汇编x86-调用C函数

Question

I was wondering if it is possible to call printf for example without declaring the format array in the data segment. This question is regarding x86.

#include <stdio.h>

int main()
{
    __asm
    {
        push 1 ; number to print
        push 3710092110 ; format in ascii for %d\n
        call printf
        add esp, 8
    }

    return 0;
}

Ok so we need to push the address of the format instead of the format itself so something like this should be close enough right?

#include <stdio.h>

int main()
{
    __asm
    {
        push 3710092110 ; 3710092110 = format in ascii for %d\n
        push 1; argument to print
        lea edx, dword ptr[esp + 4]; get address of the format on stack
        push edx ; push the address of the format
        call printf
        add esp, 12
    }

    return 0;
}

Do you guys happen to have the time to demonstrate a working example? Can't find anything on the internet about it.

Answer 1

The format string is passed by pushing its address on the stack. So you could put the string wherever you like, but still need to pass its address.

Answer 2

Your second code snippet comes close but it still needs to use a different value for the contents of the format string %d\\n .

The characters involved translate to % =37, d =100, \\n =10 in decimal.
But it is far easier to work with hexadecimal: % =25h, d =64h, \\n =0Ah Due to little endeanness we have to put the first character in the lowest byte of the dword to push on the stack. We leave the highest byte zero to have the necesary null termination.

%d\n  -->  000A6425h

Your code:

#include <stdio.h>

int main()
{
    __asm
    {
        push 000A6425h ;= format in ascii for %d\n
        push 1; argument to print
        lea edx, dword ptr[esp + 4]; get address of the format on stack
        push edx ; push the address of the format
        call printf
        add esp, 12
    }

    return 0;
}