CODEWITHSUNDEEP
assemblyx86
codrgi
codrgi

Reputation: 211

Assembly return address

i want to get the return address of a function in assembly and then compare that return address value with another value without corrupting the stack or changing anything in the stack,

how can that be done in assembly?

i'm using x86

Upvotes: 5

Views: 34865

Answers (3)

Alexey Frunze
Alexey Frunze

Reputation: 62106

In general you would need to disassemble the function in question either manually or with some code of yours and analyze the disassembly (again, either manually or with some sort of heuristic algorithm in code) to see the behavior of the stack pointer and any related registers (e.g. ebp) or variables in that function till the point where starts your code that needs the return address.

If you do everything by hand, it'll be easy to find out the return address location and hard-code it but the resulting code will be very fragile as any code changes and changes in how you compile it can break it.

OTOH, implementing a solution in code that would work always (or almost always) despite code changes and changes in compilation is going to be very tedious and hard.

Can you tell us why you need the return address? What is the problem that you're trying to solve with this?

Upvotes: 2

Pyjong
Pyjong

Reputation: 3207

Usualy on x86 if using stdcall convention return address is stored at content of register ebp +4. So cmp ebp, whatever; should do the job. Actualy it's not dependent from calling convention rather as it depends whether your compiler puts push ebp as the first instruction of your function, which it usualy does. Generaly the function then looks like:

push ebp
mov ebp,esp
sub esp,size_of_local_variables
...
somehting something something
...
mov esp, ebp
pop ebp
ret

Upvotes: 11

old_timer
old_timer

Reputation: 71626

You can create a wrapper function.

int the_real_function ( unsigned int a, unsigned int b )
{
//stuff
return(something);
}

Create a few lines of assembler:

function_name:
  save registers if needed
  grab the return address here
  if passed on stack copy parameters
  call the_real_function
  if return is stack based place it where needed
  restore registers if needed
  return

Not real asm code obviously. The function that you are wishing to inspect you would rename, then the asm would have the name of the function, compile and link and all calls to the function go through the wrapper. To write the above you have to know the calling convention for that target, compiler, compiler options, etc.

Upvotes: 1

Related Questions