov esi, edx
        shl esi, 2
        add esi, 0x8
        call dword ptr[ebp+esi]
        ; and here you want to write the return value
        ; (which, btw, your printfs don't produce, so you'll get garbage)
        ; into _ret[edx*4-4] , which equals ret[esi - 0xC]
        add esi, _ret
        sub esi, 0xC
        mov [esi], eax
        pop edx
        inc edx
        jmp start
end:
        pop esi
        mov eax, _ret
        ; ret ; let the compiler clean up, because it created a stack frame and allocated space for the _ret pointer
    }
}

    And don’t forget to delete[] the memory returned from this function after you’re done.

    • 0