Thread: Softice - how do I return to calling code?
View Single Post
  #11  
Old 08-22-2002, 06:16
NE1
 
Posts: n/a
To answer sync's question, if you looked up CALL on a learning assembly site (like Randall Hyde's Art of Assembly Language Programming) you would see that the CALL instruction Pushes the offset of the next instruction following the call onto the stack.
As ESP is just a pointer to the top of the stack, the offset is stored at the address in ESP. So the answer to your question is yes, except that it is not the caller's address, but the address of the next instruction following the call.

As for some of the other stuff in this thread.
You may have noticed that I edited my last message and removed that part where I was trying to explain the difference between F11 and F12 in softice. I did this because it is hard to explain and I wasn't really explaining it right.
My answer to this question better explains what F11 does.
F12 is harder to explain because it is thread specific, but basically it executes one program step until it finds a return (within the current thread), and in the case of loops, or calls, etc., it runs the entire routine before returning control to softice. In a case where you are within a function (call) within your program (with the same thread, i.e. not an api call), then you would return at the next instruction following the call instruction.
Now, if your in an API call, your are in a different thread, so using F12, will look for the return in that thread, which is not necessarliy, the return to the program that called it (as some API functions, call other API functions, etc.). Mix that in with Windows trying to manage everything, and providing time slices for all the different applications, etc, you could end up anywhere, and thus why sometimes, you hit F12 you end up skipping right over whatever your program was doing (i.e. it acts almost like you hit F5). Softice my not pop back up for a while, because it is basically single stepping through every instruction, and in a long routine, it can take a long time. Anyway, that is the best I can explain it right now. Hopefully, I explained it enough to give a basic understanding of the differences between F11 and F12 (as they are setup by default in Softice).
Reply With Quote