Community
cancel
Showing results for 
Search instead for 
Did you mean: 
asmi_y_
Beginner
83 Views

unable to retrieve arguments by parsing prologue

Hi

OS :: win2k8 R2

compiler :: icl  version - 12.0.5.229 Build 20120731

compile and link line on top of attached c source code

Consider this disasm
Func4:
  0000000000000064: 66 90              xchg        ax,ax
  0000000000000066: 55                 push        rbp
  0000000000000067: 48 83 EC 70        sub         rsp,70h
  000000000000006B: 48 8D 6C 24 30     lea         rbp,[rsp+30h]
  0000000000000070: 48 89 75 30        mov         qword ptr [rbp+30h],rsi
  0000000000000074: 48 89 5D 28        mov         qword ptr [rbp+28h],rbx
  0000000000000078: 4C 89 4D 18        mov         qword ptr [rbp+18h],r9
  000000000000007C: 4C 89 45 10        mov         qword ptr [rbp+10h],r8
  0000000000000080: 48 89 55 08        mov         qword ptr [rbp+8],rdx
  0000000000000084: 48 89 4D 00        mov         qword ptr [rbp],rcx
  0000000000000088: 89 4D 50           mov         dword ptr [rbp+50h],ecx
  000000000000008B: 89 55 58           mov         dword ptr [rbp+58h],edx


For PUSH instruction, we need to decrement the stack pointer i.e;RSP by 8bytes in case of 64-bit machine
Similarly do we have any other such instructions in above disasm where we need to  modify rsp or rbp?

If yes, what and why
If no,
Please find attached sample code which tries to get argument by tracing back assembly
I see the rsp is not pointing correctly it is pointing 8 bytes ahead of correct position



output of sample code

Here initially rsp is 1afd10
push decremented it by 8bytes --> 1afd08
sub 70h made it -->1fac98
add 30 made it --> 1afcc8 and this is loaded into rbp and all args are pushed wrt to rbp
But if you see memory all args are pushed wrt to address 1afcc0....so i see 8 bytes difference...I am not getting
where i lost this 8 bytes.

Let me know your inputs on this.

compile and link instructions are on top of file

0 Kudos
1 Reply
asmi_y_
Beginner
83 Views

Not sure if sample source code attachment came properly -- so here is the link....you can download from here as well

https://www.dropbox.com/s/gvkmmigt6u5tdmm/sample.c?dl=0

or

plz find the attachment

Reply