|
Pages: 1 [2] 3 4 ... 9
|
 |
|
 Author
|
Topic: EXE Jump Tables (Read 75869 times)
|
PBrennick
Never be satisfied
Member
Gender: 
Posts: 2096
Never under-estimate the power of an idea
|
In this case, yes. PoLink gives you more latitude to do such things. Especially libraries. A lot of the things that are done in the installation of the GeneSys SDK rely on such latitude and Vortex is the one I thank for that. He has put a lot of effort into being a toolmaker. It would probably be a good idea to explore his other tools, also. They are pretty fantastic.
Paul
|
|
|
|
|
Logged
|
|
|
|
|
dedndave
|
funny thing you should mention it Paul
i had just added his site to my bookmarks - lol
there are a lot of nice toys in there - not only for general use, but for learning (which is where i am)
|
|
|
|
|
Logged
|
|
|
|
|
jj2007
|
btw - it seems imperative to use PoLink
Not sure what you mean. Code below assembles & links fine wih link.exe and polink.exe... include \masm32\include\masm32rt.inc EXTERNDEF _imp__ExitProcess@4:PTR pr1 .code start: ; invoke ExitProcess, 0 invoke _imp__ExitProcess@4, 0 end start |
|
|
|
|
Logged
|
|
|
|
|
dedndave
|
ahh - it must be the includes - i have a small program i am working on
my only includes are....
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
i was trying to write some of the basic functions with no crt or masm32 files - lol
i tried the method in there and get unresolved external with link
anyways - that is a very neat technique
|
|
|
|
|
Logged
|
|
|
|
Vortex
Raider of the lost code
Member
Gender:
Posts: 3460
|
Hi Jochen, Cool indeed, Vortex - thanks. So that is how the crt_ imp stuff was created.
If I understand correctly, placing the call in the jmp table makes sense for calls that are used more than a few times. So is there a good reason to place GetCommandLine and ExitProcess there? In my opinion, all the calls should be placed in the jump table. It's practical for daily programming. It would be interesting to make include files generating direct calls. Polink is not the only option. It's my favourite MS COFF linker. MS link.exe can be used too. |
|
|
|
|
Logged
|
|
|
|
hutch--
Administrator
Member
Posts: 12013
Mnemonic Driven API Grinder
|
The answer to the question is contained in the masm32 project. Look in "tools\l2extia\" read the text file and how to use the exe file to create as many of your own include files as you need. This allows you to use the less efficient direct call form in the binary output code.. For what its worth the jump table is more efficient.
|
|
|
|
|
Logged
|
|
|
|
sinsi
Member
Gender:
Posts: 1758
RIP Bodie 1999-2011
|
If you have multiple calls to an API in a proc, it is nice to be able to load a register from the import dword and invoke using that register, that way you get the checking that invoke uses (and the code is smaller).
|
|
|
|
|
Logged
|
Light travels faster than sound, that's why some people seem bright until you hear them.
|
|
|
|
dedndave
|
i don't understand what you mean sinsi
|
|
|
|
|
Logged
|
|
|
|
|
jj2007
|
The jump table is more efficient for many reasons.
For what its worth the jump table is more efficient.
I hear the message but I don't get it. Why is a call plus a jmp, e.g. for ExitProcess, more efficient than a call without a jmp? Because the linker and/or the OS loader need a few nanoseconds less? That can't be the reason... |
|
|
|
|
Logged
|
|
|
|
|
dedndave
|
well - i can see it if the function is used several times - well - more than 2, let's say
|
|
|
|
|
Logged
|
|
|
|
sinsi
Member
Gender:
Posts: 1758
RIP Bodie 1999-2011
|
dedndave, here's what I meant prwsprintf TYPEDEF PROTO C :DWORD, :VARARG
pwsprintf TYPEDEF PTR prwsprintf
EXTERNDEF _imp__wsprintfA:pwsprintf
wsprintf TEXTEQU <_imp__wsprintfA>
...
mov esi,wsprintf
assume esi:pwsprintf
invoke esi,blah,blah
...
invoke esi,blah,blah,blah
...
ret
assume esi:nothing
Of course, that was my noob days, now I push/push/call like a real asm programmer  I asked about this once before here - http://www.masm32.com/board/index.php?topic=5486.15 |
|
|
|
|
Logged
|
Light travels faster than sound, that's why some people seem bright until you hear them.
|
|
|
|
jj2007
|
well - i can see it if the function is used several times - well - more than 2, let's say
5*5+6=31 5*6=30 More than 5... invoke ExitProcess, 0 00401001 ? 6A 00 push 0
00401003 ? E8 00000000 call <jmp.&kernel32.ExitProcess>
00401008 ? FF25 40104000 jmp near dword ptr [<&kernel32.ExitProcess>] The red bytes are the offset  |
|
|
|
|
Logged
|
|
|
|
|
dedndave
|
ahhh - that's a good one to know about also sinsi - thanks
EDIT - is call/jmp from a register faster than immediate ?
|
|
|
|
|
Logged
|
|
|
|
|
mitchi
|
The Visual C++ optimizer does that with ESI or EDI when you call the same function a lot of times...
Since they have contacts with the Intel guys and AMD guys, I assume that it's a bit faster.
|
|
|
|
|
Logged
|
|
|
|
|
dedndave
|
lol @ "contacts" - they see each other every night at bedtime
|
|
|
|
|
Logged
|
|
|
|
|
|
Pages: 1 [2] 3 4 ... 9
|
|
|
 |
The MASM Forum Archive 2004 to 2012
