Sup folks,

i want to get the offset of the caller.

I do this:



mov eax,
cmp dword ptr , 123456h
jne @@blah




but it does not work :confused:

I use MASM 8.2
Posted on 2004-06-14 10:01:56 by flapper
What do you mean by does not work? What do you seek to achieve by the above code? eax contains the return address if and only if there is no stack frame if I am not wrong.
Posted on 2004-06-14 10:17:51 by roticv
What are you trying to do?

Your current code is checking the opcode right after the call... if you want to check the address you were called from, compare "eax" and not "dword ptr " - and remember that the return-address if (of course) the instruction _after_ the call.

Also, the "mov eax, " will only work if you're not using a stack frame, and haven't pushed anything on the stack. If you're using a stack frame (ie, regular masm proc), you should load instead.
Posted on 2004-06-14 10:20:41 by f0dder
It still doesn't work :confused:
Thats the code Im using:




MyFunc PROC var1:DWORD

mov eax,
cmp eax, 123456h
jne @RET

invoke MessageBox, 0, ADDR text, ADDR text, MB_OK
ret TRUE

@RET:
ret FALSE


MyFunc ENDP

Posted on 2004-06-14 11:53:34 by flapper
123456h is definitely not your return address and of course your messagebox will be not displayed.
Posted on 2004-06-14 12:38:23 by roticv
lol i just altered the offsetl. I'm not THAT dumb :)
Posted on 2004-06-14 12:48:53 by flapper
Erm... ret TRUE won't do you much good :P It will increment ESP by 5.
Posted on 2004-06-14 13:24:08 by Sephiroth3
But I'm checking BEFORE i ret true.... can someone tell me why the code wont work?
Posted on 2004-06-14 13:25:21 by flapper
you shouldn't "ret true" or "ret false" - place the return-value in EAX before the ret. The argument to ret means how many bytes to adjust the stack by...
Posted on 2004-06-14 13:31:36 by f0dder
Did it.... doesn't work
Posted on 2004-06-14 13:32:34 by flapper
Most likely you're using a wrong value for the offset, or the prologue macro didn't set up a EBP-based frame. If you stop using PROC, everything will be much clearer :P
Posted on 2004-06-14 13:34:02 by Sephiroth3
I assume he meant to use the return macro.

return TRUE

is the same as

mov eax, TRUE
ret

but it should really be

xor eax,eax
dec eax ; or inc eax dpending on your preference for TRUE
ret
Posted on 2004-06-14 13:34:06 by donkey
First of all thanks to all those fast replies :)

Even when I use this code it doesnt work, and yes the offset is the one I need, im 100% sure:


MyFunc PROC

mov eax,
cmp eax, 123456h
jne @RET

invoke MessageBox, 0, ADDR text, ADDR text, MB_OK

@RET:

MyFunc ENDP
Posted on 2004-06-14 13:37:35 by flapper
Hmm... the MessageBox is going to return 1 to indicate that the OK button was pressed anyway, so this would be the best:

MyFunc:
xor eax,eax
cmp dword ptr ,TheReturnAddress
jnz wrongaddress
mov edx,offset text
invoke MessageBox,eax,edx,edx,eax
wrongaddress:
ret
Posted on 2004-06-14 13:43:28 by Sephiroth3

but it should really be

xor eax,eax
dec eax ; or inc eax dpending on your preference for TRUE
ret

Depends on which CPU you're optimizing for ;) - and in this case, it's a more or less meaningless micro-optimization anyway.
Posted on 2004-06-14 13:53:12 by f0dder
doesnt do the job for me :S
Posted on 2004-06-14 13:53:53 by flapper
Then the address you're comparing with is wrong.

f0dder: I didn't know there was a difference in timing between INC and DEC! :eek: But you'll usually have the other instruction right after the call anyway, so the sum should be the same, shouldn't it? I usually use CF to return a boolean result though (and sometimes ZF for a second boolean result) and my programs still complete fairly quickly :P
Posted on 2004-06-14 13:57:31 by Sephiroth3
Nah man this HAS to be the address, I tested it in C++ and the address worked there!
Posted on 2004-06-14 14:07:06 by flapper

f0dder: I didn't know there was a difference in timing between INC and DEC!

:) - what I meant was something different, namely that the P4 will prefer "mov eax, 1" rathern than the old (smaller) xor-and-inc. And there's still the argument that for function return value, who cares? You shouldn't be splitting out really small stuff in functions anyway.

I used to use the carry-flag for return values back in DOS. I don't see much point in doing it anymore, if I split something off to a function it's because it requires some processing time, and the whole return-value checking drowns completely in that processing time. Besides, exceptions can be smarter than return-value checking, and I usually write or interface with highlevel code, so CF isn't an option anymore.
Posted on 2004-06-14 14:08:41 by f0dder
flapper, 123456h is the address? O_o
Posted on 2004-06-14 14:09:54 by f0dder