May 27th, 2009, 12:08 AM
memory stack size calculation
i am trying to write a Perl script that calculates the memory stack size utilized by functions by using the assembly instruction that assigns memory on stack. This is a lot like checkstack.pl for Linux.
From all the reading up i have done so far i have managed to figure out that the assembly code for allocating memory on the stack is:
where 0Ch is the hexadecimal value representing the amount of memory to be allocated on the stack.
00000499: 81 EC 94 0F 00 00 sub esp,0Ch
I used dumpbin /DISASM to disassemble.
am I working with the right assembly instruction? i have also seen assembly instructions like
note the missing h, so does VC++ use both hex and integer values for allocating memory on the stack?
00004431: 83 EC 08 sub esp,8
May 28th, 2009, 08:11 AM
Re: memory stack size calculation
You are right. Allocating memory on the stack is nothing else than a subtraction of x bytes from the stack pointer.
If you see sub esp,8, this could be to reserve space for a long long integer (64-bit long), or for the address of a variable (a pointer) containing 32 bits for the segment and 32 bits for the offset.
If you see sub esp,0Ch, this could be to reserve space for an array of 12 characters.
In assembly, and other languauges, there is a difference between an integer and a float. But there is no difference between an hexadecimal value and a decimal value. The value remains the same, and they are both integers. It's like whether you are using pounds or kilograms, you get the same weight.
does VC++ use both hex and integer values for allocating memory on the stack?
There are other statements affecting the stack. You have push and pop, call and ret .
I am trying to write a Perl script that calculates the memory stack size utilized by functions by using the assembly instruction that assigns memory on stack.
N.B. You will almost never see add esp,x. This is because you free (or reallocate) memory from the stack with ret x.
Edit: There are also direct access to some locations on the stack with references to bp + n (or ebp + n). Previously bp was initialized with mov bp, sp.
Last edited by olivthill2; May 29th, 2009 at 07:10 AM.
Tags for this Thread
Click Here to Expand Forum to Full Width