I've notice that when a program starts, esp always seems to be pointing to the same address. At the addess of esp is a value that eventually points to ExitThread.

What if I wanted to use my own stack space? I've tried making stack segments, but that does not change esp.
So lets just say I change esp to my own space declared in, lets say, a data segment. Shoulod I restore the original stack before program exit?

Not sure yet what I'd do with this. Make a preset stack frame on prgram entry? Or populate a stack with calls to various functions, like some tight inner loop thing? Assign an actual name to a stack location because it is a data segment?

Why wouldn't this work? What could I do with my own stack?

Thanks.
Posted on 2002-10-19 08:40:22 by ThoughtCriminal
Altho I'm no win32 innards guru let me give this a whack anyway. Oh, yea I'll try not to get too bookish seeing as I got heckled off of another board for that offense.

A process's control is usually tightly coupled tightly with the OS and the stack space is an important part of a process. What you are taking about doing, creating your own stack space, is possible but only rarely worth the effort. If you wanted to you could valloc() some pages & muck around for learning but for the most part why bother.

To be specific.

>I've notice that when a program starts, esp always seems to be pointing to the same address.
> At the addess of esp is a value that eventually points to ExitThread.

seem a necessary design choice. Keep your processes address map consistant. Also it's going to pop the last function in your proggie & exit, again very sound decision.

>What if I wanted to use my own stack space?
This is an OS shortcircuit. Doable but why put yourself thru it unless you're writing your own OS?

>I've tried making stack segments, but that does not change esp.
>So lets just say I change esp to my own space declared in, lets say, a data segment.
Use the segment regs & your proggie will die. It's an OS design decision that make sense for the OS designer view. me I looked at these & said to myself look at all those regs I can use. Croak & die when i tried to use them.

>Shoulod I restore the original stack before program exit?
If you go the valloc route then, yes defintely to get the proper exit code to run.

Again for learning knock yourself out but in general bad idea unless you've got a very specific need for this.
Posted on 2002-10-19 13:29:40 by rafe
Hmmm just wondering. When I did 68k stuff I had no problem, but x86 and Windows may be a diffrent story.

When I say to make my own stack, that does not mean change the SS reg, just move esp to the top of my own space.


A process's control is usually tightly coupled tightly with the OS and the stack space is an important part of a process. What you are taking about doing, creating your own stack space, is possible but only rarely worth the effort. If you wanted to you could valloc() some pages & muck around for learning but for the most part why bother.


I read a big old usenet argument last night found by Google. Someone asked if it is okay to use esp as a genral reg under win32...All hell broke loose in comp.lang.asm.x86. Anyway....

One programmer said that the OS will keep its own stacks in ring0. So I figure messing in the stack in ring3 will not crash the OS. That stack should also be for just my program. Am I wrong??


Again for learning knock yourself out but in general bad idea unless you've got a very specific need for this.


No specific reason, just trying to think a little farther out of the box.....
Posted on 2002-10-19 13:51:37 by ThoughtCriminal
Sometimes the board's search function can be very useful:
http://www.asmcommunity.net/board/index.php?topic=5214&highlight=tib+stack

You may find relevant in particular the post in the middle of that thread, the one that includes in its text:


MOV U32 [FS:4],0x7FFFFFFF
MOV U32 [FS:8],0x00000000


Shoulod I restore the original stack before program exit?
Sometimes experimenting takes less time even to ask, and teaches you much more.

One programmer said that the OS will keep its own stacks in ring0. So I figure messing in the stack in ring3 will not crash the OS. That stack should also be for just my program. Am I wrong??
You ain't wrong.

Final note: ESP *is* a valuable resource.
Posted on 2002-10-19 16:10:03 by Maverick
Thanks Maverick, I've played around with this:


MOV U32 [FS:4],0x7FFFFFFF
MOV U32 [FS:8],0x00000000


This allows me to freely switch stacks whenever I wish it - without having Win32 killing my program at the first stack limit check (it would otherwise, when you go outside the PE-specified stack limits).

So I'm free to have e.g. a 10, 100 or 1000 MB stack space, if I need it.

Lets say my stack range is 0x1000-0x2000. At start 0x2000 is my stack top.

Now lets say I make my own stack and put esp to the new stack top 0x4000-0x8000

Would Windows have a problem with the new location, or would if fail once I pushed past 0x7000(Since the PE would say only 0x1000 bytes of stack)

I'm curious how I could make Windows fail the program becuase of stack.

Sometimes experimenting takes less time even to ask, and teaches you much more.

As far as restoring the stack, I'd guess I do not need to restore. I could exit with ExitProcess or WM_CLOSE, etc. WM_CLOSE I doubt even touches the applications stack.

Thanks for bringing up that thread too. Some stuff to read again :)
Posted on 2002-10-20 07:45:03 by ThoughtCriminal

Lets say my stack range is 0x1000-0x2000. At start 0x2000 is my stack top.

Now lets say I make my own stack and put esp to the new stack top 0x4000-0x8000

Would Windows have a problem with the new location, or would if fail once I pushed past 0x7000(Since the PE would say only 0x1000 bytes of stack)

I'm curious how I could make Windows fail the program becuase of stack.

As far as restoring the stack, I'd guess I do not need to restore. I could exit with ExitProcess or WM_CLOSE, etc. WM_CLOSE I doubt even touches the applications stack.

Thanks for bringing up that thread too. Some stuff to read again :)
To use your own stacks, you've to modify FS:4 and FS:8 as explained, then make sure that ESP points to a committed region of memory. That's all. FS:4 and FS:8 will make sure that when you enter some Win32 API (that checks ESP against FS:4 and FS:8) the OS won't kill your program.

To say it differently:

What is specified in the PE is the "default" stack extension, i.e. in your example the 0x1000 .. 0x2000 range.

Once you've changed ESP, you've to make sure of course that it's pointing to a valid (committed) zone of memory.
You can forget the PE-specified range completely now.

At program exit I restore FS:4, FS:8 and ESP. It's few instructions, and ensures compatibility with all Win32 OS's even in particular conditions (no time to dig on this). Always experiment by yourself, but always try to be safe if you can (i.e. if it's not for a 4KB intro, why risk a unaesthetical crash on exit?).

You can't make Windows fail by just playing with ring0 ESP: it's not the 6502 or Z80 anymore, where the stack pointer was just one for both system/supervisor/irq mode and user mode.
Posted on 2002-10-20 07:52:19 by Maverick
You are also probably talking about different behaviours across different windows platforms, as a stack is managed in most langauges by the compiler, so is probably not counted as an "offical part of windows" by MS.

i.e. Under 9x try:


not esp
int 3


Because under XP this just terminates the application (without any notice!) by I do remember from somewhere 9x reacts even less kindly.
Posted on 2002-10-20 22:31:10 by huh
lesson learned...

I will NEVER post as a helper in this forum unless I'm 100% sure.

sorry
Posted on 2002-10-20 23:14:26 by rafe

I will NEVER post as a helper in this forum unless I'm 100% sure.
Please, don't let that stop you. The only lesson is the experience Maverick has provided. I post all the time when I hardly have a clue. Okay, maybe being +50% sure is good. Usually, I do a quick sanity check with a known source if I'm in doubt, or edit my reply before anyone notices the blunder. :)
Posted on 2002-10-21 00:05:11 by bitRAKE
not esp
int 3

By the way, I forgot to mention that one consequence of doing weird stuff with ring3's ESP is that most non-ring0 debuggers (as OllyDbg) and Structured Exception Handling will stop working properly. I forgot to mention this because this is a side effect I like very much (I don't like to avoid myself debugging, but I like if others can't debug my programs ;) ). My debugger isn't exception based, of course.. but that's ok for me because in a debugger I only look for riches of features.

bitRAKE: thanks for your kind words.. although it's quite funny and unbelievable for me to be called "expert" on the PC world when I still consider myself a Vic20 / Amiga "expert" coder, with just some partial knowledge of the PC that I'm trying to improve every day, together with my knowledge of space ships propulsion systems. ;) :tongue:
Posted on 2002-10-21 01:43:24 by Maverick
Thanks Maverick,

Allright, that makes sense, using commited memory. Glad it is just that easy.

As far as the debugger goes, I figure VC7 might be ring0. I like my PDB info.


rafe,

You brought up good points that should be considered. ESP under DOS and ESP under Windows are very different. ESP in DOS has to handle things like timer interrupts and NMIs. So it is good to consider if Windows works the same way.


Now I need to see what havok I can create with ESP.
Posted on 2002-10-21 02:41:18 by ThoughtCriminal
bitRAKE & ThoughtCriminal,

Thank you for your encouraging words. Just a bit of a perfectionist here. Mistakes? Well I'm human. Blunders? No, I'm supposed to be better than human (-;

I'm not running away from home, just sticking to what I know a bit better until I learn a some more. Now where's that biology forum?
Posted on 2002-10-21 11:11:24 by rafe
ThoughtCriminal,
i am curious, what are you wanting to achieve by using your own stack?
Posted on 2002-10-22 03:42:10 by sluggy
Still working on why, sluggy.

The satck is something that just 'there' and where it 'is'. If you look at the thread Maverick linked, he some interesting stack stuff for allocating memory. I was kinda hoping someone would post with a 'hey llok waht you can do' post, but I guess just take the stack for granted. ESP is the onlu reg you can push and pop too, so maybe there could be good functionality beside just a stack. I really not sure how to say what I'm looking for.
Posted on 2002-10-22 05:03:18 by ThoughtCriminal
ESP and stacks are just tools.. no need to foresee before all the possible uses that you can do with them.
It would be like to foresee what you can do with REP MOVSD; there are certainly things you can't foresee now, but that would be useful afterwards.
As I said, they are just tools. Know them, they will come out by themselves in a useful way when you less expect it.

I can guarantee you I benefitted from them in several optimization circumstances. And anyway having a big, switchable and resizeable stack is the base of a lot of programming I do.
Posted on 2002-10-22 05:49:41 by Maverick
When you first joined this forum Maverick, you said that you have spent alot of time thinking in non-standard way to get the most out of you code.

I also try to think non-standard, you just have a lot more practice at asm than me :grin:

There is still alot to discover about how best to use asm. I like trying to find the unexplored/overlooked corners.

Thanks for your help.








:mad: Part of the reason I do not much like C++, is too many rules about how you are supposed to use the language. (see: Language N*zi)
Posted on 2002-10-22 07:30:52 by ThoughtCriminal
Hi ThoughtCriminal,
It's not much thinking in a non-standard way, it's rather thinking with your own mind as much as possible, and then comparing your results and ideas with the standard ones.
It's a continuous process that starts to pay after some/many years.. and is someway similar to the "learn from your own errors" philosophy.

IMO, you show the best attitude for an asm "researcher", that will bring you far away if you will do it for the pleasure, without frustrations, giving yourself all the time you need, and loving what you learn from your experiments every day.
Of course we should not only learn from ourselves.. but also from others, and this forum is full of skilled people with the right attitude.. and all of them give a great contribute to this very nice board.. the only one actually that I didn't leave after some days of being there.

We have a nice++ community here.

PS: true, asm gives you much more freedom than C++.. but even there you can do neat things.. I learnt by myself the importance of preprocessors.. they're the most powerful part of a compiler IMHO. In my own one I implemented as much functionality (including 95% of the OOP one) right in the preprocessor. It's a simple and powerful solution. If I have some time and there's the interest, I may write a post about some "guidelines" I feel important when using C/C++, so that others may compare them with their own findings/experience and some interesting discussion may arise.
Posted on 2002-10-22 08:27:20 by Maverick
I post all the time when I hardly have a clue.


Uh, oh.

Maverick,

Do you use Visual C++ or Studio?
Posted on 2002-10-22 14:36:38 by drhowarddrfine
If for contract I have to write a whole program without releasing source code, I use my own development tools. This is often true also if it's e.g. just a DLL.
If they asked me for a source, it's usually++ ANSI stuff, so I can use whatever compiler I wish, for development. That usually means Watcom. No particular reasons.. I know VisualC is good, and I used it some times when I didn't develop on my PC, but I like Watcom for development and then it's the employer's choice whatever compiler he wants to use to compile the ANSI source I hand over.
Posted on 2002-10-22 14:57:18 by Maverick
Do you have any significant problems getting your code to compile on your employers compiler when you hand them something? That is, compiler related problems, not your code.
Posted on 2002-10-22 22:12:11 by drhowarddrfine