© Wendy Zhang, Computer Science & IT Department
Chapter 8 Advanced Procedures
I. Chapter Objectives
After reading this Chapter, you should be able to understand or do each of the following:
 Understand how stack frames are used by high-level languages
 Know how to pass parameters by value and by reference on the stack
 Know how to create and access local variables on the stack
 Know how to write recursive functions in assembly language
 Know how to use the advanced forms of the INVOKE, ADDR, PROC, and PROTO
directives
 Know how to export and import function and variable names across module boundary
II. Lecture Notes
1. Stack Frames
 Basic concepts
o Argument – value passed to a procedure by a calling program
o Parameter – value received by the called procedures
 Two basic types of procedure parameters
o Register parameter
 Used by Irvine32 and Irvine 16 libraries
 Existing register contents often must bed saved before they can be loaded with
argument value
 Example – call dumpMem
pushad
mov esi,OFFSET array
mov ecx,LENGTHOF array
mov ebx,TYPE array
call DumpMem
popad
o Stack parameter
 Used by all high-level languages
 More convenient than register parameters
 The required arguments must be pushed on the stack by a called program
 Example – call DumpMem
push
push
push
call

TYPE array
LENGTHOF array
OFFSET array
DumpMem
INVOKE directive can automatically pushes arguments on the stack and calls a
procedure
INVOKE DumpMem, OFFSET array, LENGTHOF Array, TYPE array
Assembly Language
1
Chapter 8
© Wendy Zhang, Computer Science & IT Department

Stack Frame
o Also known as an activation record, it is created when the running program begins to
execute a procedure
o Area of the stack set aside for a procedure's return address, passed parameters, saved
registers, and local variables
o Created by the following steps:
 Calling program pushes arguments on the stack
 Calls the procedure and the return address is pushed on the stack
 The called procedure pushes EBP on the stack
- EBP register is used by high-level languages to reference parameters and
variables on the stack
- EBP is often called the base pointer or frame pointer register because it holds
the base address of the stack frame
- EBP does not change value during the procedure
- EBP must be restored to its original value when a procedure returns
 EBP is set equal to ESP
- ESP register addresses data on the stack
- ESP is often called the extended stack pointer register
 If local variables are needed, a constant is subtracted from ESP to make room on
the stack
o Stack Frame Example
.data
sum DWORD ?
.code
push 6
push 5
call AddTwo
mov sum,eax
AddTwo PROC
push ebp
mov ebp,esp
;
;
;
;
second argument
first argument
EAX = sum
save the sum
The contents of the the stack frame after the two instructions have executed:
00000006
[EBP + 12]
00000005
[EBP + 8]
return address
[EBP + 4]
EBP

Note: The stack grows downward in memory
EBP, ESP
Explicit Access to Stack Parameters
o A procedure can explicitly access stack parameters using constant offsets from EBP
The AddTwo procedure can add two arguments’ values and store the sum in EAX
AddTwo PROC
push ebp
mov ebp,esp
mov eax, [ebp + 12]
add eax, [ebp + 8]
pop ebp
ret 8
AddTwo ENDP
Assembly Language
; base of stack frame
;
second argument
;
first argument
;
2
clean up the stack
Chapter 8
© Wendy Zhang, Computer Science & IT Department


RET Instruction
o Return from subroutine
o Pops stack into the instruction pointer (EIP or IP)
o Control transfers to the target address
o Syntax: RET
RET n
o Optional operand n causes n bytes to be added to the stack pointer after EIP (or IP) is
assigned a value
o After adding n to the stack pointer, reset it to the value it had before the arguments
were pushed on the stack by the calling program
Passing Arguments
o Passing by Value
 A copy of a variable’s value is passed to the procedure
 To protect the arguments against being changed by the called procedure
 The argument is a variable
o Passing by Reference
 The address of a variable is passed to procedure
 The called procedure can modify the variable’s contents via the address
 Example
- The ArrayFill procedure fills an array with 16-bit random integers
- The calling program passes the address of the array, along with a count of the
number of array elements
.data
count = 100
array WORD count DUP(?)
.code
push OFFSET array
push COUNT
call ArrayFill
- ArrayFill can reference an array without knowing the array's name
ArrayFill PROC
push ebp
mov ebp,esp
pushad
mov
mov
cmp
jle
esi,[ebp+12]
ecx,[ebp+8]
ecx,0
L2
;
;
;
;
offset of array
array size
ECX < 0?
yes: skip over loop
offset(array)
[EBP + 12]
count
[EBP + 8]
return address
EBP
L1:
mov eax,10000h
; get random 0 - FFFFh
call RandomRange ; from the link library
mov [esi],eax
add esi,TYPE WORD
loop L1
L2: popad
pop ebp
ret 8 ; clean up the stack
ArrayFill ENDP
Assembly Language
3
Chapter 8
EBP
© Wendy Zhang, Computer Science & IT Department

Local Variables
o A variable that is created, used, and destroyed within a single procedure
o To explicitly create local variables, subtract their total size from ESP
o Example: creates and initializes two 32-bit local variables ( locA and locB)
MySub PROC
push ebp
mov ebp,esp
sub esp,8
mov [ebp-4],123456h ; locA
mov [ebp-8],0 ; locB

.
LEA Instruction
o The LEA instruction returns offsets of both direct and indirect operands
o OFFSET operator can only return constant offsets
o LEA is required when obtaining the offset of a stack parameter or local variable.
o For example:
CopyString PROC,
count:DWORD
LOCAL temp[20]:BYTE
mov
mov
lea
lea
.

edi,OFFSET count
esi,OFFSET temp
edi,count
esi,temp
;
;
;
;
invalid operand
invalid operand
ok
ok
Parameter Classifications
o An input parameter is data passed by a calling program to a procedure
- The called procedure is not expected to modify the corresponding parameter
variable, and even if it does, the modification is confined to the procedure itself
o An output parameter is created by passing a pointer to a variable when a procedure is
called
- The procedure does not use any existing data from the variable, but it fills in a
new value before it returns
o An input-output parameter is a pointer to a variable containing input that will be
both used and modified by the procedure
- The variable passed by the calling program is modified
o Example: Exchanging Two Integers
pValX and pValY do not change values, but the integers they point to are modified
Swap PROC USES eax esi edi,
pValX:PTR DWORD, ; pointer to first integer
pValY:PTR DWORD ; pointer to second integer
mov esi,pValX
; get pointers
mov edi,pValY
mov eax,[esi]
; get first integer
xchg eax,[edi] ; exchange with second
mov [esi],eax
; replace first integer
ret
Swap ENDP
Assembly Language
4
Chapter 8
© Wendy Zhang, Computer Science & IT Department

ENTER and LEAVE
o ENTER instruction creates stack frame for a called procedure
 pushes EBP on the stack
 sets EBP to the base of the stack frame
 reserves space for local variables
o LEAVE instruction terminates the stack frame for a procedure
 Reverse the action of a previous ENTER instruction
 Restore ESP and EPS to the values were assigned when the procedure was called
o Example:
MySub PROC
enter 8,0
.
leave
ret
MySub ENDP
Equivalent to:
MySub PROC
push ebp
mov ebp,esp
sub esp,8
.
mov esp, ebp
pop ebp
ret
MySub ENDP

o Note if you use the ENTER instruction , use the LEAVE instruction at the end of the
same procedure
LOCAL Directive
o A local variable is created, used, and destroyed within a single procedure
o The LOCAL directive declares a list of local variables
o immediately follows the PROC directive
o each variable is assigned a type
o Syntax: LOCAL varlist
o Example:
BubbleSort PROC
LOCAL temp:DWORD, SwapFlag:BYTE
. . .
ret
BubbleSort ENDP
MASM generates the following code:
BubbleSort PROC
The stack frame for the BubbleSort procedure:
push ebp
mov ebp,esp
add esp,0FFFFFFF8h ; add -8 to ESP
return address
. . .
EBP
EBP
mov esp,ebp
temp
[EBP - 4]
pop ebp
ESP
SwapFlag
ret
[EBP - 8]
BubbleSort ENDP
Assembly Language
5
Chapter 8
© Wendy Zhang, Computer Science & IT Department

Non-Doubleword Local Variables
o Local variables can be different sizes
o How created in the stack by LOCAL directive:
 8-bit: assigned to next available byte
 16-bit: assigned to next even (word) boundary
 32-bit: assigned to next doubleword boundary
o Local Byte Variable
Example1 PROC
LOCAL var1:BYTE
mov al,var1
; [EBP - 1]
ret
Example1 ENDP

WriteStackFrame Procedure
o Displays contents of current stack frame
o Prototype:
WriteStackFrame PROTO,
numParam:DWORD,
; number of passed parameters
numLocalVal: DWORD, ; number of DWordLocal variables
numSavedReg: DWORD ; number of saved registers
o WriteStackFrame Example
main PROC
mov eax, 0EAEAEAEAh
mov ebx, 0EBEBEBEBh
INVOKE aProc, 1111h, 2222h
exit
main ENDP
aProc PROC USES eax ebx,
x: DWORD, y: DWORD
LOCAL a:DWORD, b:DWORD
PARAMS = 2
LOCALS = 2
SAVED_REGS = 2
mov a,0AAAAh
mov b,0BBBBh
INVOKE WriteStackFrame, PARAMS, LOCALS, SAVED_REGS
Assembly Language
6
Chapter 8
© Wendy Zhang, Computer Science & IT Department
2. Recursion
 What is Recursion?
o The process created when . . .
 A procedure calls itself
 Procedure A calls procedure B, which in turn calls procedure A
o Using a graph in which each node is a procedure and each edge is a procedure call,
recursion forms a cycle:
A

E
B
D
C
Calculating a Factorial
o This function calculates the factorial of integer n
o A new value of n is saved in each stack frame:
int function factorial(int n)
{
if(n == 0)
return 1;
else
return n * factorial(n-1);
}
recursive calls
backing up
5! = 5 * 4!
5 * 24 = 120
4! = 4 * 3!
4 * 6 = 24
3! = 3 * 2!
3*2=6
2! = 2 * 1!
2*1=2
1! = 1 * 0!
1*1=1
0! = 1
1=1
(base case)
o Assembly Code
Factorial PROC
push ebp
mov ebp,esp
mov eax,[ebp+8]
; get n
cmp eax,0
; n < 0?
ja
L1
; yes: continue
mov eax,1
; no: return 1
jmp L2
L1: dec eax
push eax
call Factorial
; Factorial(n-1)
; Instructions from this point on execute when each
; recursive call returns.
ReturnFact:
mov ebx,[ebp+8] ; get n
mul ebx
; eax = eax * ebx
L2: pop ebp
ret 4
Factorial ENDP
Assembly Language
; return EAX
; clean up stack
7
Chapter 8
© Wendy Zhang, Computer Science & IT Department
o Suppose we want to calculate 12!
 This diagram shows the first few stack frames created by recursive calls to
Factorial
 Each recursive call uses 12 bytes of stack space
12
n
ReturnMain
ebp0
11
n-1
ReturnFact
ebp1
10
n-2
ReturnFact
ebp2
9
n-3
ReturnFact
ebp3
(etc...)
Assembly Language
8
Chapter 8
© Wendy Zhang, Computer Science & IT Department
3. .MODEL Directive
 .MODEL directive specifies a program's memory model and model options (languagespecifier).
 Syntax: .MODEL memorymodel [,modeloptions]
o memorymodel can be one of the following:
tiny, small, medium, compact, large, huge, or flat
o modeloptions includes the language specifier:
- procedure naming scheme
- parameter passing conventions
 Memory Models
o A program's memory model determines the number and sizes of code and data
segments
o Real-address mode supports tiny, small, medium, compact, large, and huge models
o Small model: code < 64 KB, data (including stack) < 64 KB. All offsets are 16 bits
o Protected mode supports only the flat model
o Flat model: single segment for code and data, up to 4 GB. All offsets are 32 bits
 Language Specifiers
o C:
- procedure arguments pushed on stack in reverse order (right to left)
- calling program cleans up the stack
o STDCALL
- procedure arguments pushed on stack in reverse order (right to left)
- called procedure cleans up the stack
Assembly Language
9
Chapter 8
© Wendy Zhang, Computer Science & IT Department
4. INVOKE, ADDR, PROC, and PROTO
 INVOKE Directive
o The INVOKE directive is a powerful replacement for Intel’s CALL instruction that
lets you pass multiple arguments
o Syntax: INVOKE procedureName [, argumentList]
 ArgumentList is an optional comma-delimited list of procedure arguments
 Arguments can be:
- immediate values and integer expressions
- variable names
- address and ADDR expressions
- register names
o INVOKE Examples
.data
byteVal BYTE 10
wordVal WORD 1000h
.code
; direct operands:
INVOKE Sub1,byteVal,wordVal
; address of variable:
INVOKE Sub2,ADDR byteVal
; register name, integer expression:
INVOKE Sub3,eax,(10 * 20)
; address expression (indirect operand):
INVOKE Sub4,[ebx]

ADDR Operator
o Returns a near or far pointer to a variable, depending on which memory model your
program uses:
 Small model: returns 16-bit offset
 Large model: returns 32-bit segment/offset
 Flat model: returns 32-bit offset
o Simple example:
.data
myWord WORD ?
.code
INVOKE mySub,ADDR myWord

PROC Directive
o The PROC directive declares a procedure with an optional list of named parameters.
o Syntax: label PROC paramList
 paramList is a list of parameters separated by commas
 Each parameter has the following syntax:
paramName : type
type must either be one of the standard ASM types (BYTE, SBYTE, WORD,
etc.), or it can be a pointer to one of these types
Assembly Language
10
Chapter 8
© Wendy Zhang, Computer Science & IT Department
o Alternate format permits parameter list to be on one or more separate lines:
label PROC,
paramList
- The parameters can be on the same line . . .
param-1:type-1, param-2:type-2, . . ., param-n:type-n
- Or they can be on separate lines:
param-1:type-1,
param-2:type-2,
. . .,
param-n:type-n
o PROC Example: FillArray receives a pointer to an array of bytes, a single byte fill
value that will be copied to each element of the array, and the size of the array
FillArray PROC,
pArray:PTR BYTE, fillVal:BYTE
arraySize:DWORD
L1:
mov ecx,arraySize
mov esi,pArray
mov al,fillVal
mov [esi],al
inc esi
loop L1
ret
FillArray ENDP

PROTO Directive
o Creates a procedure prototype
o Syntax: label PROTO paramList
o Every procedure called by the INVOKE directive must have a prototype
o A complete procedure definition can also serve as its own prototype
o Standard configuration:
- PROTO appears at top of the program listing
- INVOKE appears in the code segment
- The procedure implementation occurs later in the program
MySub PROTO
; procedure prototype
.code
INVOKE MySub
; procedure call
MySub PROC
.
.
MySub ENDP
; procedure implementation
o PROTO Example:
Prototype for the ArraySum procedure, showing its parameter list:
ArraySum PROTO,
ptrArray:PTR DWORD,
szArray:DWORD
Assembly Language
; points to the array
; array size
11
Chapter 8
© Wendy Zhang, Computer Science & IT Department
5. Creating Multimodule Programs
 A multimodule program is a program whose source code has been divided up into
separate ASM files
 Each ASM file (module) is assembled into a separate OBJ file
 All OBJ files belonging to the same program are linked using the link utility into a single
EXE file
- This process is called static linking
 Advantages
o Large programs are easier to write, maintain, and debug when divided into separate
source code modules
o When changing a line of code, only its enclosing module needs to be assembled again
o Linking assembled modules requires little time
o A module can be a container for logically related code and data (object-oriented)
o Encapsulation: procedures and variables are automatically hidden in a module
 Basic steps to follow when creating a multimodule program:
o Create the main module
o Create a separate source code module for each procedure or set of related procedures
o Create an include file that contains procedure prototypes for external procedures
(ones that are called between modules)
o Use the INCLUDE directive to make your procedure prototypes available to each
module
 Example: ArraySum Program
Structure Chart:
Summation
Program (main)
Clrscr
PromptForIntegers
WriteString
ReadInt
ArraySum
DisplaySum
WriteString
INCLUDE File:
INCLUDE Irvine32.inc
PromptForIntegers PROTO,
ptrPrompt:PTR BYTE,
ptrArray:PTR DWORD,
arraySize:DWORD
; prompt string
; points to the array
; size of the array
ArraySum PROTO,
ptrArray:PTR DWORD,
count:DWORD
; points to the array
; size of the array
DisplaySum PROTO,
ptrPrompt:PTR BYTE,
theSum:DWORD
; prompt string
; sum of the array
Assembly Language
12
Chapter 8
WriteInt
© Wendy Zhang, Computer Science & IT Department
Main
TITLE Integer Summation Program
;
;
;
;
;
(Sum_main.asm)
Multimodule example:
(main module)
This program inputs multiple integers from the user,
stores them in an array, calculates the sum of the
array, and displays the sum.
Last update: 8/29/01
INCLUDE sum.inc
; modify Count to change the size of the array:
Count = 3
.data
prompt1
prompt2
array
sum
BYTE "Enter a signed integer: ",0
BYTE "The sum of the integers is: ",0
DWORD Count DUP(?)
DWORD ?
.code
main PROC
call Clrscr
INVOKE PromptForIntegers,
ADDR prompt1,
ADDR array,
Count
; input the array
INVOKE ArraySum,
ADDR array,
Count
mov sum,eax
; sum the array
; (returns sum in EAX)
INVOKE DisplaySum,
ADDR prompt2,
sum
; display the sum
; save the sum
call Crlf
INVOKE ExitProcess,0
main ENDP
END main
Assembly Language
13
Chapter 8
© Wendy Zhang, Computer Science & IT Department
PromptForIntegers
TITLE Prompt For Integers
(_prompt.asm)
; Last update: 8/29/01
INCLUDE sum.inc
.code
;----------------------------------------------------PromptForIntegers PROC,
ptrPrompt:PTR BYTE,
; prompt string
ptrArray:PTR DWORD,
; pointer to array
arraySize:DWORD
; size of the array
;
; Prompts the user for an array of integers and fills
; the array with the user's input.
; Returns: nothing
;----------------------------------------------------pushad
; save all registers
mov
cmp
jle
mov
mov
ecx,arraySize
ecx,0
L2
edx,ptrPrompt
esi,ptrArray
call
call
call
mov
add
loop
WriteString
ReadInt
Crlf
[esi],eax
esi,4
L1
; array size <= 0?
; yes: quit
; address of the prompt
L1:
;
;
;
;
;
display string
read integer into EAX
go to next output line
store in array
next integer
L2:
popad
ret
PromptForIntegers ENDP
; restore all registers
END
Assembly Language
14
Chapter 8
© Wendy Zhang, Computer Science & IT Department
ArraySum
TITLE ArraySum Procedure
(_arrysum.asm)
INCLUDE sum.inc
.code
;----------------------------------------------------ArraySum PROC,
ptrArray:PTR DWORD,
; pointer to array
arraySize:DWORD
; size of array
;
; Calculates the sum of an array of 32-bit integers.
; Returns: EAX = sum
;----------------------------------------------------push ecx
; don't push EAX
push esi
mov eax,0
; set the sum to zero
mov esi,ptrArray
mov ecx,arraySize
cmp ecx,0
; array size <= 0?
jle AS2
; yes: quit
AS1:
add eax,[esi]
; add each integer to sum
add esi,4
; point to next integer
loop AS1
; repeat for array size
AS2:
pop esi
pop ecx
; return sum in EAX
ret
ArraySum ENDP
END
DisplaySum
TITLE DisplaySum Procedure
(_display.asm)
INCLUDE Sum.inc
.code
;----------------------------------------------------DisplaySum PROC,
ptrPrompt:PTR BYTE,
; prompt string
theSum:DWORD
; the array sum
;
; Displays the sum on the console.
; Returns: nothing
;----------------------------------------------------push eax
push edx
mov edx,ptrPrompt
; pointer to prompt
call WriteString
mov eax,theSum
call WriteInt
; display EAX
call Crlf
pop edx
pop eax
ret
DisplaySum ENDP
END
Assembly Language
15
Chapter 8
© Wendy Zhang, Computer Science & IT Department
6.
Trouble-Shooting Tips
 Save and restore registers when they are modified by a procedure except a register that
returns a function result
 When using INVOKE, be careful to pass a pointer to the correct data type.
- MASM cannot distinguish between a DWORD argument and a PTR BYTE argument
 Do not pass an immediate value to a procedure that expects a reference parameter
- Dereferencing its address will likely cause a general-protection fault.
Assembly Language
16
Chapter 8