通话未正确返回[X86_ASM]

Question

This is C++ using x86 inline assembly [Intel syntax]

Function:

     DWORD *Call ( size_t lArgs, ... ){

    DWORD *_ret = new DWORD[lArgs];

    __asm {
        xor edx, edx
        xor esi, esi
        xor edi, edi
        inc edx
start:
        cmp edx, lArgs
        je end
        push eax
        push edx
        push esi
        mov esi, 0x04
        imul esi, edx
        mov ecx, esi
        add ecx, _ret
        push ecx
        call dword ptr[ebp+esi] //Doesn't return to the next instruction, returns to the caller of the parent function.
        pop ecx
        mov [ecx], eax
        pop eax
        pop edx
        pop esi
        inc edx
        jmp start
end:
        mov eax, _ret
        ret
    }
}

The purpose of this function is to call multiple functions/addresses without calling them individually.

Why I'm having you debug it? I have to start school for the day, and I need to have it done by evening.

Thanks alot, iDomo

Answer 1

Thank you for a complete compile-able example, it makes solving problems much easier.

According to your Call function signature, when the stack frame is set up, the lArgs is at ebp+8 , and the pointers start at ebp+C . And you have a few other issues. Here's a corrected version with some push/pop optimizations and cleanup, tested on MSVC 2010 (16.00.40219.01) :

DWORD *Call ( size_t lArgs, ... ) {

    DWORD *_ret = new DWORD[lArgs];

    __asm {
        xor edx, edx
        xor esi, esi
        xor edi, edi
        inc edx
        push esi
start:
        cmp edx, lArgs
        ; since you started counting at 1 instead of 0
        ; you need to stop *after* reaching lArgs
        ja end
        push edx
        ; you're trying to call [ebp+0xC+edx*4-4]
        ; a simpler way of expressing that - 4*edx + 8
        ; (4*edx is the same as edx << 2)
        mov esi, edx
        shl esi, 2
        add esi, 0x8
        call dword ptr[ebp+esi]
        ; and here you want to write the return value
        ; (which, btw, your printfs don't produce, so you'll get garbage)
        ; into _ret[edx*4-4] , which equals ret[esi - 0xC]
        add esi, _ret
        sub esi, 0xC
        mov [esi], eax
        pop edx
        inc edx
        jmp start
end:
        pop esi
        mov eax, _ret
        ; ret ; let the compiler clean up, because it created a stack frame and allocated space for the _ret pointer
    }
}

And don't forget to delete[] the memory returned from this function after you're done.

Answer 2

I notice that, before calling, you push EAX, EDX, ESI, ECX (in order), but don't pop in the reverse order after returning. If the first CALL returns properly, but subsequent ones don't, that could be the issue.