After the procedure RET is returning pointer to my code but what heappened with stack filled with our variable befor call-ing ?? Are they poped out form the stack ??
RET/RETF - Return From Procedure
Usage: RET nBytes
RETF nBytes
RETN nBytes
Modifies flags: None
Transfers control from a procedure back to the instruction address
saved on the stack. "n bytes" is an optional number of bytes to
release. Far returns pop the IP followed by the CS, while near
returns pop only the IP register.
Note: try checking a file called opcodes.hlp in masm32\help, if you're using the masm package that is. Would save you and the board from questions like these.
Fake
Usage: RET nBytes
RETF nBytes
RETN nBytes
Modifies flags: None
Transfers control from a procedure back to the instruction address
saved on the stack. "n bytes" is an optional number of bytes to
release. Far returns pop the IP followed by the CS, while near
returns pop only the IP register.
Note: try checking a file called opcodes.hlp in masm32\help, if you're using the masm package that is. Would save you and the board from questions like these.
Fake
So RET leaves stuff on the stuck ???
no, it remove stuffs from the stack.
retn 8 =
pop eip ;if there is such a command :)
add esp, 8
retn 8 =
pop eip ;if there is such a command :)
add esp, 8
Yeah, RET - by itself - removes only the return address from the stack - parameters passed on the stack remain (ex. C calling convention wsprintf).
So when i call proc with variables (using pure RET) in loop the stuck will be overload ???
ret is a marco I think. When assembled and looking at the disassembled code, it would be something like retn xx with xx being the numberofparameters*sizeofparameters.
ret is a marco I think. When assembled and looking at the disassembled code, it would be something like retn xx with xx being the numberofparameters*sizeofparameters.
so when i use "RET 0" in MASM then no data will be removed from my stuck ???
Well yeah, but "ret 0" would be a stupid thing to write, since just "ret" does the same and is 1 byte long as opposed to 3.
0 means 0 bytes to release so im leaving all the numbers on the stuck.
AceEmbler, use OlyDbg and take a look - you can watch it happen!
(Single Step on my box)
(Single Step on my box)
Can you just tell me. Im not used to Olly. Simply i dont know how to use it :tongue:.
I'm using radbg and vkdebug.
I'm using radbg and vkdebug.
for example
Would look like the following in a disassembler
the leave opcode remove the stack frame set up by the masm assembler. It works like
Let me touch on the retn 8. retn on itself it pop return address of the stack into eip. When the retn opode has an immediate (let the immediate be w since the maximum size of the immediate is 1 word), then the retn opcode would do add esp, w. Thus doing retn 0 is stupid since it takes up 3 bytes when you could just use retn (C3h).
test proc var1:DWORD,var2:DWORD
ret
endp
Would look like the following in a disassembler
push ebp
mov ebp, esp
leave
retn 8
the leave opcode remove the stack frame set up by the masm assembler. It works like
mov esp, ebp
pop ebp
Let me touch on the retn 8. retn on itself it pop return address of the stack into eip. When the retn opode has an immediate (let the immediate be w since the maximum size of the immediate is 1 word), then the retn opcode would do add esp, w. Thus doing retn 0 is stupid since it takes up 3 bytes when you could just use retn (C3h).
Can you just tell me. Im not used to Olly. Simply i dont know how to use it :tongue:.
I'm using radbg and vkdebug.