Question about CALL statement

Question

0.00/5 (No votes)

See more:

I am a Beginner in x86 Assembly Language. I am writing a code for reading a thread's stack in VC++. I have inserted some assembly code in between. So here's the problem:
I get the function's return address from its stack frame. No before this return address there should be a CALL statement. So I extract out the bytes before the return address.
Sometimes it a near call like E8 ff ff ff d8. My objective is to calculate the function's base address. So for the above statement I subtract the offset 0x28 from the function's return address to get its base address (where it resides in memory).
The problem is I don't know how to calculate this for a FAR call. I have been trying to find out how to do it for some time now. So I have extracted out the first 5 bytes before the return address and they are
ff 75 08 ff d2 <return_addr>
I think this stands for CALL ecx (ff d2) but I am not sure. I will be very grateful if someone can tell me what kind of CALL statement is this and how I can calculate the function's base address from this kind of call.

Posted 3-Jan-11 8:36am

Dushyant Arora

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Espen Harlinn · Answer 1 · 2011-01-03T09:46:00

Are you trying to get the address of the assembly function you are writing or the calling function?

Take a look at this x86 assembly language[^]

To get the address of your method push eip (32-bit) or push rip (64-bit) as the first instruction of your assembly routine. Then pop it into eax to examine it.

You can't really calculate the calling functions address based on the address pushed on the stack. The calling function may have done any number of things with the stack, including allocating memory[^]. All you can get is the address if the instruction to execute upon return from your routine - and thats only true if your function and the calling function have the same notion of how this should operate.

Thats why we talk about calling convention[^] of a function/method.

regards
Espen Harlinn