I am a Beginner in x86 Assembly Language. I am writing a code for reading a thread's stack in VC++. I have inserted some assembly code in between. So here's the problem:
I get the function's return address from its stack frame. No before this return address there should be a CALL statement. So I extract out the bytes before the return address.
Sometimes it a near call like E8 ff ff ff d8. My objective is to calculate the function's base address. So for the above statement I subtract the offset 0x28 from the function's return address to get its base address (where it resides in memory).
The problem is I don't know how to calculate this for a FAR call. I have been trying to find out how to do it for some time now. So I have extracted out the first 5 bytes before the return address and they are
ff 75 08 ff d2 I think this stands for CALL ecx (ff d2) but I am not sure. I will be very grateful if someone can tell me what kind of CALL statement is this and how I can calculate the function's base address from this kind of call.