理解调用子程序入栈方式
先说不带参数。直接局部变量存取的说明[对比书的举例]
程序代码:.386
.model flat,stdcall
option casemap:none
include windows.inc
include gdi32.inc
includelib gdi32.lib
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
.data
.code
odtest proc
local @a:BYTE ;这里是一个字节 8位
local @aa:DWORD ;双字 四个字节
local @aaa ;双字四个字节 ;注:32位默认是双字对齐的,这时存取最快
mov al,@a
mov eax,@aa
mov eax,@aaa
ret
odtest endp
start:
call odtest
invoke ExitProcess,NULL
end start
上面的反汇编代码程序代码:00401000 /$ 55 push ebp 00401001 |. 8BEC mov ebp, esp 00401003 |. 83C4 F4 add esp, -0C 00401006 |. 8A45 FF mov al, byte ptr [ebp-1] 00401009 |. 8B45 F8 mov eax, dword ptr [ebp-8] 0040100C |. 8B45 F4 mov eax, dword ptr [ebp-C] 0040100F |. C9 leave 00401010 \. C3 retn 00401011 >/$ E8 EAFFFFFF call 00401000 ;程序入口在这里 call上面的地址 00401016 |. 6A 00 push 0 ; /ExitCode = 0 00401018 \. E8 01000000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess 0040101D CC int3 0040101E .- FF25 00204000 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess
||
||
||
||
