How to use DumpMem to display Stack in Assembly
https://stackoverflow.com/questions/10255752
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Okay so here is my problem. After I push a variable onto the stack and then create room for the local variable. How do I use DumpMem to display the stack before I return from the procedure?
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
begin:
mov ecx, offset x
push ecx
call StackProcedure
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
add esp, 32
pop ebp
ret
StackProcedure ENDP
finfin:
invoke exitProcess,0
end begin
Solution
Irvine's DumpMem needs just three values in registers. Only these registers are attached, everything else (registers, memory, stack) is unchanged when the function returns. So, its use is easy:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
I guess this was not actually asked about. Irvine's DumpMem shows no addresses except the start address and no equivalent ASCII characters as expected in a disassembler dump. Since it has its own display (title and line feeds) it cannot be embedded between functions that provide that additional information. Here is a function that displays a row of 16 bytes with address, hex values and ASCII characters:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
DumpMemLine PROC C USES EBX ESI, address:PTR ; dumps 16 bytes hex & char
mov eax, address
call WriteHex ; call Irvine's WriteHex (8 hex digits)
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
L1:
mov al, [esi]
cmp al, 14 ; ASCII code >= 14d?
jae @F ; Yes, can be written unchanged
cmp al, 7 ; ASCII code < 7d?
jb @F ; Yes, can be written unchanged
cmp al, 11 ; ASCII code == 11d?
je @F ; Yes, can be written unchanged
cmp al, 12 ; ASCII code == 12d?
je @F ; Yes, can be written unchanged
mov al, ' ' ; Replace characters that `WriteChar` will "cook" (7,8,9,10,13)
@@: ; This is label where the `jcond @F` jump to
mov ebx, 1 ; Two hex digits
call WriteHexB ; call Irvine's WriteHexB
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
inc esi
loop L1
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
@@:
mov al, [esi]
call WriteChar ; call Irvine's WriteChar
inc esi
loop @B
mov al, 10
call WriteChar ; call Irvine's WriteChar (line feed)
ret
DumpMemLine ENDP
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
; Dump three lines à 16 bytes
push esp ; Argument for DumpMemLine
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add esp, 4 ; Clean up the stack
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
OTHER TIPS
I think you are trying to see the memory dump, if its currect, You can use GDB debugger to debug your program and also you can see the memory details like registers, segments, control registers, frames etc... by setting break points, and follow the link to get more on GDB,
http://www.yolinux.com/TUTORIALS/GDB-Commands.html
