API to Assembly [Archive]

Click to See Complete Forum and Search --> : API to Assembly

dw85745

Apr 27th, 2008, 11:14 AM

) What is the best way to gain an understanding of how a particular API is represented in Assembly?

Stated differently, can i just enter an API call in Visual C++ and get out assembly for that particular API call?

If so how?

Paul M

May 5th, 2008, 06:07 PM

Oh boy i haven't done any sort of ASM in so long, but if i remeber correctly all you have to do is inlcude the approriate lib and include files and then you can either invoke or push/call. Not to sure which is more effective performance wise but i am sure it would not be noticeable at all ;)

So it would be..

invoke MessageBox, NULL, text here, caption here, MB_OK

push MB_OK ;uType
push Caption ;Caption
push Text ;Text
push 0 ;HWND
call MessageBoxA

Should note invoke is an extension in MASM, it translates to push/call anyway. Not to sure if it works in winASM etc...

dw85745

May 6th, 2008, 09:50 PM

Thanks for response Paul_M

Your post had me a little confused. Are you saying if I enter this is VC

invoke MessageBox, NULL, text here, caption here, MB_OK

That VC will return this for me (or whatever) for any API?

push MB_OK ;uType
push Caption ;Caption
push Text ;Text
push 0 ;HWND
call MessageBoxA

Macka007

Dec 7th, 2008, 06:44 PM

I'm only just learning assembly but this is something i've been playing around with a bit. So, I may be wrong but I'll give it a shot.

Are you after the ASM that makes up the API or the ASM used to call the API?

If you want the ASM for the API it resides in the DLL always.
eg MessageBoxA resides in User32.dll to get the asm for MessageBoxA you will need to open User32.dll in a disassembler such as W32DASM or Ollydbg.

Invoke is used in some assemblers such as TASM, and as far as I know isn't used in VC

VC:
MessageBox NULL, "text", "Title",MB_OK

The parameters are pushed onto the stack from right to left as push decreases the esp (Stack pointer).

ASM code generated by the compiler
push 1
push <ptr to caption>
push <ptr to text>
push 0
Call MessageBoxA

The API is then able to read the values passed to it by looking in the stack
esp holds the address after call (the address to return to)
esp+4 holds the hWnd (0)
esp+8 holds the ptr to the text
esp+c holds the ptr to the caption
esp+10 holds the uType (1 for MB_OK)