the trick we find with pushad/popad

[Rosario1903]

pushad: push "EAX, ECX, EDX, EBX, ESP, EBP, ESI and EDI"

it could be useful access eax trhu the stack for return result in eax
as many C/C++ functions do, example:

; 28 24 20 16 12 8 4 0
; EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI"
function:
pushad

; one can use the space of stack were there are ecx, edx as varibles
; if the ABI of the SYS or OS allow it
....

; for return to caller

mov dword [esp+28], 1 ; this would make function return 1
clc
jmp .z
etc

.z:
popad
ret

if someone want some space in the stack for variables too

; 28 24 20 16 12 8 4 0 + 32
; EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI"
; 60
function:
pushad
sub esp, 32


mov dword [esp+60], 1 ; this would make function return 1
clc
jmp .z
etc


.z:
lea esp, [esp+32]
popad
ret

even if i not sure is ok because i use my home made asm language

[wolfgang kern]

Rosario1903 posted about (ab)using stack in any HLL:

beside that PUSHAD is equal fast as pushing three apart regs,
I can't see any advantage in pushing more than required and read
back stack contents almost in the same order they were pushed.

If you want to keep the value in EAX then it's more approbiate
to just save EAX by single push/pop or better don't touch it.

__
wolfgang

[Rosario1903]

i think *many* routines has need *all* registers eax, ebc,ecx edx ebp
esi edi... so pushad and popad are easy to use for that, but if one
has to return a result in eax, one has to write in the stack where is
eax, so all is ok here... years ago i did not understand how change
eax in the end of the routine and this stop me from use pushad/popad

more, if OS-ABI can allow, one can use the position in the stack where
are edx ecx as 2 varibles or 2 other return values other than eax

[wolfgang kern]

Rosario1903 wrote:

>>beside that PUSHAD is equal fast as pushing three apart regs,
>>I can't see any advantage in pushing more than required and read
>>back stack contents almost in the same order they were pushed.

>>If you want to keep the value in EAX then it's more approbiate
>>to just save EAX by single push/pop or better don't touch it.

> i think *many* routines has need *all* registers eax, ebc,ecx edx ebp
> esi edi... so pushad and popad are easy to use for that, but if one
> has to return a result in eax, one has to write in the stack where is
> eax, so all is ok here... years ago i did not understand how change
> eax in the end of the routine and this stop me from use pushad/popad

> more, if OS-ABI can allow, one can use the position in the stack where
> are edx ecx as 2 varibles or 2 other return values other than eax

Yes, many years ago me too used this method with RosAsm:
(instead of the oh-so-famous PUSH EBP|MOV EBP,ESP|ADD ESP,xx -shit)

MainWindowProc: ;esp+00=ret +04=hdl +08=msg +0c=wP +10=lP
pushad
; mov edx D$esp+024 ;hdl not of interest here, just kept on stack
mov eax D$esp+028 ;msg
mov ebx D$esp+02c ;wP
; mov ecx D$esp+030 ;lP not of interest here, just kept on stack
cmp eax &WM_CHAR |jnz L7>>
...
popad
call ... ;can call an API which need this stack-contents
ret 16

find the whole story in KE05TEST.exe on my homepage under[codesnips].
__
wolfgang

[Rosario1903]

On Thu, 31 Oct 2013 10:11:23 +0100, "wolfgang kern" wrote:

>Yes, many years ago me too used this method with RosAsm:
>(instead of the oh-so-famous PUSH EBP|MOV EBP,ESP|ADD ESP,xx -shit)

i never use above[with some exceptions], i prefer "push" or "pushad"
registers than a "sub esp, spaceOfMem" i never have any problem with
that

>MainWindowProc: ;esp+00=ret +04=hdl +08=msg +0c=wP +10=lP
> pushad
>; mov edx D$esp+024 ;hdl not of interest here, just kept on stack

yes hdl would be in the stack as 32 +4 =36 decimal = 024h
i would write the above one as "a=^36" that would means
"mov eax, dword [esp+36]"

[Bernhard Schornak]

wolfgang kern wrote:


> Yes, many years ago me too used this method with RosAsm:
> (instead of the oh-so-famous PUSH EBP|MOV EBP,ESP|ADD ESP,xx -shit)
>
> MainWindowProc: ;esp+00=ret +04=hdl +08=msg +0c=wP +10=lP
> pushad
> ; mov edx D$esp+024 ;hdl not of interest here, just kept on stack
> mov eax D$esp+028 ;msg
> mov ebx D$esp+02c ;wP
> ; mov ecx D$esp+030 ;lP not of interest here, just kept on stack

Until here, it looks like "Intelligent Design"...

http://st-intelligentdesign.blogspot.de/2010/04/first-steps.html

> cmp eax &WM_CHAR |jnz L7>>

> popad
> call ... ;can call an API which need this stack-contents
> ret 16

But this is purified HLL crap... :|

> find the whole story in KE05TEST.exe on my homepage under[codesnips].

No such domain... ;)


Pfüat'di

Bernhard

[wolfgang kern]

Bernhard Schornak wrote:


>> Yes, many years ago me too used this method with RosAsm:
>> (instead of the oh-so-famous PUSH EBP|MOV EBP,ESP|ADD ESP,xx -shit)

>> MainWindowProc: ;esp+00=ret +04=hdl +08=msg +0c=wP +10=lP
>> pushad
>> ; mov edx D$esp+024 ;hdl not of interest here, just kept on stack
>> mov eax D$esp+028 ;msg
>> mov ebx D$esp+02c ;wP
>> ; mov ecx D$esp+030 ;lP not of interest here, just kept on stack

> Until here, it looks like "Intelligent Design"...
>
> http://st-intelligentdesign.blogspot.de/2010/04/first-steps.html

So my assumption for "not be the only intelligent programmer" is true :)

>> cmp eax &WM_CHAR |jnz L7>>
>> popad
>> call ... ;can call an API which need this stack-contents
>> ret 16

> But this is purified HLL crap... :|

Yes of course.
By any luck I'm not asked too often for windoze-apps (I'd decline anyway).

>> find the whole story in KE05TEST.exe on my homepage under[codesnips].

> No such domain... ;)

Sorry, it's here:

http://web.utanet.at/schw1285/KESYS/index.htm

> Pfüat'di
Servas
__
wolfgang

[Bernhard Schornak]

wolfgang kern wrote:


> Bernhard Schornak wrote:
>
>
>>> Yes, many years ago me too used this method with RosAsm:
>>> (instead of the oh-so-famous PUSH EBP|MOV EBP,ESP|ADD ESP,xx -shit)
>
>>> MainWindowProc: ;esp+00=ret +04=hdl +08=msg +0c=wP +10=lP
>>> pushad
>>> ; mov edx D$esp+024 ;hdl not of interest here, just kept on stack
>>> mov eax D$esp+028 ;msg
>>> mov ebx D$esp+02c ;wP
>>> ; mov ecx D$esp+030 ;lP not of interest here, just kept on stack
>
>> Until here, it looks like "Intelligent Design"...
>>
>> http://st-intelligentdesign.blogspot.de/2010/04/first-steps.html
>
> So my assumption for "not be the only intelligent programmer" is true :)

Cheesy compliments are always appreciated... ;)

>>> cmp eax &WM_CHAR |jnz L7>>
>>> popad
>>> call ... ;can call an API which need this stack-contents
>>> ret 16
>
>> But this is purified HLL crap... :|
>
> Yes of course.
> By any luck I'm not asked too often for windoze-apps (I'd decline anyway).

Good to know no concurrent LowLevel intelligence is active on the 64 bit Windoze
market. :D

>>> find the whole story in KE05TEST.exe on my homepage under[codesnips].
>
>> No such domain... ;)
>
> Sorry, it's here:
>
> http://web.utanet.at/schw1285/KESYS/index.htm

Unfortunately, your executables come without source code - I am just too lazy to
start WinDebug, and your 16 bit disassembler cannot be launched here (Win7-64).


Pf�at'Di

Bernhard

[wolfgang kern]

Bernhard Schornak wrote:
...

> Unfortunately, your executables come without source code - I am just too
> lazy to start WinDebug, and your 16 bit disassembler cannot be launched
> here (Win7-64).

The source is included in the exe, but you need RosAsm to view it.
My disassembler-module (from hextutor) is pure 32-bit code and
for this there is no source availabe because such never existed.
Hextutor.exe also contains all RosAsm source and it works on XP.
__
wolfgang

[Bernhard Schornak]

wolfgang kern wrote:


> Bernhard Schornak wrote:
> ...
>> Unfortunately, your executables come without source code - I am just too
>> lazy to start WinDebug, and your 16 bit disassembler cannot be launched
>> here (Win7-64).
>
> The source is included in the exe, but you need RosAsm to view it.

Okay. Looks like a mixture between asm and HLL... ;)

> My disassembler-module (from hextutor) is pure 32-bit code and
> for this there is no source availabe because such never existed.
> Hextutor.exe also contains all RosAsm source and it works on XP.

Nix f�r unguat, oba:

Win7-64 treats your disassembler like an old 16 bit program - even the assigned
icon only is used to 'mark' old 16 bit software.

So - please don't shoot the messenger... ;)


Pf�at'Di

Bernhard

[wolfgang kern]

Yeah, I named the disassembler-modul 'disass.com' and it can be
installed as TSR from RM-DOS just for the few who work with BIG-real.
It is not intended to run on its own anyway. It can be loaded to
any location without relocation needs but it must have a host
programm which know how to handle it (like hextutor or KESYS-debug).

> Pf�at'Di

Servas
__
wolfgang

[Guga]

Hi wolfgang.

Long time. Rosasm´s development is still on. I´m updating it on my free time.

Best Regards

guga

http://rosasm.freeforums.org/portal.php

[Frank Kotler]

Guga wrote:

...
> Long time. Rosasm愀 development is still on. I惴 updating it on my free time.

>
> Best Regards
>
> guga
>
> http://rosasm.freeforums.org/portal.php

Hi Guga,

Glad to hear that some of you are still keeping Rosasm alive.As I think
you know, Rosasm is "not my cup of tea" but I favor choices for those
who do like it. Good luck to you all. Courage!

Best,
Frank

[Kerr Mudd-John]

On Sat, 09 Jan 2016 18:16:03 -0000, Frank Kotler
<fbko...@myfairpoint.net> wrote:

> Guga wrote:
>
> ...

>> Long time. Rosasm´s development is still on. I´m updating it on my free

>> time.
>> Best Regards
>> guga
>> http://rosasm.freeforums.org/portal.php
>
> Hi Guga,
>
> Glad to hear that some of you are still keeping Rosasm alive.As I think
> you know, Rosasm is "not my cup of tea" but I favor choices for those
> who do like it. Good luck to you all. Courage!
>
> Best,
> Frank

Pshureluy HLL is the way forward! </old feuds no-one cares about any more>
PS :=)

--
Bah, and indeed, Humbug

[Frank Kotler]

Kerr Mudd-John wrote:
> On Sat, 09 Jan 2016 18:16:03 -0000, Frank Kotler
> <fbko...@myfairpoint.net> wrote:
>
>> Guga wrote:
>>
>> ...

>>> Long time. Rosasm愀 development is still on. I惴 updating it on my

>>> free time.
>>> Best Regards
>>> guga
>>> http://rosasm.freeforums.org/portal.php
>>
>> Hi Guga,
>>
>> Glad to hear that some of you are still keeping Rosasm alive.As I
>> think you know, Rosasm is "not my cup of tea" but I favor choices for
>> those who do like it. Good luck to you all. Courage!
>>
>> Best,
>> Frank
> Pshureluy HLL is the way forward!

Ha!

</old feuds no-one cares about any more>

Ha!

I thought the issue was settled! :)

Best,
Frank

[wolfgang kern]

Guga replied to an old post ...

...

|Hi wolfgang.
|
|Long time. Rosasm's development is still on.
|I'm updating it on my free time.
|
|Best Regards
|
|guga

| http://rosasm.freeforums.org/portal.php

Hello Guga,

Good to hear that RosAsm is still alive, but I almost gave
up on programming for windoze.
I always found RosAsm as a very comfortable and easy to
handle programming tool, especially the source-level debug.

I didn't know anything about windoze at all before I tried
RosAsm and with the help of ALA, CLAX and the RosAsm crowd
I learned the basic requirements and could sell my first
windoze-app after only six weeks.

If you need some help or want just my (lowest-level) opinion
youre welcome.

Courage! as Rene would say.
__
wolfgang