Hello,

I get a very strange result after compilation...

In fact, a function called with 'invoke' and 4 parameters is compiled with 5 parameters. The compiator is adding a mysterious 'push 0' comming from nowhere...



.data

szMachine db "%04lX Machine",0
szNumberOfSections db "%04lX NumberOfSections",0
szTimeDateStamp db "%08lX TimeDateStamp",0
szPointerToSymbolTable db "%08lX PointerToSymbolTable",0
szNumberOfSymbols db "%08lX NumberOfSymbols",0
szSizeOfOptionalHeader db "%04lX SizeOfOptionalHeader",0
szCharacteristics db "%04lX Characteristics",0

.code

;[CUT]
assume edi: PTR IMAGE_FILE_HEADER


invoke INFO_SHOW,hWin,TreeID,addr szMachine,[edi].Machine
invoke INFO_SHOW,hWin,TreeID,addr szNumberOfSections,[edi].NumberOfSections
invoke INFO_SHOW,hWin,TreeID,addr szTimeDateStamp,[edi].TimeDateStamp
invoke INFO_SHOW,hWin,TreeID,addr szPointerToSymbolTable,[edi].PointerToSymbolTable
invoke INFO_SHOW,hWin,TreeID,addr szNumberOfSymbols,[edi].NumberOfSymbols
invoke INFO_SHOW,hWin,TreeID,addr szSizeOfOptionalHeader,[edi].SizeOfOptionalHeader
invoke INFO_SHOW,hWin,TreeID,addr szCharacteristics,[edi].Characteristics

;[cut]

INFO_SHOW proc hWin:DWORD, TreeID:DWORD, FormatString:DWORD, Value2Convert:DWORD
pushad
invoke wsprintf,addr myBuffer,FormatString,Value2Convert ;convert
lea eax,myBuffer
mov tvi.item.pszText, eax
invoke SendDlgItemMessage,hWin,TreeID,TVM_INSERTITEM,0,addr tvi
popad
ret
INFO_SHOW endp



The above code read data from a PE file a store information in a treeview. As you can see INFO_SHOW proc has only 4 parameters (even in the PROTO).

After compil :




PUSH 0 ; ???????
PUSH WORD PTR DS:[EDI]
PUSH Table-du.00406C23 ; ASCII "%04X Machine"
PUSH DWORD PTR SS:[EBP+C]
PUSH DWORD PTR SS:[EBP+8]
CALL Table-du.0040311A
PUSH 0 ; ??????
PUSH WORD PTR DS:[EDI+2]
PUSH Table-du.00406C31 ; ASCII "%04lX NumberOfSections"
PUSH DWORD PTR SS:[EBP+C]
PUSH DWORD PTR SS:[EBP+8]
CALL Table-du.0040311A
PUSH DWORD PTR DS:[EDI+4]
PUSH Table-du.00406C48 ; ASCII "%08lX TimeDateStamp"
PUSH DWORD PTR SS:[EBP+C]
PUSH DWORD PTR SS:[EBP+8]
CALL Table-du.0040311A



As you can see there's those 'PUSH 0' comming from nowhere

IN fact the problem disappear while using 'PUSH/CALL' instead of 'INVOKE'.... (problem: Making the code hardly readable and bigger)....

Any Idea ?

Thank you very much, sorry for length of post...

Neitsa
Posted on 2004-06-29 07:48:38 by Neitsa
That is because you are pushing words and not dword. I think masm is pushing words to align the stack or something. But I do not think you should push words onto the stack. Stick with dword. Weird things happen when your stack is not aligned to dword.
Posted on 2004-06-29 08:47:04 by roticv
:stupid: :sweat:

Damn.... I haven't seen it !


You're right Roticv, some members of IMAGE_FILE_HEADER are WORD and not DWORD. While doing this, the stack is misaligned...

:alright:

Problem solved, I'm just correcting ESP at the end of the PROC and all things works correctly.

I must be blind to haven't seen such a thing.

Thanks a lot !

Regards, Neitsa.
Posted on 2004-06-29 08:54:22 by Neitsa