The assembly begins as follows: Meaningless:Ġ10010f5 mov r12d,r8d r12 = fUnique (zero-extend)Ġ10010f8 mov r13d,edx r13 = dispid (zero-extend) Since this function has only four parameters, none are passed on the stack. Recall that the first four parameters are passed in registers. When entered, the function's parameters are stored as follows: We'll go through this function and the equivalent assembly line by line. Hr = pdisp->Invoke(dispid, IID_NULL, 0, DISPATCH_METHOD, &dp, NULL, NULL, NULL) LONG lUnique = InterlockedIncrement(&lCounter) V_BSTR(&rgvarg) = SysAllocString(wszName) Hr = pqa->GetString(0, ASSOCSTR_FRIENDLYAPPNAME, NULL, wszName, &cchName) Hr = pqa->Init(ASSOCF_INIT_BYEXENAME, pszExe, NULL, NULL) HRESULT hr = AssocCreate(CLSID_QueryAssociations, IID_IQueryAssociations, (void**)&pqa) Next we consider a more complicated function to demonstrate typical 圆4 disassembly: HRESULT Meaningless(IDispatch *pdisp, DISPID dispid, BOOL fUnique, LPCWSTR pszExe) In this case, the result is already in the rax register, so the function returns. Return values are passed in the rax register. In this case, outputting to eax has the effect of truncating the result to 32 bits. On the 圆4, any operation that outputs to a 32-bit register automatically zero-extends the result. We can safely truncate the result to 32 bits. In this instance, the code uses 64-bit addition and multiplication. Many operations, such as addition and multiplication, can be done with extra precision, and then truncated to the correct precision. The first instruction stores j+i*4 in eax, and the second instruction adds i+3 to the result, for a total of j+ i*5+3. The lea operation can be used to perform a series of simple arithmetic operations as a single operation. The particular code generated exploits three tricks, one of which is specific to the 圆4: Since there are only two parameters, the routine does not use the stack at all. The i and j parameters are passed in the ecx and edx registers, respectively. This compiles to code like this: 01001080 lea eax, eax = rdx+rcx*4Ġ1001083 lea eax, eax = rcx+rax+3 The following very simple function illustrates the 圆4 calling convention.
0 kommentar(er)
