Closed Thread Icon

Topic awaiting preservation: Assembler help needed Pages that link to <a href="https://ozoneasylum.com/backlink?for=26031" title="Pages that link to Topic awaiting preservation: Assembler help needed" rel="nofollow" >Topic awaiting preservation: Assembler help needed\

 
Author Thread
Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-14-2005 11:43

For a project of mine, I need to figure out what another guy was doing... unfortunatly, I've only disassembled code to help.

I've understood what most of it does, but I'm stuck at one point, where I need specifics - not only the principle.
I'm wondering if any of you might be able to help.

code:
:00403687 8D442408                lea eax, dword[esp+08] ; //load the rect (see below) address into eax
:0040368B 50                      push eax ;pass that as second parameter
:0040368C 57                      push edi ;window handle is the first parameter
:0040368D FF1570114000            call dword[00401170 ->000064B4 GetWindowRect] ;call windows function
:00403693 8B4C2410                mov ecx, dword[esp+10] ; ret one of the rects 4 dwords out
:00403697 8B442408                mov eax, dword[esp+08]; get the next one,
:0040369B 3BC8                    cmp ecx, eax ; compare
:0040369D 740C                    je 004036AB ; jump if zero, ie. they're equal
:0040369F 8B542414                mov edx, dword[esp+14] ; get a third dword
:004036A3 8B44240C                mov eax, dword[esp+0C]; get the fourth
:004036A7 3BD0                    cmp edx, eax; compare
:004036A9 7509                    jne 004036B4 ; jump to the same place if they're equal

.

Now, I can't figure out which parameters of a rect he's comparing.
I've tried some sample code using delphi (only thing that complies to machine code that I have at hand), but it's loading from esp - 0x1c and just messing me up ;-). I probably should should try just counting the offsets - but I'd be great if I could get a solid answer not just a self-guestimated-one ;-).

Oh, here's the definition of a rect - if you happen to know which way these are stored in memory, that'd be cool ;-)

code:
typedef struct tagRECT { LONG left; LONG top; LONG right; LONG bottom;} RECT,*PRECT,*LPRECT;

(straight from the windows header files) (long is 32 bits).

Thanks for your help,

->Tyberius Prime

AT
Bipolar (III) Inmate

From: Gainesboro, TN, USA
Insane since: Aug 2000

posted posted 06-16-2005 17:56

Yeah, we all know you're smarter.
You don't have to shove it in our faces

jk

My Dad worked in Assembler, but it's been a long time and he said he wouldn't know anymore.
We have a program around here that he wrote (It's all on paper right now) that's over 300k lines.

Crazy

later!

Casey / AT
Personal
Song Lyrics
Family Recipes

hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana, USA
Insane since: Aug 2000

posted posted 06-16-2005 18:21

Tyberius Prime,

I may not understand what you're asking, but it looks to me as if your question is more of a Windows API question than a question about Assembler.

Assuming that the function GetWindowRect takes the handle of the window you're interested in and a reference to the rectangle where you want the coordinates stored, the code you posted looks like the cmp statements are comparing random items from the stack after the return. They seem to ignore the values returned in the rectangle.

Maybe these items were placed on the stack before the call was made. It might help to look earlier in the code and see what was placed on the stack before the start of the call to GetWindowRect.

Since you're working in assembler, I assume you understand enough to know what the above code is doing and are asking what the meaning of the data being compared is. This, of course, depends a lot on what GetWindowRect does to the stack and what was done to the stack before calling GetWindowRect. As I'm sure you know.

You might also go to Windows Applications In Assembly Language and see if there is anything there that will help.

.



-- not necessarily stoned... just beautiful.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-17-2005 14:26

hyperbole:
It's passing a pointer (not a reference) to getWindowRect, and comparing the data @ that pointer (+some bytes) in the heap(!).
(lea loads the address of esp + 08 into eax, and it passes eax to the stack (there's a difference between stack and heap).
then getWindowRect happens, and the code loads the rect back into the registers.

Using some compiled code of my own and doing some contrast & compare,
I've since found out that it compares left & right and top & bottom (d'uh).

thanks for your input,

->Tyberius Prime

« BackwardsOnwards »

Show Forum Drop Down Menu