Guide 1: Win32ASM Principles (Chinese translation: X Xiao Edward)
This guide wants to let readers know how to use MASM. If you are not familiar with MASM, please
Download a Win32asm.exe and learn from this guide. Ok, now ready
Let us go together!
Principle Overview:
Win32 programs in the protection mode are started from 80286, but this has become history.
So we are involved here are 80386 and later versions of us.
Windows run a single Win32 program in a separate virtual disk space. This means this means
It is said that each Win32 program has its own independent 4GB addressing space. But this does not mean every
The Win32 program has 4GB of physical storage space, just this program can be here.
It is addressed in the range. Work is handled by Windows and confirms this program memory address
Validity. Of course, this program must be compiled according to Windows program rules.
Talent. Unlike the Win16 program, all Win16 programs "see" each other.
This is not in Win32. This feature helps reduce a program code override another program
Possible. Memory mode is also completely different from previous Win16 world. In Win32 world,
We don't need to consider memory mode or what segment. There is only one mode here: Flat Memory Model.
There is also no limit on the 64K segment address here. Memory is a 4GB continuous large space.
That is to say, we don't have to play with segment registers. We can also use some segment registers to
Addressing somewhere in memory. This is a great help for programmers. This also
Compiling Win32 programs and C language.
When you compile the program under Win32, you have to know some important rules. One of them is:
The internal use of ESI, EDI, EBP, and EBX inside Windows cannot change the value in this register. and so
Remember this rule means: If you use these four registers in the return function
If you don't forget to recover the initial value when you return to WINDOW. A return function is in your program
Return to Window. A returning function is the most typical private function called by Windows.
The example is Windows program. But this doesn't mean you can't use these four registers, just as long as
You can confirm that they have recovered their initial values when returning to Windows.
Code content:
Below is the main framework of Win32 assembler code. If you don't understand these code, don't
Announce, I will give a detailed explanation later.
.386
.Model flat, stdcall
.DATA
.........
.DATA?
.........
.Const
.......
.Code
......
END
These, let us analyze this main frame!
.386
This is an assembler command that tells the assembly compiler to use the 80386 instruction set, you can also use .486 ,.586.
But reliable instruction sets are still used. 386. There are still two actual intent sets: .386 / .386p, .486 / .486p;
The set of instructions with "P" is only used when there is a privileged directive. The privileged instruction set is only in protection mode
It is accepted by this CPU / operating system. They can only be used by privileged code, such as device drivers.
In most cases, your program is working in non-privileged mode, so security is to use instructions without "P".
.Model flat, stdcall
.MODEL is a directive to mark memory mode, in Win32, only this mode: FLAT.
StdCall is a pass mode that tells the compiler parameters. In this mode: left to right or right to left.
And balance the stack after completing the subroutine. Under Win16, there are two transmission modes: C and Pascal. The C subprogram transmission is right-to-left, the rightmost parameter will first be pressed, and the balance stack is required at the end of the delivery. For example: a name
The foo program is called, (int first_param, int standard_param, int third_param) passed in C
The assembly code in the middle is as follows.
Push [third_param]; press the third parameter
Push [SECOND_PARAM]; pressing the second parameter
Push [first_param]; pressing the first parameter
Call foo
Add SP, 12; Balance Stack
Pascal is just in contrast to C transmission mode, which is passed through left to right and balance the stack after completing the subroutine.
Win16 takes a PASCAL transfer mode because its running code is small. C transfer mode is in you don't know to pass
How many parameters such as a WSPrintf () subroutine. In the WSPrintf () subroutine, the subroutine cannot be pre-known in advance.
How many parameters are pressed, so you don't know how to balance the stack.
Stdcall is a synthesis of C and PASCAL transmission mode, which transmits parameters through right to left passing the parameters and balances the stack, and
Only delivery mode for Win32 is dedicated. But there is also an exception is WSPRINTF (), you must use C to transfer mode.
.DATA
.DATA?
.Const
.Code
What is the use of these four instructions? Do you remember it under Win32? But you can still follow
Logical partitions divided your address space. This first partition table is the end of the previous partition. Here we are divided into two partitions,
Data and Code. Data partition is divided into three categories:
This partition contains the initialization code of your program.
.DATA? This partition contains unaptified data for your program, sometimes you want to pre-assign some memory but don't want to initialize it,
This partition is set for this idea. The advantage of this uninited data is: it does not increase the size of the program capacity.
For example, you are in .data? Assign 10,000 bytes capacity, but your program does not increase 10,1000 bytes. It still
Like the original size. You just tell the compiler how much space you need when the program loads in memory. that's it.
.Const This partition contains a constant definition description of your program. Constants defined in this partition cannot be modified because
They have been defined.
You are not to use these three instructions in your program, as long as you explain the instructions you need.
The remaining partition is the code area: .code. The following is its primary frame:
end
Anything here is just to explain your code area, and it is the same as these two Label! Your code
Between and END.
