Get the address of a function using assembly language and Delphi map file

Question

I am trying to look up the unit name and function name in the "Detailed" map file that is produced by building a project in Delphi 5. I found some code online that claims to do this but I can't make it work.

Code Requirements:

Delphi 5
One TForm
One TButton
One TEdit
One TLabel

Goal: The function: 'Log' is supposed to return the address of the calling procedure. Once the address has been determined the unit and function names as well as line number can be looked up in the map file.

Purpose: Wouldn't it be nice... if the name of a function could be obtained just by calling 'Log' from anywhere in a program.

Reality: I am really interested in learning what is going on in the 'Log' function, and why or why not it is working, secondary to this would be an alternitave way of returning the unit and function name as well as line number of a calling procedure.

The Problem: The address I get from TForm1.Button1Click > TForm1.Log > TForm1.LogAddress > TForm1.ShowInfo does not coincide with the corresponding items in the map file I am looking for i.e. M=Unit1, TForm1.Button1Click, etc...

Websites: http://www.haydenr.com/delphi/articles/article002.htm , http://www.experts-exchange.com/Programming/Languages/Pascal/Delphi/Q_22596248.html The last website may not be accessible from the link -- I put the Google search string in the 'Log' function.

Delphi Code:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls;

type
  TForm1 = class(TForm)
     Button1: TButton;
     Label1: TLabel;
     Edit1: TEdit;
     procedure Button1Click(Sender: TObject);
     Procedure Log;
     Procedure ShowInfo(hexAddress : Integer);
     Procedure LogAddress(ptr: pointer);
  private
     { Private declarations }
  public
     { Public declarations }
  end;

var
  Form1: TForm1;

Implementation

{$R *.DFM}

    Procedure TForm1.Log;
    // Google Search: capturing a procedure or function's name for logging purposes
    // http://www.experts-exchange.com/Programming/Languages/Pascal/Delphi/Q_22596248.html
    Begin
        ASM
             pop EAX
            push EAX
            Call LogAddress
        End;//ASM
    End;

    Procedure TForm1.ShowInfo(hexAddress: Integer);
    // http://www.haydenr.com/delphi/articles/article002.htm
    Var
        iMapFileAddress : Integer;
        sMapFileAddress : String;
        ImageBase        : Integer;
        SubOffset        : Integer;
        Offset           : Integer;
    Begin
        ImageBase := $00400000; // Project > Options... > Linker Tab > Memory sizes group box > Image Base
        SubOffset := $1000;
        Offset    := ImageBase + SubOffset;

        iMapFileAddress := hexAddress - Offset;
        sMapFileAddress := IntToHex(iMapFileAddress,8);
        Edit1.Text := sMapFileAddress; //This is the value I get: sMapFileAddress = 00542214
        {
         Here are some excerpts from: Project1.map
         |Detailed map of segments
         | 0001:00040498 000002D4 C=CODE     S=.text    G=(none)   M=Unit1    ACBP=A9
         | 0001:0004076C 000001A5 C=CODE     S=.text    G=(none)   M=Project1 ACBP=A9
         |   :
         |   :
         |   :
         |  Address         Publics by Name
         |
         | 0001:0004071C       TForm1.Button1Click
         | 0001:00040668       TForm1.Log
         | 0001:00040700       TForm1.LogAddress
         | 0001:0004067C       TForm1.ShowInfo
        }
    End;

    procedure TForm1.LogAddress(ptr: pointer);
    begin
      ShowInfo(Integer(ptr));
    end;

    procedure TForm1.Button1Click(Sender: TObject);
    begin
        Log;
    end;

end.

Rob Kennedy Rob Kennedy · Accepted Answer · 2015-02-06T21:17:22

You're not calling LogAddress properly. As a method of TForm1, it's really a two-argument function. The two arguments are Self and ptr, in that order, which means that register EAX is Self and EDX is ptr. However, you're passing the address parameter in EAX, and you're doing nothing about EDX. That means you're looking up the name of who-knows-what, which probably isn't the address of any code section in your program. On top of that, the Self value isn't valid anymore, so any references to member variables (such as Edit1) won't work; you'll get an access violation or some form of memory corruption.

Change the Log method to this:

procedure TForm1.Log;
asm
  // fetch return address from top of stack
  mov edx, [esp+4]
  call LogAddress
end;

Keep in mind that the address you're passing in the ptr parameter is the return address of the Log call. In practice, that's usually the address of the instruction after the CALL instruction used to get into the Log method. Therefore, you should not expect to find that exact address in the list of functions in the map file. Instead, you'll need to look for the function whose address is the closest without exceeding the address you have. Furthermore, if you convert that address to a line number, it will likely be the line after the actual call site.

The JclDebug unit, in the JCL, already has functions that will do this for you. You can use the ProcByLevel function to get the name of the caller and LiveByLevel to get the line number.

Get the address of a function using assembly language and Delphi map file

2 Answers