这篇文字解释这个问题:C语言函数调用在汇编语言是怎么实现的?栈模型很好的满足了函数调用的需求,以最简单的函数调用说明。
: int add2(int a, int b){return a+b;}
0040B450 push ebp
0040B451 mov ebp,esp
0040B453 sub esp,40h
0040B456 push ebx
0040B457 push esi
0040B458 push edi
0040B459 lea edi,[ebp-40h]
0040B45C mov ecx,10h
0040B461 mov eax,0CCCCCCCCh
0040B466 rep stos dword ptr [edi]
0040B468 mov eax,dword ptr [ebp+]
0040B46B add eax,dword ptr [ebp+0Ch]
0040B46E pop edi
0040B46F pop esi
0040B470 pop ebx
0040B471 mov esp,ebp
0040B473 pop ebp
0040B474 ret --- No source file ---------------------------------------------------------------------------------------------------------------------------------------
0040B76C int
0040B76D int
0040B76E int
0040B76F int
--- e:\项目\000test\testconsole\main.cpp -----------------------------------------------------------------------------------------------------------------
:
: int main(int argc, char **argv){
0040B770 push ebp
0040B771 mov ebp,esp
0040B773 sub esp,4Ch
0040B776 push ebx
0040B777 push esi
0040B778 push edi
0040B779 lea edi,[ebp-4Ch]
0040B77C mov ecx,13h
0040B781 mov eax,0CCCCCCCCh
0040B786 rep stos dword ptr [edi]
:
: int a = ;
0040B788 mov dword ptr [ebp-],0Ah
: int b = ;
0040B78F mov dword ptr [ebp-],14h
: int c = add2(a, b);
0040B796 mov eax,dword ptr [ebp-]
0040B799 push eax
0040B79A mov ecx,dword ptr [ebp-]
0040B79D push ecx
0040B79E call @ILT+(add2) (0040100a)
0040B7A3 add esp,
0040B7A6 mov dword ptr [ebp-0Ch],eax
:
: return c;
0040B7A9 mov eax,dword ptr [ebp-0Ch]
: }
0040B7AC pop edi
0040B7AD pop esi
0040B7AE pop ebx
0040B7AF add esp,4Ch
0040B7B2 cmp ebp,esp
0040B7B4 call __chkesp (0040b6b0)
0040B7B9 mov esp,ebp
0040B7BB pop ebp
0040B7BC ret
44行执行函数调用,过程如下:
(1)参数入栈,从右向左;
(2)CALL指令,注意CALL指令将EIP入栈,并JMP;
(3)初始化ADD函数堆栈,push ebp; mov ebp, esp;sub esp,0x40; push ebx; push esi; push edi; rep stos ptr dword es:[edi]. rep指令表示,执行循环,循环次数放置在ECX寄存器中;stos指令表示,将EAX值放入edi指向的地址,并将edi递增. 在第10行我们看到EAX被设置为0xCCCCCCCC,所以rep stos ptr dword es:[edi]的作用是,将开辟的0x40局部变量空间初始化为0xCC,0xCC是INT 3的汇编指令,目的是防止误执行。
(4)执行ADD指令,结果存放在EAX中;
(5)恢复现场,pop ebx; pop esi; pop edi;
(6)ret,弹出eip;
(7)保持栈平衡,add esp,8;