Question about CALL statement

Posted by Bruce on Stack Overflow See other posts from Stack Overflow or by Bruce
Published on 2011-01-04T04:19:22Z Indexed on 2011/01/04 4:54 UTC
Read the original article Hit count: 204

Filed under:

assembly

I have the following code in VC++

Func5(){ StackWalk(); }
Func4{ Func5();}

I am a Beginner in x86 Assembly Language. I am trying to find out the starting address of Func5(). I get the Func5()'s return address from its stack frame. Now before this return address there should be a CALL statement. So I extract out the bytes before the return address.

Sometimes it's a near call like E8 ff ff ff d8. So for this statement I subtract the offset 0x28 from the function's return address to get Func5()'s base address (where it resides in memory).

The problem is I don't know how to calculate this for a indirect NEAR call. I have been trying to find out how to do it for some time now. So I have extracted out the first 5 bytes before the return address and they are ff 75 08 ff d2 I think this stands for CALL ECX (ff d2) but I am not sure.

I will be very grateful if someone can tell me what kind of CALL statement this is and how I can calculate the function's base address from this kind of call.

Related posts about assembly

More information wanted on error: CREATE ASSEMBLY for assembly failed because assembly failed verif

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a small application that uses SQL Server 2005 Express with CLR stored procedures. It has been successfully installed and runs on many computers running XP and Vista. To create the assembly the following SQL is executed (names changed to protect the innocent): CREATE ASSEMBLY myAssemblyName… >>> More
Installed SQL Server 2008 and now TFS is broken.

as seen on Server Fault - Search for 'Server Fault'
Hi, My W2K3 server was running TFS 2008 SP1, SQL Server 2005 Development edition. I installed SQL Server 2008 Standard. I installed it while leaving SQL Server 2005 alone. Upgrading was not possible due to the differences in editions of the SQL Servers. Now TFS is broken. On a client computer… >>> More
How to Specify AssemblyKeyFile Attribute in .NET Assembly and Issues

as seen on Microsoft .NET Support Team - Search for 'Microsoft .NET Support Team'
How to specify strong key file in assembly? Answer: You can specify snk file information using following line [assembly: AssemblyKeyFile(@"c:\Key2.snk")] Where to specify an strong key file (snk file)? Answer: You have two options to specify the AssemblyKeyFile infromation. 1. In… >>> More
Assembly Language Question: Display Characters to screen LIFO (Last In First Out) in assembly langua

as seen on Stack Overflow - Search for 'Stack Overflow'
Given a stack that displays characters to the screen First in First Out(FIFO), how do you switch it to display them Last in First Out(LIFO). Theoretically speaking... is it simply just sending the characters to print in reverse order? >>> More
c# - can you make a "weak" assembly reference to a strong named assembly

as seen on Stack Overflow - Search for 'Stack Overflow'
hi, for various reasons i would rather not use strong named (signed) assemblies in my project. however, one of the projects is referenced by a sharepoint web part which means it must be signed. is it possible to have this assembly signed but when I reference it from other projects, to do so using… >>> More

Developer IT