欢迎来到天天文库
浏览记录
ID:57869461
大小:31.15 KB
页数:11页
时间:2020-09-02
《C语言函数调用参数传递栈详解.docx》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、C语言调用函数过程详解Sunny.man1.使用环境:gcc版本4.1.220071124(RedHat4.1.2-42)2.示例源代码intfoo(inta,intb){inta1=0x123;returna1+a+b;}intmain(){foo(2,3);return0;}3.运行程序命令:gdba.outStartDisassemble4.汇编函数清单4.1main函数的汇编0x0804836c:lea0x4(%esp),%ecx0x08048370:and$0xfffffff0,%esp0x08048373:pushl0xff
2、fffffc(%ecx)0x08048376:push%ebp0x08048377:mov%esp,%ebp0x08048379:push%ecx0x0804837a:sub$0x8,%esp0x0804837d:movl$0x3,0x4(%esp)0x08048385:movl$0x2,(%esp)0x0804838c:call0x80483540x08048391:mov$0x0,%eax0x08048396:
3、add$0x8,%esp0x08048399:pop%ecx0x0804839a:pop%ebp0x0804839b:lea0xfffffffc(%ecx),%esp0x0804839e:ret4.2Foo函数的汇编0x08048354:push%ebp0x08048355:mov%esp,%ebp0x08048357:sub$0x10,%esp0x0804835a:movl$0x123,0xfffffffc(%ebp)0x08048361:
4、mov0x8(%ebp),%eax0x08048364:add0xfffffffc(%ebp),%eax0x08048367:add0xc(%ebp),%eax0x0804836a:leave0x0804836b:ret1.程序执行时分析(gdb)inforegisterseax0xbf820894-1081997164ecx0xbf820810-1081997296edx0x11ebx0x56eff45697524esp0xbf8207ec0xbf8207ecebp0xbf8207f80xbf8207f8esi0x42
5、cca04377760edi0x00eip0x804837d0x804837deflags0x200292[AFSFIFID]cs0x73115ss0x7b123ds0x7b123es0x7b123fs0x00gs0x3351注:此时已经执行到main的第14行下一条指令是movl$0x3,0x4(%esp)此时的esp是0xbf8207ec。5.1分析esp=0xbf8207ec的来历(gdb)x/20$esp0xbf8207ec:0x0056eff40x004205d00xbf8208100xbf8208680xbf8207fc:0x00445dec0x0042
6、cca00x080483b00xbf8208680xbf82080c:0x00445dec0x000000010xbf8208940xbf82089c0xbf82081c:0x0042d8100x000000000x000000010x000000010xbf82082c:0x000000000x0056eff40x0042cca00x000000001.1.1Main+140x0804837a:sub$0x8,%esp现在的esp=0xbf8207ecebp=0xbf8207f8eip=0x804837d则原来esp的值就是0xbf8207ec+0x8=0xbf8
7、207f45.1.2Main+130x08048379:push%ecxEsp=0xbf8207f4+0x04=0xbf8207f85.1.3Main+110x08048377:mov%esp,%ebpEbp=0xbf8207f8和现在的EBP值是一样的。5.1.4Main+100x08048376:push%ebpEsp=0xbf8207f8+4=0xBF8207FC5.1.5Main+70x0804
此文档下载收益归作者所有
