After the procedure RET is returning pointer to my code but what heappened with stack filled with our variable befor call-ing ?? Are they poped out form the stack ??
Posted on 2003-06-24 08:32:02 by AceEmbler
RET/RETF - Return From Procedure
Usage: RET nBytes
RETF nBytes
RETN nBytes
Modifies flags: None

Transfers control from a procedure back to the instruction address
saved on the stack. "n bytes" is an optional number of bytes to
release. Far returns pop the IP followed by the CS, while near
returns pop only the IP register.

Note: try checking a file called opcodes.hlp in masm32\help, if you're using the masm package that is. Would save you and the board from questions like these.

Fake
Posted on 2003-06-24 08:40:40 by Fake51
So RET leaves stuff on the stuck ???
Posted on 2003-06-24 09:03:05 by AceEmbler
no, it remove stuffs from the stack.

retn 8 =
pop eip ;if there is such a command :)
add esp, 8
Posted on 2003-06-24 09:52:52 by roticv
Yeah, RET - by itself - removes only the return address from the stack - parameters passed on the stack remain (ex. C calling convention wsprintf).
Posted on 2003-06-24 10:27:23 by bitRAKE
So when i call proc with variables (using pure RET) in loop the stuck will be overload ???
Posted on 2003-06-24 12:43:58 by AceEmbler
ret is a marco I think. When assembled and looking at the disassembled code, it would be something like retn xx with xx being the numberofparameters*sizeofparameters.
Posted on 2003-06-24 13:02:00 by roticv

ret is a marco I think. When assembled and looking at the disassembled code, it would be something like retn xx with xx being the numberofparameters*sizeofparameters.
True! Within an MASM PROC the programmer doesn't need to do anthing but RET - by itself.
Posted on 2003-06-24 13:06:39 by bitRAKE
so when i use "RET 0" in MASM then no data will be removed from my stuck ???
Posted on 2003-06-24 14:58:15 by AceEmbler
Well yeah, but "ret 0" would be a stupid thing to write, since just "ret" does the same and is 1 byte long as opposed to 3.
Posted on 2003-06-24 15:18:56 by Sephiroth3
0 means 0 bytes to release so im leaving all the numbers on the stuck.
Posted on 2003-06-24 16:33:21 by AceEmbler
AceEmbler, use OlyDbg and take a look - you can watch it happen!
(Single Step on my box)
Posted on 2003-06-24 16:42:48 by bitRAKE
Can you just tell me. Im not used to Olly. Simply i dont know how to use it :tongue:.
I'm using radbg and vkdebug.
Posted on 2003-06-25 06:44:41 by AceEmbler
for example


test proc var1:DWORD,var2:DWORD
ret
endp

Would look like the following in a disassembler


push ebp
mov ebp, esp
leave
retn 8

the leave opcode remove the stack frame set up by the masm assembler. It works like


mov esp, ebp
pop ebp

Let me touch on the retn 8. retn on itself it pop return address of the stack into eip. When the retn opode has an immediate (let the immediate be w since the maximum size of the immediate is 1 word), then the retn opcode would do add esp, w. Thus doing retn 0 is stupid since it takes up 3 bytes when you could just use retn (C3h).
Posted on 2003-06-25 07:35:46 by roticv

Can you just tell me. Im not used to Olly. Simply i dont know how to use it :tongue:.
I'm using radbg and vkdebug.
This is a simple task to get you started - no time like the present. Open your EXE and start pushing F7/F8. The stack window is in the lower right, registers upper right.
Posted on 2003-06-25 08:34:07 by bitRAKE