Asm stdcall

Hi im currently trying to create a few hooks in another process which application was made in C++ and uses alot of stdcall which means when it calls an function it pushed the params into the stack and removes them when it leaves the function.

Delphi aka pascal dont do that with the original function type rates it uses the current register (not sure up to how many params)

So thats the reason why i try to use stdcall. my issue is that if i create any local variables it ignores that my function type is stdcall and screwup the function.

Anyone have any idea how i can solve these issues aka what im doing wrong (a bit confused since i just create 3 variables)

// function with no local variables

-- adding line since its not visible--


procedure _FindWindowHook(StackPos:dword); stdcall;

begin

end;

asm

-- adding line since its not visible--


MapleStory.exe+1CFC58 - 55                    - push ebp

MapleStory.exe+1CFC59 - 8B EC                 - mov ebp,esp

MapleStory.exe+1CFC5B - 5D                    - pop ebp

MapleStory.exe+1CFC5C - C2 0400               - ret 0004 { 4 } // remove param

// function with 3 local variables

-- adding line since its not visible--


procedure _FindWindowHook(StackPos:dword); stdcall;

var

  _RetAddy:dword;

  _ClassName:string;

  _WindowTitle:string; 

begin

end;

results in 

-- adding line since its not visible--

MapleStory.exe+1CFC58 - 55                    - push ebp

MapleStory.exe+1CFC59 - 8B EC                 - mov ebp,esp

MapleStory.exe+1CFC5B - 33 C0                 - xor eax,eax

MapleStory.exe+1CFC5D - 55                    - push ebp

MapleStory.exe+1CFC5E - 68 77FCDF10           - push MapleStory.exe+1CFC77 { [233] }

MapleStory.exe+1CFC63 - 64 FF 30              - push fs:[eax]

MapleStory.exe+1CFC66 - 64 89 20              - mov fs:[eax],esp

MapleStory.exe+1CFC69 - 33 C0                 - xor eax,eax

MapleStory.exe+1CFC6B - 5A                    - pop edx

MapleStory.exe+1CFC6C - 59                    - pop ecx

MapleStory.exe+1CFC6D - 59                    - pop ecx

MapleStory.exe+1CFC6E - 64 89 10              - mov fs:[eax],edx // why is this generated?

MapleStory.exe+1CFC71 - 68 7EFCDF10           - push MapleStory.exe+1CFC7E { [93] } // why is this generated?

MapleStory.exe+1CFC76 - C3                    - ret // decides to leave here and not remove the params??

MapleStory.exe+1CFC77 - E9 2490E3FF           - jmp MapleStory.exe+8CA0 // why is this generated?

MapleStory.exe+1CFC7C - EB F8                 - jmp MapleStory.exe+1CFC76 // why is this generated?

MapleStory.exe+1CFC7E - 5D                    - pop ebp

MapleStory.exe+1CFC7F - C2 0400               - ret 0004 { 4 } // should return here and remove param

and when im at it, anyone know how to avoid delphi/pascal auto convertion when it comes to jmp? "jmp Variable, jmp function" it instantly convert it into jmp dword ptr []

example code

-- adding line since its not visible--

var

OriginalBytes:array [0..30] of bytes





type 1

procedure myhook; assembler;

asm

dothings...

jmp OriginalBytes

end;



type 2

procedure myhook; assembler;

asm

dothings...

mov eax, OriginalBytes

jmp eax
end;



type 3

procedure myhook; assembler;

asm

dothings...

mov eax, dword(addr(OriginalBytes))

jmp eax

end;

when compiled

-- adding line since its not visible--

var 
OriginalBytes:array [0..30] of bytes





type 1

procedure myhook; assembler;

asm

dothings...

jmp dword ptr [OriginalBytes]

end;



type 2

procedure myhook; assembler;

asm

dothings...

mov eax, [OriginalBytes]

jmp eax
end;



type 3

procedure myhook; assembler;

asm

dothings...

mov eax, [OriginalBytes]

jmp eax

end;

All these will result in a crash since they convert themself into grabbing the value of the address instead of the address itself.