“This is the fifth day of my participation in the Gwen Challenge in November. Check out the details: The Last Gwen Challenge in 2021.”

Sorry I used VS19, this laptop can not have two VS, the performance is not enough, it is not a good computer, but VS19 only call the main function of the “thing” can not be seen, the other can still see a lot, in the development of space optimization. Let’s cut to the chase

In this paper, there are some places where EBP is written as EDP because there are too many modifications, so I did not change it, and I found it almost halfway

What is stack frame

Can directly say that he is a space, and then more accurately is storage space.

A little knowledge to understand

1. Ebp (bottom pointer to stack) and ESP (top pointer to stack) registers store addresses, which are used to maintain function stack frames.

2. Move the IP address from a high address to a low address

3. Push esp up: esp moves to a lower address

Pop: also called pop, the top element of the stack pops up and esp moves down

4. For each function call, a space is created on the stack

Speak cases

int Add(int a, int b)
{
	int sum = 0;
	sum = a + b;
	return sum;
}
int main()
{
	int a = 10;
	int b = 20;
	int c = 0;
	c = Add(a, b);
	printf("%d\n",c);
	return 0;
}
Copy the code

debugging

First we go into debugging, then disassembly, which only the bottom level can understand. Open the call stack window. If we go through the call stack we see main, what does that mean, someone’s calling it, I don’t see vs19, so I’m going to borrow vs13

 

We vaguely see that main is called by __tmainCRTStartup(), which is also called by mainCRTStartup

The push EBP means that the push stack pushes the EBP to the top of the ESP, causing the ESP to move up

Mov EBP, ESP is to give the address of ESP to the EDP

Both steps implement esp, and both edP points to the same address

Sub esp, 0E4h sub subtracting esp from 0E4h causes esp to move up

3push pushes EDX, ESI, EDI in turn

Load effective Address (LEA) Loads valid addresses

Word is two bytes, dword (double word) four bytes

All 9 bytes from edi down are initialized to the contents of eAX.

But the basic phenomena have not changed much.

This means that the main function stack frame is ready to open

Mov puts 0Ah (that is, 10) in the position of EBP-8, which in effect creates a space for A

As for why a, B, and C are not closely spaced, this is the compiler’s reason, to prevent the data from being tightly spaced and prone to errors

Mov gives EBP-20 to EAX, and you can see up here that’s the space of B.

And then I’m going to push eAX.

I’m going to give ecX a and I’m going to push ECX.

Then call, I would like to call it magic, we can see very clearly that above a’ is the address of the next call instruction. This step is to call the function and press up the address of the next instruction, which is the return mark

And that’s where it really comes to our Add function just like we did with main stack frames

Parameters are pushed from right to left. It is clear that the parameters are not created inside the Add function, but back to the space where we pass them

Please pay attention to the strong wind and waves over, do not capsize in the sewer

Here’s how you can bring back the value of the returned variable when it’s destroyed. Eax is a register. The register will not be destroyed when the program exits. It is equivalent to taking a global register and storing it until we get it out of main

Pop pop the top element of the stack into EDI, pop three times, ESP will add 4 + 4 to go down. When we’re done calling the function then the space doesn’t need to exist, so give esp the address of the EBP

When esp is at this point, it pops out the element at the top of the stack, which is the bottom pointer to main, and pops the result into the EBP to get to the bottom of main

Ret is the address of the next call that pops up at the top of the stack and jumps over it, and then comes back to the next call

The add simply returns the parameter space to the operating system

And then you give the value of EAX to the ebP-32 space which is the C space

The end of the

Here is the end, just a very superficial explanation of a little, there must be a lot of places did not talk about, registers these are more low-level, is not our function stack frame about the main content, have the opportunity to write the register article.