Assembly return address

Question

i want to get the return address of a function in assembly and then compare that return address value with another value without corrupting the stack or changing anything in the stack,

how can that be done in assembly?

i'm using x86

Answer 1

Usualy on x86 if using stdcall convention return address is stored at content of register ebp +4. So cmp ebp, whatever; should do the job. Actualy it's not dependent from calling convention rather as it depends whether your compiler puts push ebp as the first instruction of your function, which it usualy does. Generaly the function then looks like:

push ebp
mov ebp,esp
sub esp,size_of_local_variables
...
somehting something something
...
mov esp, ebp
pop ebp
ret

Answer 2

In general you would need to disassemble the function in question either manually or with some code of yours and analyze the disassembly (again, either manually or with some sort of heuristic algorithm in code) to see the behavior of the stack pointer and any related registers (e.g. ebp) or variables in that function till the point where starts your code that needs the return address.

If you do everything by hand, it'll be easy to find out the return address location and hard-code it but the resulting code will be very fragile as any code changes and changes in how you compile it can break it.

OTOH, implementing a solution in code that would work always (or almost always) despite code changes and changes in compilation is going to be very tedious and hard.

Can you tell us why you need the return address? What is the problem that you're trying to solve with this?