pushad
...
mov dword ptr ,eax

What's means about "cPushad"?

sorry,my english is poor...

thanks!
Posted on 2004-07-11 22:39:59 by chez
Hi North,




pushad
...
mov dword ptr [esp+cPushad],eax


'cPushad' couldn't be an instruction, and therefore is a variable.

Try to locate it in the '.data' or '.data?' section. If it's not here it could be a local variable (declared with the LOCAL statement under the PROC). Look also if it's not a parameter of the proc:

MyProc PROC cPushad:DWORD ;something like that

Data could also be inserted in code:


.code
jmp @@Continue
.data
cPushad DWORD 0
.code
@@Continue:


Dunno exactly if it could be an equate (in .const). I can't remeber if a const can be added directly to a register...

Don't forget to do a CTRL+F (or search function) in your source code, even if it has many file. I'm sure this variable is somewhere ;)

Neitsa.
Posted on 2004-07-12 08:12:45 by Neitsa
In my code I use the following structure:
_PUSHAD STRUCT

_EDI DWORD ?
_ESI DWORD ?
_EBP DWORD ?
_ESP DWORD ? ; not used when POPAD
_EBX DWORD ?
_EDX DWORD ?
_ECX DWORD ?
_EAX DWORD ?
_PUSHAD ENDS


pushad

...

; access passed parameter
mov eax, [esp][SIZEOF _PUSHAD][4]

....

; setup return value
mov [esp]._PUSHAD._EAX, edi

...

popad
retn 4
cPushad appears to be an index to data on the stack prior to PUSHAD?
cPushad EQU 4*8
Posted on 2004-07-12 08:49:05 by bitRAKE
hi,

cPushad equ 8*4

is the size of a pushad instruction in the stack.

it is definited in jacky qwerty?s win32 includes

ancev
Posted on 2004-07-13 14:24:14 by ancev