1

Having a simple MessageBox program like that:

NULL          EQU 0                             ; Constants
MB_DEFBUTTON1 EQU 0
MB_DEFBUTTON2 EQU 100h
IDNO          EQU 7
MB_YESNO      EQU 4

extern _MessageBoxA@16                          ; Import external symbols
extern _ExitProcess@4                           ; Windows API functions, decorated

global Start                                    ; Export symbols. The entry point

section .data                                   ; Initialized data segment
 MessageBoxText    db "Do you want to exit?", 0
 MessageBoxCaption db "MessageBox 32", 0

section .text                                   ; Code segment
Start:
 push  MB_YESNO | MB_DEFBUTTON2                 ; 4th parameter. 2 constants ORed together
 push  MessageBoxCaption                        ; 3rd parameter
 push  MessageBoxText                           ; 2nd parameter
 push  NULL                                     ; 1st parameter
 call  _MessageBoxA@16

 cmp   EAX, IDNO                                ; Check the return value for "No"
 je    Start

 push  NULL

 call  _ExitProcess@4

My question is:
Shouldn't we add appropriate value to the esp reg after calling the MessageBoxA to restore the stack to it's previous state? If so when calling push MessageBoxCaption how much have to be added to the esp register (4?).

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Daros911
  • 435
  • 5
  • 14
  • 6
    In x86, *almost every* Win32 API uses the `stdcall` calling convention (exceptions include `wsprintf()`, etc which have to use `cdecl` instead). [Under `stdcall`, **the callee, not the caller**, is responsible for cleaning up the call stack](https://learn.microsoft.com/en-us/cpp/cpp/stdcall). So, in this case, when calling `MessageBoxA`, you have to push 16 bytes onto the stack for its 4 parameters, and then `MessageBoxA` will pop those 16 bytes off the stack when it returns. The `@16` indicates that the parameters take up 16 bytes. – Remy Lebeau Feb 22 '21 at 22:33

0 Answers0