EXE Jump Tables

PBrennick · May 30, 2009, 03:58:45 AM

In this case, yes. PoLink gives you more latitude to do such things. Especially libraries. A lot of the things that are done in the installation of the GeneSys SDK rely on such latitude and Vortex is the one I thank for that. He has put a lot of effort into being a toolmaker. It would probably be a good idea to explore his other tools, also. They are pretty fantastic.

Paul

dedndave · May 30, 2009, 04:07:49 AM

funny thing you should mention it Paul
i had just added his site to my bookmarks - lol
there are a lot of nice toys in there - not only for general use, but for learning (which is where i am)

jj2007 · May 30, 2009, 05:53:11 AM

Quote from: dedndave on May 30, 2009, 02:48:13 AM
btw - it seems imperative to use PoLink

Not sure what you mean. Code below assembles & links fine wih link.exe and polink.exe...

include \masm32\include\masm32rt.inc

EXTERNDEF _imp__ExitProcess@4:PTR pr1

.code
start:
; invoke ExitProcess, 0
invoke _imp__ExitProcess@4, 0

end start

dedndave · May 30, 2009, 06:30:18 AM

ahh - it must be the includes - i have a small program i am working on
my only includes are....

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib

i was trying to write some of the basic functions with no crt or masm32 files - lol

i tried the method in there and get unresolved external with link

anyways - that is a very neat technique

Vortex · May 30, 2009, 07:01:17 AM

Hi Jochen,

QuoteCool indeed, Vortex - thanks. So that is how the crt_ imp stuff was created.

If I understand correctly, placing the call in the jmp table makes sense for calls that are used more than a few times. So is there a good reason to place GetCommandLine and ExitProcess there?

In my opinion, all the calls should be placed in the jump table. It's practical for daily programming. It would be interesting to make include files generating direct calls.

Polink is not the only option. It's my favourite MS COFF linker. MS link.exe can be used too.

hutch-- · May 30, 2009, 07:21:17 AM

The answer to the question is contained in the masm32 project. Look in "tools\l2extia\" read the text file and how to use the exe file to create as many of your own include files as you need. This allows you to use the less efficient direct call form in the binary output code.. For what its worth the jump table is more efficient.

sinsi · May 30, 2009, 07:27:52 AM

If you have multiple calls to an API in a proc, it is nice to be able to load a register from the import dword and invoke using that register, that way you get the checking that invoke uses (and the code is smaller).

dedndave · May 30, 2009, 07:33:42 AM

i don't understand what you mean sinsi

jj2007 · May 30, 2009, 07:34:03 AM

Quote from: BogdanOntanu on May 29, 2009, 06:31:52 PM
The jump table is more efficient for many reasons.

Quote from: hutch-- on May 30, 2009, 07:21:17 AM
For what its worth the jump table is more efficient.

I hear the message but I don't get it. Why is a call plus a jmp, e.g. for ExitProcess, more efficient than a call without a jmp? Because the linker and/or the OS loader need a few nanoseconds less? That can't be the reason...

dedndave · May 30, 2009, 07:37:12 AM

well - i can see it if the function is used several times - well - more than 2, let's say

sinsi · May 30, 2009, 07:55:56 AM

dedndave, here's what I meant

Code Select


prwsprintf TYPEDEF PROTO C :DWORD, :VARARG
pwsprintf  TYPEDEF PTR prwsprintf
EXTERNDEF _imp__wsprintfA:pwsprintf
wsprintf TEXTEQU <_imp__wsprintfA>

...
  mov esi,wsprintf
  assume esi:pwsprintf
  invoke esi,blah,blah
  ...
  invoke esi,blah,blah,blah
  ...
  ret
  assume esi:nothing

Of course, that was my noob days, now I push/push/call like a real asm programmer :bdg

I asked about this once before here - http://www.masm32.com/board/index.php?topic=5486.15

jj2007 · May 30, 2009, 08:17:48 AM

Quote from: dedndave on May 30, 2009, 07:37:12 AM
well - i can see it if the function is used several times - well - more than 2, let's say

5*5+6=31
5*6=30

More than 5...

invoke ExitProcess, 0

Quote00401001 ? 6A 00 push 0
00401003 ? E8 00000000 call <jmp.&kernel32.ExitProcess>
00401008 ? FF25 40104000 jmp near dword ptr [<&kernel32.ExitProcess>]

The red bytes are the offset :bg

dedndave · May 30, 2009, 07:08:01 PM

ahhh - that's a good one to know about also sinsi - thanks

EDIT - is call/jmp from a register faster than immediate ?

mitchi · May 30, 2009, 07:40:40 PM

The Visual C++ optimizer does that with ESI or EDI when you call the same function a lot of times...
Since they have contacts with the Intel guys and AMD guys, I assume that it's a bit faster.

dedndave · May 30, 2009, 08:28:29 PM

lol @ "contacts" - they see each other every night at bedtime

News:

EXE Jump Tables