On Thu, Apr 10, 2008 at 3:02 PM, itsme <itsme at xs4all.nl> wrote:
> nummish wrote:
> > .. I wonder if it's because this is a stret call, or if it's just a
> > bad example. I'll take a look for a better example later tonight.
> >
>
> yes, _objc_msgSend_stret is an assembler function from the objective-C
> runtime
> source code can be found here: http://www.opensource.apple.com/darwinsource/
> look for 'objc4-XXX.tar.gz
>
> that is a bit strange function, you can't really declare something like
> that in C.
>
> looking at the assembler source, it ends with 'retn 4', and takes a
> variable nr of arguments.
>
Ok, I'm not crazy.. here's a function that uses only standard msgSend
and no advanced ones that have different return types
ToDoBackgroundView.setToDo:
__text:000B4ADF setToDo_ proc near ; DATA
XREF: __inst_meth:002AE568�o
__text:000B4ADF
__text:000B4ADF msgSend_recipient= dword ptr -48h
__text:000B4ADF msgSend_selector= dword ptr -44h
__text:000B4ADF var_40 = dword ptr -40h
...
__text:000B4ADF arg_0 = dword ptr 8
__text:000B4ADF arg_4 = dword ptr 0Ch
__text:000B4ADF arg_8 = dword ptr 10h
...
__text:000B4ADF 000 push ebp
__text:000B4AE0 004 mov ebp, esp
__text:000B4AE2 004 push edi
__text:000B4AE3 008 push esi
__text:000B4AE4 00C push ebx
__text:000B4AE5 010 sub esp, 3Ch
__text:000B4AE8 04C mov edi, [ebp+arg_0]
__text:000B4AEB 04C mov eax, [ebp+arg_8]
__text:000B4AEE 04C mov [ebp+var_1C], eax
...
__text:000B4BDE 04C mov [esp+48h+msgSend_recipient], eax
__text:000B4BE1 04C call _objc_msgSend
__text:000B4BE6 048 mov [esp+44h+var_3C], eax
__text:000B4BEA 048 mov eax, ds:off_28CF4C
__text:000B4BEF 048 mov [esp+44h+msgSend_selector], ebx
__text:000B4BF2 048 mov [esp+44h+var_40], eax
__text:000B4BF6 048 call _objc_msgSend
__text:000B4BFB 048 mov eax, ds:off_28DB68
__text:000B4C00 048 mov ebx, [edi+0B8h]
__text:000B4C06 048 mov [esp+44h+var_40], eax ; [ESP+4]
__text:000B4C0A 048 mov eax, [ebp+var_1C]
__text:000B4C0D 048 mov
[esp+44h+msgSend_selector], eax ; [ESP]
__text:000B4C10 048 call _objc_msgSend ; a =
[[ebp+var_1C] priorityEnabled]
...
__text:000B4CE6 048 mov [ebp+arg_8], eax; should be an int
__text:000B4CE9 048 mov eax, ds:off_289854;
selectItemAtIndex:
__text:000B4CEE 048 mov [ebp+arg_0], ebx
__text:000B4CF1 048 mov [ebp+arg_4], eax
__text:000B4CF4 048 add esp, 3Ch
__text:000B4CF7 00C pop ebx
__text:000B4CF8 008 pop esi
__text:000B4CF9 004 pop edi
__text:000B4CFA 000 leave
__text:000B4CFB 000 jmp _objc_msgSend
__text:000B4CFB setToDo_ endp
There's a few interesting notes about this now that I'm looking at it
though. The SP has already zeroed by the time it hits the leave call,
which should be popping from the stack. I guess I'm back to my
question from the other day about how this can happen or at least be
detected automatically.
The other interesting part is the jmp to the last msgSend which will
return to the caller of this function. I've seen this some, my guess
is that it's indicating something along the lines of
return [ebx selectItemAtIndex:x];
| 