Here is the dasm result of a simple Win32app near calling the custom entry of program:

:0040123C 50 push eax
:0040123D FF759C push
:00401240 56 push esi
:00401241 56 push esi

* Reference To: KERNEL32.GetModuleHandleA, Ord:0126h
|
:00401242 FF1534404000 Call dword ptr [00404034]
:00401248 50 push eax
:00401249 E8B2FDFFFF call 00401000 ;custom entry
:0040124E 8945A0 mov dword ptr , eax
:00401251 50 push eax
:00401252 E895000000 call 004012EC


So far as I know, the custom entry a Win32app is the WinMain function. And it has four parameters. Why only push eax(the hInstance) before calling 00401000? Where are the other three parameters?
Posted on 2004-10-04 08:24:57 by dislimit
The exploring of the following code reflects that Windows set special registers for the other three parameters and manipulate them internally. For instance, ECX is used to store the value of iCmdShow. ESI is used to store the value of hInstance or hWnd.
Posted on 2004-10-04 08:54:20 by dislimit
In an assembler like MASM, all you need is the starting label, usually but not necessarily "start:", code next and the terminating "End Start" You get a clean exit by using ExitProcess but you do not need a WinMain() in a win32 program.Some compilers may provide a WinMain but you can easily code console and gui code without one.
Posted on 2004-10-04 11:18:53 by hutch--
:? What does that have to do with anything?

Anyway, if you look a bit further up, you'll see where the other parameters are passed.

:0040123C 50 push eax ; Display flags
:0040123D FF759C push ; Command line
:00401240 56 push esi ; 0 for hPrevInstance
Posted on 2004-10-04 15:08:52 by Sephiroth3
To Hutch:
I just compiled a simple Win32app with VC6.0 and am exploring the disassembly result to find something internal. ^_^

To Sephiroth3:
Thanks for your reminding. It seems that VC tries to move three instructions ahead to do some optimization with alignment.
Posted on 2004-10-04 22:51:46 by dislimit
Assuming that this call is to "Main" procedure...

The #params for this procedure depends on who wrote it - it may have none, one, or commonly 4 params - but there is no standard here.
There's no need to have a Main proc at all !!!
Also, you can't assume that params will always be kept on the "ebp+" side of the procedural stackframe... which means that you can't use the "ebp+" values as a guide to input params every time.
Posted on 2004-10-05 00:38:31 by Homer
Well, the prototype of my WinMain() is following:

int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
Posted on 2004-10-05 06:59:45 by dislimit
No one said WinMain must exist. It does not exist in my exe.
Posted on 2004-10-05 09:23:06 by roticv
Well, but he is talking about *his* exe. He wrote it, in C, presumably using the C run-time library. I think that qualifies him to know that his WinMain exists, that it uses the __stdcall calling convention and that it has exactly 4 parameters, just like it is with everyone else's copy of VC6.0's run-time library.
Posted on 2004-10-05 12:54:15 by Sephiroth3
Yes you are correct I guess. hmm.
Posted on 2004-10-05 18:42:37 by roticv