Topic created on: June 7, 2007 06:23 CDT by stahl .

hi everyone.

i am trying to get a consistent way of figuring out where in the stack a operand is or a push or pop occurs.

i thought, that a offset to the base pointer would be the right id for this.

please correct me if i am wrong.

so when a

push eax occurs, get_spd(func,ea) tells me the offset from bp. is that right? the sdk says: "difference between [BP-frame size] and SP registers" i don�t understand the expresion "[bp-frame size]" why frame size? i thought it was the offset from bp, to sp? pleas can someone help me with this?

the same with
pop eax. i thought i would get the popped location by its spd, too.


but what is with expressions, like:
lea ecx, [esp+54h+var_44]?
with get_spd() i still can get the actual spd (of which i still understand totaly its definition, see above)
and with calc_stkvar_struc_offset(func,ea,1) i could get the offset in the frame structure. this offset is not the offset from the bp, right? if it is zero, it just says, that it is the ever-top of the stack, right? how can i calculate the bp offset of this operand?

and how to do it in a consistent way (push, pop, mov)?

thank you for your support!
bye
stahl