I posted the source codes related with assembly code for a very simple program below. I have inlined my questions.
Let me repeat my question here,
ebp is not used in function main? only esp is used to represent variables on stack?
what is the purpose of rdx in statement “lea rdx,[rsp+30h]”, store the 2nd parameter to operator <<, which is address of b (address of an integer)?
#include <iostream><br>using namespace std;<br>int foo (int a)<br>{<br>?int b;<br>?cin >> b;<br>?a = a * b;<br>?return a;<br>}<br>int main()<br>{<br>0000000140001000? sub???????? rsp,28h <br>// ebp is not used?<br>?cout << foo (10);<br>0000000140001004? mov???????? rcx,qword ptr [__imp_std::cin (140002080h)] <br>000000014000100B? lea???????? rdx,[rsp+30h] <br>// rcx as the 1st parameter for function operator >><br>// what is the purpose of rdx here, store the 2nd parameter to operator >>, which is address of b (address of an integer)?<br>0000000140001010? call??????? qword ptr [__imp_std::basic_istream<char> >::operator>> (140002078h)] <br>0000000140001016? mov???????? r11d,dword ptr [rsp+30h] <br>000000014000101B? mov???????? rcx,qword ptr [__imp_std::cout (140002090h)] <br>0000000140001022? lea???????? edx,[r11+r11*4] <br>0000000140001026? add???????? edx,edx <br>0000000140001028? call??????? qword ptr [__imp_std::basic_ostream<char> >::operator<< (140002088h)] <br>?return 0;<br>000000014000102E? xor???????? eax,eax <br>}<br>```<br><br>thanks in advance,<br>George</char></char></iostream>
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Lin George
Sent: Sunday, September 28, 2008 1:43 AM
To: Kernel Debugging Interest List
Subject: [windbg] question about cin – why ebp is not used in a function??
Hello everyone,
I posted the source codes related with assembly code for a very simple program below. I have inlined my questions.
Let me repeat my question here,
ebp is not used in function main? only esp is used to represent variables on stack?
what is the purpose of rdx in statement “lea rdx,[rsp+30h]”, store the 2nd parameter to operator <<, which is address of b (address of an integer)?
#include <iostream><br>using namespace std;<br>int foo (int a)<br>{<br> int b;<br> cin >> b;<br> a = a * b;<br> return a;<br>}<br>int main()<br>{<br>0000000140001000 sub rsp,28h<br>// ebp is not used?<br> cout << foo (10);<br>0000000140001004 mov rcx,qword ptr [__imp_std::cin (140002080h)]<br>000000014000100B lea rdx,[rsp+30h]<br>// rcx as the 1st parameter for function operator >><br>// what is the purpose of rdx here, store the 2nd parameter to operator >>, which is address of b (address of an integer)?<br>0000000140001010 call qword ptr [__imp_std::basic_istream<char> >::operator>> (140002078h)]<br>0000000140001016 mov r11d,dword ptr [rsp+30h]<br>000000014000101B mov rcx,qword ptr [__imp_std::cout (140002090h)]<br>0000000140001022 lea edx,[r11+r11*4]<br>0000000140001026 add edx,edx<br>0000000140001028 call qword ptr [__imp_std::basic_ostream<char> >::operator<< (140002088h)]<br> return 0;<br>000000014000102E xor eax,eax<br>}<br>```<br><br>thanks in advance,<br>George<br><br>---<br>You are currently subscribed to windbg as: unknown lmsubst tag argument: ''<br>To unsubscribe send a blank email to xxxxx@lists.osr.com</char></char></iostream>
On Sun, Sep 28, 2008 at 01:43:02AM -0700, Lin George wrote:
I posted the source codes related with assembly code for a very simple
program below. I have inlined my questions.
Let me repeat my question here,
ebp is not used in function main? only esp is used to represent variables
on stack?
You are compiling and running this on a 64-bit machine, so the register
names are "rsp" and "rbp", not "esp" and "ebp".
"ebp" (or "rbp") is only used as a convenience, because a given parameter is
always at the same offset from ebp, for example, "ebp+4" no matter how much
stack junk goes on.
However, the compiler certainly KNOWS how many things it has pushed on the
stack at any given point. So, if it has pushed 0x20 bytes of local data
and 0x10 bytes of parameters during a function call, it knows that
"ebp+4" is the same as "esp+0x34". It's more work at compile time, but
it frees up ebp for other uses.
what is the purpose of rdx in statement "lea rdx,[rsp+30h]", store the
2nd parameter to operator <<, which is address of b (address of an integer)?
You just answered your own question. In x64 land, the first parameter
to a function (or the "this" parameter in a C++ method) goes in rcx.
The next parameter goes in rdx.
By the way, this was not, strictly speaking, a “windbg” question, so
one might suggest that a different forum would be more appropriate.
It is one question I found through my debugging using Windbg. If this question is not quite approriate to this email list, could you suggest some others please? Even if I am not as experienced as you guys and sometimes ask stupid questions, I want to follow the policy here to reduce inconvenience to others.
regards,
George
----- Original Message ----
From: “xxxxx@probo.com” To: Kernel Debugging Interest List Sent: Monday, September 29, 2008 11:53:17 AM Subject: Re: [windbg] question about cin – why ebp is not used in a function??
On Sun, Sep 28, 2008 at 01:43:02AM -0700, Lin George wrote: > > I posted the source codes related with assembly code for a very simple > program below. I have inlined my questions. > Let me repeat my question here, > 1. ebp is not used in function main? only esp is used to represent variables > on stack?
You are compiling and running this on a 64-bit machine, so the register names are “rsp” and “rbp”, not “esp” and “ebp”.
“ebp” (or “rbp”) is only used as a convenience, because a given parameter is always at the same offset from ebp, for example, “ebp+4” no matter how much stack junk goes on.
However, the compiler certainly KNOWS how many things it has pushed on the stack at any given point.? So, if it has pushed 0x20 bytes of local data and 0x10 bytes of parameters during a function call, it knows that “ebp+4” is the same as “esp+0x34”.? It’s more work at compile time, but it frees up ebp for other uses.
> 2. what is the purpose of rdx in statement “lea rdx,[rsp+30h]”, store the > 2nd parameter to operator <<, which is address of b (address of an integer)?
You just answered your own question.? In x64 land, the first parameter to a function (or the “this” parameter in a C++ method) goes in rcx. The next parameter goes in rdx.
By the way, this was not, strictly speaking, a “windbg” question, so one might suggest that a different forum would be more appropriate. – Tim Roberts, xxxxx@probo.com Providenza & Boeklheide, Inc.
You see that’s the problem with you George. You just not a self starter.
How hard would it be to google assembly language forums?
Are we supposed to do that for you?
On Tue, Sep 30, 2008 at 5:30 AM, Lin George wrote:
> Thanks Tim, > > > Good to learn from you rbp is not mandatory. > > > By the way, this was not, strictly speaking, a “windbg” question, so > > one might suggest that a different forum would be more appropriate. > > It is one question I found through my debugging using Windbg. If this > question is not quite approriate to this email list, could you suggest some > others please? Even if I am not as experienced as you guys and sometimes ask > stupid questions, I want to follow the policy here to reduce inconvenience > to others. > > > regards, > George > > > ----- Original Message ---- > From: “xxxxx@probo.com” > To: Kernel Debugging Interest List > Sent: Monday, September 29, 2008 11:53:17 AM > Subject: Re: [windbg] question about cin – why ebp is not used in a > function?? > > On Sun, Sep 28, 2008 at 01:43:02AM -0700, Lin George wrote: > > > > I posted the source codes related with assembly code for a very simple > > program below. I have inlined my questions. > > Let me repeat my question here, > > 1. ebp is not used in function main? only esp is used to represent > variables > > on stack? > > You are compiling and running this on a 64-bit machine, so the register > names are “rsp” and “rbp”, not “esp” and “ebp”. > > “ebp” (or “rbp”) is only used as a convenience, because a given parameter > is > always at the same offset from ebp, for example, “ebp+4” no matter how much > stack junk goes on. > > However, the compiler certainly KNOWS how many things it has pushed on the > stack at any given point. So, if it has pushed 0x20 bytes of local data > and 0x10 bytes of parameters during a function call, it knows that > “ebp+4” is the same as “esp+0x34”. It’s more work at compile time, but > it frees up ebp for other uses. > > > > 2. what is the purpose of rdx in statement “lea rdx,[rsp+30h]”, store the > > 2nd parameter to operator <<, which is address of b (address of an > integer)? > > You just answered your own question. In x64 land, the first parameter > to a function (or the “this” parameter in a C++ method) goes in rcx. > The next parameter goes in rdx. > > http://msdn.microsoft.com/en-us/library/ms235286.aspx > > By the way, this was not, strictly speaking, a “windbg” question, so > one might suggest that a different forum would be more appropriate. > – > Tim Roberts, xxxxx@probo.com > Providenza & Boeklheide, Inc. > > — > You are currently subscribed to windbg as: xxxxx@yahoo.com > To unsubscribe send a blank email to xxxxx@lists.osr.com > > > > > > — > You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’ > To unsubscribe send a blank email to xxxxx@lists.osr.com >
> By the way, this was not, strictly speaking, a "windbg" question, so
> one might suggest that a different forum would be more appropriate.
It is one question I found through my debugging using Windbg. If this
question is not quite approriate to this email list, could you suggest
some others please? Even if I am not as experienced as you guys and
sometimes ask stupid questions, I want to follow the policy here to
reduce inconvenience to others.
There are several newsgroups dedicated to x86 assembly programming. comp.lang.asm.x86 is a good one with lots of experts, although it is not very tolerant if poor questions. microsoft.public.masm has a lot less people, but is more tolerant.
I only find this one from top searched ones. microsoft.public.masm. Do you have any other ones to recommend?
regards,
George
----- Original Message ----
From: Jim Donelson To: Kernel Debugging Interest List Sent: Tuesday, September 30, 2008 9:49:03 PM Subject: Re: [windbg] question about cin – why ebp is not used in a function??
You see that’s the problem with you George. You just not a self starter.
How hard would it be to google assembly language forums?
Are we supposed to do that for you?
On Tue, Sep 30, 2008 at 5:30 AM, Lin George wrote:
Thanks Tim,
Good to learn from you rbp is not mandatory.
> By the way, this was not, strictly speaking, a “windbg” question, so > one might suggest that a different forum would be more appropriate.
It is one question I found through my debugging using Windbg. If this question is not quite approriate to this email list, could you suggest some others please? Even if I am not as experienced as you guys and sometimes ask stupid questions, I want to follow the policy here to reduce inconvenience to others.
regards, George
----- Original Message ---- From: “xxxxx@probo.com” To: Kernel Debugging Interest List Sent: Monday, September 29, 2008 11:53:17 AM Subject: Re: [windbg] question about cin – why ebp is not used in a function??
On Sun, Sep 28, 2008 at 01:43:02AM -0700, Lin George wrote: > > I posted the source codes related with assembly code for a very simple > program below. I have inlined my questions. > Let me repeat my question here, > 1. ebp is not used in function main? only esp is used to represent variables > on stack?
You are compiling and running this on a 64-bit machine, so the register names are “rsp” and “rbp”, not “esp” and “ebp”.
“ebp” (or “rbp”) is only used as a convenience, because a given parameter is always at the same offset from ebp, for example, “ebp+4” no matter how much stack junk goes on.
However, the compiler certainly KNOWS how many things it has pushed on the stack at any given point. So, if it has pushed 0x20 bytes of local data and 0x10 bytes of parameters during a function call, it knows that “ebp+4” is the same as “esp+0x34”. It’s more work at compile time, but it frees up ebp for other uses.
> 2. what is the purpose of rdx in statement “lea rdx,[rsp+30h]”, store the > 2nd parameter to operator <<, which is address of b (address of an integer)?
You just answered your own question. In x64 land, the first parameter to a function (or the “this” parameter in a C++ method) goes in rcx. The next parameter goes in rdx.
By the way, this was not, strictly speaking, a “windbg” question, so one might suggest that a different forum would be more appropriate. – Tim Roberts, xxxxx@probo.com Providenza & Boeklheide, Inc.
Thanks Tim, you are so kind. I must distinguish categories of questions in the future.
regards,
George
----- Original Message ----
From: Tim Roberts To: Kernel Debugging Interest List Sent: Wednesday, October 1, 2008 1:14:00 AM Subject: Re: [windbg] question about cin – why ebp is not used in a function??
You wrote: > >> By the way, this was not, strictly speaking, a “windbg” question, so >> one might suggest that a different forum would be more appropriate. > >It is one question I found through my debugging using Windbg. If this >question is not quite approriate to this email list, could you suggest >some others please? Even if I am not as experienced as you guys and >sometimes ask stupid questions, I want to follow the policy here to >reduce inconvenience to others.
There are several newsgroups dedicated to x86 assembly programming. comp.lang.asm.x86 is a good one with lots of experts, although it is not very tolerant if poor questions. microsoft.public.masm has a lot less people, but is more tolerant. – Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
