The first lesson basic concept
We first assume that you already know how to use MASM. If you don't know, please download Win32asm.exe, and please study the documentation included in it. Ok, if you are ready, let's get started!
theory:
The Win32 program runs in protection mode, and the history of the protection mode can be traced back to 80286. And today 80286 has become history. So we will only focus on the 80386 and subsequent X86 Series CPU. Windows puts each Win32 application into a separate virtual address space, that is, every application has its independent 4GB address space, of course, this is not said that they all have 4GB of physical address space, and Just say that you can address within 4GB. The operating system will complete the transfer of 4GB of virtual addresses and physical memory addresses when the application is running. This requires a specification that must be written when writing an application, otherwise it is very easy to cause memory mode errors. In the past Win16 memory mode, all applications run on the same 4GB address space, which can "see" to other programs, which is very easy to cause another application to destroy another application or even operating systems. Data or code. Unlike the memory mode of the 16-bit Windows, the memory mode of the DATA, CODE is different. Win32 has only one memory mode, which means "flat" memory mode, no 64K segment size limit, all Win32 The app is running in a continuous, flat, huge 4GB space. This also means that you don't have to deal with segment registers, you can use any segment register to address the residential space, which is very convenient for programmers, which also makes 32-bit assembly language and with C language Convenience. Programming under Win32, there are many important rules that need to be observed. One is important: Windows frequently uses ESI, EDI, EBP, EBX registers internally, and does not detect if the value of these registers is changed, so when you want to use these registers, you must save their values, stay After using it, restore them, one of the most significant application examples is in Windows's Callback function.
content:
The following block is a framework. If you don't know the exact meaning of these instructions, it doesn't matter, then I will explain it in detail.
.386 .Model flat, stdcall .data
The frame is so simple, good, I will explain now:
.386 This is a compilation language pseudo directive. He tells the compiler Our program is written using the 80386 instruction set. You can also use .486 ,.586, but the safest use. 386. For each CPU, there are two sets of almost the same pseudo-instructions: .386 / .386p, 486 / .486p, 586 / .586p. Directives with P indicate that you can use privileges in your program. Privilege-level instructions are reserved to the operating system, such as virtual device drivers. Most of the time, your programs do not have to run in the RING0 layer, so the directives that do not have suffix P are enough.
.Model flat, stdcall .Model is a directive to specify the memory mode, in Win32, only one memory model, that is, FLAT. StdCall tells the transfer agreement of the compiler parameters. The delivery agreement of the parameters refers to the order of parameters (from left to right or from right to left) and who resumes the stack pointer (caller or caller). There are two conventions under Win16: C and Pascal. C The convention specified parameter transmission order is from right to left, the one-to-right side of the parameters, the first punch, and restores the stack pointer by the caller. For example: to call the function foo (int first_param, int standard_param, int think_param); pressing the assembly code to press C:
Push [THIRD_PARAM] Push [Second_Param] Push [First_Param] Call FooAdd ESP, 3 * 4; caller's own recovery stack pointer
The PASCAL agreed and the C convention is in contrast, which specifies that the parameters are passed from left to right, and the stack is restored by the caller. Win16 uses Pascal conventions because the amount of code generated by the Pascal agreed. When you don't know the number of parameters, C is particularly useful. For example, WSPrintf does not know how to pass several parameters in advance, so it doesn't know how to restore the stack. Stdcall is a mixture of C agre, PASCAL, which specifies that the passage of parameters is from right to left, and the recovery stack is transferred by the caller. Win32 is only available with STDCALL, but except for a special case, that is, WSPrintf.
The four pseudo instructions on .data .data?., The four pseudo instructions above. We have just said that there is no "segment" in Win32, but you can divide your program into different "segmented", and a "segment" start is the end of the last "segment". There are only two "segments": DATA and CODE in Win32: Data and Code. The DATA "segmentation" is divided into three: .data includes the initialized data. .DATA? These include uninitialized data. For example, sometimes you only want to pre-assign some memory but do not want to specify the initial value. The advantage of using unmelted data is that it does not occupy the size of the executable file, such as: If you want to assign 10,000 bytes in the .DATA section, your executable size does not need to increase 10,000 words. The section is just to tell the compiler to allocate the desired byte when loading the executable file. .Const includes constant definitions. These constants cannot be changed during program operation. The application does not require all three "segments" above, which can be defined as needed. .Code This is the code "segmentation".
It is a label used to uniquely identify your code range. The two labels must be the same. All executable code for the application must be repaired between two tags.
