Hi to everyone in this Forum.

I'm Alex and I'm new there. I'm italian, so excuse me for my bad english!!!

Ok, the question:

I've a problem when decoding something like this:

Suppose to have a function (C++) that takes this kind of args:

int my_func(char *the_string, double the_number);

ok? well...

when I assemble this I get (in asm):

push
push
call my_func()

ok. the problem is now that i can see the reference string in the disassembly (i see the value of the_string as reference string in w32dasm i mean), but HOW CAN I see what the_number was?
Is there a way? I've found difficulties because it's a double, I don't think that the same happens with an int (btw I think so!)
When, with Softice I try to see what value is at the location given after the push I get that it's not possible, otherwise, when I do the d (intended as index!) i can see what I've typed.

Anyone can help me?
Is so, you can reply at my email address too:
psycho_alex_2000@yahoo.it

Thanks to evryone who should help me out.
Posted on 2001-10-25 10:09:18 by alex
Which disassembler are you using? A windows one or a DOS one?
Try to use a good Win32 disassembler. Look, here is a code of a little program:
;***---------------------------------------------------------***
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

.data
Hola db "hola mundo",0

.code
start:
mov eax,00007C56h
invoke MessageBox, NULL,addr Hola, NULL, MB_OK
invoke ExitProcess, NULL
end start
;***-----------------------------------------------------------------------***

and here is the succesful disassembly, showing number and string:
*************************+
Disassembly of File: trucho.exe

T.DateStamp = 3BE5CB96: Sun Nov 04 15:13:26 2001
Code Offset = 00000400, Code Size = 00000200
Data Offset = 00000800, Data Size = 00000200

Number of Objects = 0003 (dec), Imagebase = 00400000h

Object01: .text RVA: 00001000 Offset: 00000400 Size: 00000200 Flags: 60000020
Object02: .rdata RVA: 00002000 Offset: 00000600 Size: 00000200 Flags: 40000040
Object03: .data RVA: 00003000 Offset: 00000800 Size: 00000200 Flags: C0000040

+++++++++++++++++++ RESOURCE INFORMATION +++++++++++++++++++

There are no Resources in This Application.

+++++++++++++++++++ IMPORTED FUNCTIONS +++++++++++++++++++

Number of Imported Modules = 2 (decimal)

Import Module 001: USER32.dll
Import Module 002: KERNEL32.dll

+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++++

Import Module 001: USER32.dll

Addr:0000205C hint(01BB) Name: MessageBoxA

Import Module 002: KERNEL32.dll

Addr:00002076 hint(0075) Name: ExitProcess

+++++++++++++++++++ EXPORTED FUNCTIONS +++++++++++++++++++

Number of Exported Functions = 0 (decimal)


+++++++++++++++++++ Possible Strings Inside Code Block +++++++++++++++++++

:00401200....NullString..MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM


+++++++++++++++++++ ASSEMBLY CODE LISTING +++++++++++++++++++
//********************** Start of Code in Object CODE **************
Program Entry Point = 00401000 (trucho.exe File Offset:00000400)

//******************** Program Entry Point ********
:00401000 B8567C0000 mov eax, 00007C56
:00401005 6A00 push 00000000
:00401007 6A00 push 00000000
:00401009 6800304000 push 00403000
(StringData)"hola mundo"
:0040100E 6A00 push 00000000
:00401010 E807000000 call 0040101C
;;call USER32.MessageBoxA
:00401015 6A00 push 00000000
:00401017 E806000000 call 00401022
;;call KERNEL32.ExitProcess
=========
:0040101C FF2508204000 jmp dword[00402008]
;;call USER32.MessageBoxA
=========
:00401022 FF2500204000 jmp dword[00402000]
;;call KERNEL32.ExitProcess

:00401028 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401038 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401058 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401068 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401078 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401088 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401098 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010A8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004010F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401108 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401118 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401138 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401148 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401158 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401168 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401178 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401188 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:00401198 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011A8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
:004011F8 00 00 00 00 00 00 00 00 ........

*************** Cross Reference Listing ****************
==0040101C::00401010,
==00401022::00401017,
*************** END OF LISTING **********************************

As you see, no problems.
Posted on 2001-11-04 17:13:56 by CodeLover