Re: NASM and push byte, ret; ret 4; ret 16
From: Frank Kotler (fbkotler_at_comcast.net)
Date: 03/29/04
- Next message: wolfgang kern: "Re: disassembler prefix-byte check -- wanting comments good and bad"
- Previous message: Beth: "Re: Hey Mr. Hyde!"
- In reply to: Ro : "NASM and push byte, ret; ret 4; ret 16"
- Next in thread: wolfgang kern: "Re: NASM and push byte, ret; ret 4; ret 16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 29 Mar 2004 15:11:31 GMT
Ro wrote:
> What is the difference between
> push 88; and push byte 88; push word 88;
> in NASM, in 32 BIT code? And in 16 bit code?
Nasm/Ndisasm make it really easy to "try it and see"...
; here's "foo.asm"
; nasm -f bin foo.asm (produces "foo")
; uncomment for 32 bit code
;bits 32
push 88
push byte 88
push word 88
push dword 88
ret
ret 8
Here's "ndisasm foo>foo.dis:
00000000 685800 push word 0x58
00000003 6A58 push byte +0x58
00000005 685800 push word 0x58
00000008 666858000000 push dword 0x58
0000000E C3 ret
0000000F C20800 ret 0x8
And the 32-bit version with "bits 32" uncommented, and "ndisasm -u
foo>foo.dis":
00000000 6858000000 push dword 0x58
00000005 6A58 push byte +0x58
00000007 66685800 push word 0x58
0000000B 6858000000 push dword 0x58
00000010 C3 ret
00000011 C20800 ret 0x8
> I would image that what push is always 32 bits in 32 bits code; 16
> bits in 16 bit code.
Well, that's a more complicated question than it appears to (should?)
be. As of Nasm 0.98, "push 88" would result in an "operation size not
specified" error. The folks who were working on Nasm at the time -
primarily Kendall Bennett at SciTech and Andrew Zabolotny at Crystal
Systems - realized that it was *so* unusual to want to push 16 bits in
32-bit mode (or vise versa) that Nasm could safely default to the
"native size" for "push imm". So newer versions behave as you imagine,
unless it's overridden by an explicit size specifier.
The "push byte ..." syntax may be confusing. You never, ever, can push 8
bits - there's no such instruction. The operand is *stored* (in the
codestream) as a byte, but is sign-extended to either 16 or 32 bits, and
*that* value is pushed.
> what are the instructions equivalent to ret, ret 0, ret 4
> ret num?
> Are there
> ret x <=> {add esp, x + 4;
I'm not sure what you're getting at here, but I think the answer is "no"
- you can calculate a value at "assemble time", but the "N" in "ret N"
has to be an immediate at "run time". (the macros for "invoke", or
whatever, do this). Be aware that "ret N" is *not* the same as a HLL
"return N"! The "N" is the number of parameters to remove from the
stack. It's for "pascal" or "stdcall" calling conventions where callee
cleans up stack - in "C" calling convention, caller cleans up stack
(usually with "add esp, N"), and the subroutine ends with a plain "ret".
> jmp dword [ esp - (x + 4) ] }
Mmmm... I think that's valid, but probably not too useful. Unless I'm
mistaken, anything involving "call [esp]" or "jmp [esp]" gives
"attackerz" a potential place to "exploit" your code... not sure about
that one...
Again, Nasm (due to lack of "red tape" required, and the "-f bin"
format) makes it easy to "try it and see". You've got a "laboratory"
right in front of your face (or you wouldn't be reading this!) - don't
be afraid to "experiment"!
There *is*, of course, also the Friendly Manual, if you're so inclined :)
Best,
Frank
- Next message: wolfgang kern: "Re: disassembler prefix-byte check -- wanting comments good and bad"
- Previous message: Beth: "Re: Hey Mr. Hyde!"
- In reply to: Ro : "NASM and push byte, ret; ret 4; ret 16"
- Next in thread: wolfgang kern: "Re: NASM and push byte, ret; ret 4; ret 16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
