According to the manual you can use eax, ecx and edx freely, but you need to preserve the others, so I think you should push edi (you can use the one you like, more or less) and then pop it before exit.
It should look this way:
Code: Select all
!push edi
!mov edi, [p.p_Buffer]
!mov eax, $ffffffff
!mov ebx, $fefefefe
!mov ecx, $fdfdfdfd
!mov dword [edi], eax
!mov dword [edi + 4], ebx
!mov dword [edi + 8], ecx
!pop edi
but this doesn't work because by using push you alter the stack and PB defines the constant p.p_Buffer as an offset from the current stack pointer (esp).
So after your push you are reading a wrong value from a wrong place.
Code: Select all
; Procedure t()
_Procedure0:
PS0=8
XOR eax,eax
PUSH eax
; Protected *Buffer = AllocateMemory(12)
PUSH dword 12
CALL _PB_AllocateMemory@4
MOV dword [esp],eax
p.p_Buffer equ esp+0 ; here it is, esp+0
push edi ; esp changed
mov edi, [p.p_Buffer] ; reading from the wrong place
;
So you may do something like this:
Code: Select all
!mov eax, [p.p_Buffer]
!push edi
!mov edi, eax
!mov eax, $ffffffff
!mov ebx, $fefefefe
!mov ecx, $fdfdfdfd
!mov dword [edi], eax
!mov dword [edi + 4], ebx
!mov dword [edi + 8], ecx
!pop edi
Or even like this (but this is a little horrid and prone to errors)
Code: Select all
!push edi
!mov edi, [p.p_Buffer + 4] ; correct for the push
!mov eax, $ffffffff
!mov ebx, $fefefefe
!mov ecx, $fdfdfdfd
!mov dword [edi], eax
!mov dword [edi + 4], ebx
!mov dword [edi + 8], ecx
!pop edi