High word and low word of parameter

1
votes

i have this sample code of simple program that checks mouse position, writes down X and Y coordinates and checks if left mouse button is down.

.386
.model  flat, stdcall
option  casemap :none

include     bones.inc

.code
start:
invoke  GetModuleHandle, NULL
mov hInstance, eax
invoke  InitCommonControls
invoke  DialogBoxParam, hInstance, IDD_MAIN, 0, offset DlgProc, 0
invoke  ExitProcess, eax

DlgProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
mov eax,uMsg

.if eax == WM_INITDIALOG

.elseif eax == WM_LBUTTONDOWN ; when left button is down
    invoke SetDlgItemText, hWin, 1001, addr Msg1
.elseif eax == WM_LBUTTONUP ; when left button is up
    invoke SetDlgItemText, hWin, 1001, addr Msg2
.elseif eax == WM_MOUSEMOVE
    xor ecx, ecx ; clear ecx register
    mov cx, WORD PTR lParam ; copy low-word of lParam to cx  <---- this is line that is bothering me
    invoke SetDlgItemInt, hWin, 1002, ecx, FALSE ; set integer in control
    xor ecx, ecx ; zerujemy rejestr ecx
    mov cx, WORD PTR lParam+2 ; copy high-word of lParam to cx <--- this line is bothering me as well
    invoke SetDlgItemInt, hWin, 1003, ecx, FALSE ; set integer in control
.elseif eax == WM_CLOSE
    invoke  EndDialog, hWin, 0
.endif

xor eax,eax
ret
DlgProc endp

end start

here is my screen shot of ollydebugger with breakpoint on first line of interest: enter image description here

My questions are:

1) what exactly does this line: MOV CX,WORD PTR SS:[EBP+14]? is it: copy to CX register value of cell number EBP+14? so if EBP shows cell number 1 the source cell number is 15?

2) So if, in my case from screenshot: EBP value is (0001 1001 1111 1011 1011 0000) (19FBB0h) is low-word (0000 0000 0001 1001) and high word (1111 1011 1011 0000)? If not than how can i learn this?

3) how does author know that right values are in high and low words respectively?

4) why mov cx, WORD PTR lParam+2? This +2 is bothering me. If lParam is DWORD (32 bits) why offset is +2? Should not it be +16 to get high word?

Thank you in advance

EDIT: this is bones.inc file if needed:

include     windows.inc
include     user32.inc
include     kernel32.inc
include     comctl32.inc    ;windows common controls

includelib  user32.lib
includelib  kernel32.lib
includelib  comctl32.lib    ;windows common controls

DlgProc     PROTO   :DWORD,:DWORD,:DWORD,:DWORD

.const
IDD_MAIN    equ 1000

.data
Msg1 db "Lewy przycisk myszy jest wciśnięty",0
Msg2 db "Lewy przycisk myszy jest zwolniony",0

.data?
hInstance   dd  ?
1
assemblymasm

1 Answers

4
votes
  1. Yes
  2. No. ebp=19FBB0h so ebp+14h=19FBC4h, and the contents of that is 004200CFh.
  3. The author has read the documentation for WM_MOUSEMOVE.
  4. Offsets are in bytes not bits. +2 bytes is +16 bits, or +1 word.