_main函数调用子函数.ppt

1、main函数调用子函数 -活动记录的变化,/ /first / /* void sum(int x, int y) int result; result = x + y; void main ( int argc, char * argv) int a =1; int b =2; sum(a,b); */,汇编代码(一),1: #include 2: 3: void sum(int x, int y) 4: 00401020 push ebp 00401021 mov ebp,esp 00401023 sub esp,44h 00401026 push ebx 00401027 push es

2、i 00401028 push edi 00401029 lea edi,ebp-44h 0040102C mov ecx,11h 00401031 mov eax,0CCCCCCCCh 00401036 rep stos dword ptr edi 5: int result; 6: 7: result = x + y;,00401038 mov eax,dword ptr ebp+8 0040103B add eax,dword ptr ebp+0Ch 0040103E mov dword ptr ebp-4,eax 8: 00401041 pop edi 00401042 pop esi

3、 00401043 pop ebx 00401044 mov esp,ebp 00401046 pop ebp 00401047 ret 9: 10: 11: void main ( int argc, char * argv) 12: 00401060 push ebp,汇编代码(二),00401061 mov ebp,esp 00401063 sub esp,48h 00401066 push ebx 00401067 push esi 00401068 push edi 00401069 lea edi,ebp-48h 0040106C mov ecx,12h 00401071 mov

4、eax,0CCCCCCCCh 00401076 rep stos dword ptr edi 13: int a =1; 00401078 mov dword ptr ebp-4,1 14: int b =2; 0040107F mov dword ptr ebp-8,2 15: 16: sum(a,b); 00401086 mov eax,dword ptr ebp-8,0040108E call ILT+5(sum) (0040100a) 00401093 add esp,8 17: 00401096 pop edi 00401097 pop esi 00401098 pop ebx 00

5、401099 add esp,48h 0040109C cmp ebp,esp 0040109E call _chkesp (004010c0) 004010A3 mov esp,ebp 004010A5 pop ebp 004010A6 ret,00401089 push eax 0040108A mov ecx,dword ptr ebp-4 0040108D push ecx,代码分析及表格(一),1.把ebp压入栈中 2.把esp的值赋值给ebp 3.让esp指向esp-48h的地方 4.ebx,esi,edi依次进栈,3次压栈使得 esp3 5.取得ebp-48h的偏移地址放入edi

6、中 6.声明整型变量a并赋值1,由把1放入ebp-4的空间来实现,声明整型变量b并赋值2,由把2放入ebp-8的空间来实现 7.把ebp-8地址存放的值赋值给eax，并且把eax压栈，sp减1.把ebp-4地址存放的值赋值给eax，并且把eax压栈，sp减1,代码分析及表格(二),8.把ebp压入栈中 9.把esp的值赋值给ebp 10.让esp指向esp-44h的地方 11. ebx,esi,edi进栈,3次压栈使得 esp3 12.取得ebp-44h的偏移地址放入edi中，初始化ebp到ebp-44h的空间 13.把ebp+8地址放的值放入eax中，再加上ebp0CH地址放的值，把结果放入

7、ebp4中 14.edi esi ebx 出栈 15.把ebp的值赋值给esp 并且ebp出栈,代码分析及表格(三),16.esp指向esp8的地方 17.edi,esi,ebx出栈 18.esp指向esp48h的地方 19.比较ebp和esp 并且检查esp 20.把ebp的值赋值给esp，然后ebp出栈，程序结束,/ /second / int sum(int x, int y) int result; result = x + y; return result; void main ( int argc, char * argv) int a =1; int b =2; int c; c

8、 = sum(a,b); ,汇编代码(一),1: #include 2: 3: int sum(int x, int y) 4: 00401020 push ebp 00401021 mov ebp,esp 00401023 sub esp,44h 00401026 push ebx 00401027 push esi 00401028 push edi 00401029 lea edi,ebp-44h 0040102C mov ecx,11h 00401031 mov eax,0CCCCCCCCh 00401036 rep stos dword ptr edi 5: int result;

9、6: 7: result = x + y; 00401038 mov eax,dword ptr ebp+8,0040103B add eax,dword ptr ebp+0Ch 0040103E mov dword ptr ebp-4,eax 8: 9: return result; 00401041 mov eax,dword ptr ebp-4 10: 00401044 pop edi 00401045 pop esi 00401046 pop ebx 00401047 mov esp,ebp 00401049 pop ebp 0040104A ret 11: 12: void main

10、 ( int argc, char * argv) 13: 00401060 push ebp 00401061 mov ebp,esp,汇编代码(二),00401063 sub esp,4Ch 00401066 push ebx 00401067 push esi 00401068 push edi 00401069 lea edi,ebp-4Ch 0040106C mov ecx,13h 00401071 mov eax,0CCCCCCCCh 00401076 rep stos dword ptr edi 14: int a =1; 00401078 mov dword ptr ebp-4

11、,1 15: int b =2; 0040107F mov dword ptr ebp-8,2 16: int c; 17: 18: c = sum(a,b); 00401086 mov eax,dword ptr ebp-8,00401089 push eax 0040108A mov ecx,dword ptr ebp-4 0040108D push ecx 0040108E call ILT+0(sum) (00401005) 00401093 add esp,8 00401096 mov dword ptr ebp-0Ch,eax 19: 20: 00401099 pop edi 00

12、40109A pop esi 0040109B pop ebx 0040109C add esp,4Ch 0040109F cmp ebp,esp 004010A1 call _chkesp (004010c0) 004010A6 mov esp,ebp 004010A8 pop ebp 004010A9 ret,代码分析及表格(一),1.把ebp压入栈中 2.把esp的值赋值给ebp 3.让esp指向esp-4Ch的地方 4.ebx,esi,edi依次进栈,3次压栈使得 esp3 5.取得ebp-4Ch的偏移地址放入edi中 6.声明整型变量a并赋值1,由把1放入ebp-4的空间来实现,声明

13、整型变量b并赋值2,由把2放入ebp-8的空间来实现 7.把ebp-8地址存放的值赋值给eax，并且把eax压栈，sp减1.把ebp-4地址存放的值赋值给eax，并且把eax压栈，sp减1,代码分析及表格(二),8.把ebp压入栈中 9.把esp的值赋值给ebp 10.让esp指向esp-44h的地方 11. ebx,esi,edi进栈,3次压栈使得 esp3 12.让edi指向ebp-44h的地方 13.把ebp+8地址放的值放入eax中，再加上ebp0Ch地址放的值，把结果放入ebp4中 14. edi esi ebx 出栈 15.把ebp的值赋值给esp 并且ebp出栈 16.esp指向

14、esp8的地方 17.Result的结果放入eax中。把eax放入ebp-0Ch中,代码分析及表格(三),18. edi esi ebx 出栈 19.esp指向esp4Ch的地方 20.比较ebp和esp 21.把ebp的值赋值给esp，然后ebp出栈，程序结束,/ /third / /* void swap(int *x, int *y) int temp; temp = *x; *x = *y; *y = temp; void main ( int argc, char * argv) int a =1; int b =2; swap( */,汇编代码(一),1: #include 2:

15、3: void swap(int *x, int *y) 4: 00401020 push ebp 00401021 mov ebp,esp 00401023 sub esp,44h 00401026 push ebx 00401027 push esi 00401028 push edi 00401029 lea edi,ebp-44h 0040102C mov ecx,11h 00401031 mov eax,0CCCCCCCCh 00401036 rep stos dword ptr edi 5: int temp; 6: 7: temp = *x; 00401038 mov eax,d

16、word ptr ebp+8,0040103B mov ecx,dword ptr eax 0040103B mov ecx,dword ptr eax 0040103D mov dword ptr ebp-4,ecx 8: *x = *y; 00401040 mov edx,dword ptr ebp+8 00401043 mov eax,dword ptr ebp+0Ch 00401046 mov ecx,dword ptr eax 00401048 mov dword ptr edx,ecx 9: *y = temp; 0040104A mov edx,dword ptr ebp+0Ch

17、 0040104D mov eax,dword ptr ebp-4 00401050 mov dword ptr edx,eax,汇编代码(二),10: 11: 00401052 pop edi 00401053 pop esi 00401054 pop ebx 00401055 mov esp,ebp 00401057 pop ebp 00401058 ret 12: 13: void main ( int argc, char * argv) 14: 00401070 push ebp 00401071 mov ebp,esp 00401073 sub esp,48h 00401076 p

18、ush ebx 00401077 push esi 00401078 push edi 00401079 lea edi,ebp-48h 0040107C mov ecx,12h 00401081 mov eax,0CCCCCCCCh,00401086 rep stos dword ptr edi 15: int a =1; 00401088 mov dword ptr ebp-4,1 16: int b =2; 0040108F mov dword ptr ebp-8,2 17: 18: swap( 00401096 lea eax,ebp-8 00401099 push eax 00401

19、09A lea ecx,ebp-4 0040109D push ecx 0040109E call ILT+0(swap) (00401005) 004010A3 add esp,8 19: 20: 004010A6 pop edi 004010A7 pop esi 004010A8 pop ebx,汇编代码(三),004010A9 add esp,48h 004010AC cmp ebp,esp 004010AE call _chkesp (004010d0) 004010B3 mov esp,ebp 004010B5 pop ebp 004010B6 ret,代码分析及表格(一),1.把ebp压入