栈,ebp和esp寄存器的简单探索

于 2017-01-15 16:03:22 发布
阅读量655 收藏 1
点赞数
分类专栏: C/C++ Assembler Windows
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xiuye2015/article/details/54562271
版权
C/C++ 同时被 3 个专栏收录
282 篇文章 5 订阅
订阅专栏
Windows
113 篇文章 1 订阅
订阅专栏
Assembler
30 篇文章 0 订阅
订阅专栏 
#include<iostream>
using namespace std;

void ff(){
	cout << "f executing "<< endl;
	int  a =0,b = 0,c = 0,d = 0,e =0;
	/*
	 *	cpu 的读值顺序,是从低地址到高地址,这里不要以big-endian或者
	 *	little-endian的方式去理解哈,是一小段低地址读取"完"后,又从高地址读
	 *	取一小段值.如,变量int a 在 低地址,int b在高地址,
	 *	int *p指定a地址处,read (int)p,就读的是a的值,
	 *	read (int)(p+4)就读的是b的值
	 *
	 *
	 */
	__asm{
		mov a,ebp;
		mov b,esp;
		mov eax,[ebp+4];//调用者的"call ff"后的EIP,指令地址
		mov c,eax;
		jmp c;	//跳转到该指令地址
		mov eax,[ebp-8];
		mov d,eax;
		mov eax,[ebp];//用被调用者(即ff函数)的[ebp]地址处的值,得到调用者的ebp的值
		mov e,eax;
	}
	
	cout << "in f ebp := " << a << endl;
	cout << "in f esp := " << b << endl;
	cout << "in f ebp+4 := " << c << endl;
	cout << "in f ebp-8 := " << d << endl;
	cout << "in f [ebp] := " << e << endl;
}

int main(){

	int a = 0,b=0,c=0,d=0,e=0,f=0;
	int g =0,h=0,i=0;
	int addr = 0;
	__asm{
		mov g,ebp;
		mov  a,esp
		push 123;
		push 456;
		push 789;
		push 999;
		push 888;
		call ff;
		mov h,ebp;
		mov b,esp;
		pop c;
		mov d,esp;
		pop e;
		mov f,esp;
		mov i,ebp;
		mov eax,[ebp];
		mov addr,eax;
	}
	cout << "esp first := " << a << endl;
	cout << "esp second after push order := " << b << endl;
	cout << "after pop order, c := " << c << endl;
	cout << "esp third after pop order := " << d << endl;
	cout << "after pop order,e := " << e << endl;
	cout << "esp fourth after pop order := " << f << endl;

	cout << "ebp first := " << g << endl;
	cout << "ebp second after push order := " << h << endl;
	cout << "ebp third after two pop order := " << i << endl;
	cout << "main address := " << (int)main << endl;
	cout << "ebp pointer address content := " << addr << endl;
	cout << "ff address := " << int(ff) << endl; //被调用者的指令地址
	cout << "我已经执行过了!" << endl;
	return 0;
}


f executing
esp first := 14881597
esp second after push order := 3274656
after pop order, c := 0
esp third after pop order := 14883616
after pop order,e := 14881788
esp fourth after pop order := 3274676
ebp first := 15043440
ebp second after push order := 15043440
ebp third after two pop order := 14887950
main address := 14881488
ebp pointer address content := 3274652
ff address := 14881168
我已经执行过了!
esp first := 3274704
esp second after push order := 3274684
after pop order, c := 888
esp third after pop order := 3274688
after pop order,e := 999
esp fourth after pop order := 3274692
ebp first := 3274744
ebp second after push order := 3274744
ebp third after two pop order := 3274744
main address := 14881488
ebp pointer address content := 3274816
ff address := 14881168
我已经执行过了!


#include<iostream>
using namespace std;

void ff(){
	cout << "f executing "<< endl;
	int  a =0,b = 0,c = 0,d = 0,e =0;
	/*
	 *	cpu 的读值顺序,是从低地址到高地址,不是big-endian或者
	 *	little-endian的方式哈,是一小段低地址读取"完"后,又从高地址读
	 *	取一小段值.如,变量int a 在 低地址,int b在高地址,
	 *	int *p指定a地址处,read (int)p,就读的是a的值,
	 *	read (int)(p+4)就读的是b的值
	 *
	 *
	 */
	__asm{
		mov a,ebp;
		mov b,esp;
		mov eax,[ebp+4];//调用者的代码中"call ff"后 EIP,指令地址
		mov c,eax;
		//jmp c;	//跳转到该指令地址执行,不在执行下面的内容
		//call c;  //同样也不再执行下面的内容
		mov eax,[ebp-8];
		mov d,eax;
		mov eax,[ebp];//用被调用者(即ff函数)的[ebp]地址处的值,得到调用者的ebp的值
		mov e,eax;
	}
	
	cout << "in f ebp := " << a << endl;
	cout << "in f esp := " << b << endl;
	cout << "in f ebp+4 := " << c << endl;
	cout << "in f ebp-8 := " << d << endl;
	cout << "in f [ebp] := " << e << endl;
}

int main(){

	int a = 0,b=0,c=0,d=0,e=0,f=0;
	int g =0,h=0,i=0;
	int addr = 0;
	__asm{
		mov g,ebp;
		mov  a,esp
		push 123;
		push 456;
		push 789;
		push 999;
		push 888;
		call ff;
		mov h,ebp;
		mov b,esp;
		pop c;
		mov d,esp;
		pop e;
		mov f,esp;
		mov i,ebp;
		mov eax,[ebp];
		mov addr,eax;
	}
	cout << "esp first := " << a << endl;
	cout << "esp second after push order := " << b << endl;
	cout << "after pop order, c := " << c << endl;
	cout << "esp third after pop order := " << d << endl;
	cout << "after pop order,e := " << e << endl;
	cout << "esp fourth after pop order := " << f << endl;

	cout << "ebp first := " << g << endl;
	cout << "ebp second after push order := " << h << endl;
	cout << "ebp third after two pop order := " << i << endl;
	cout << "main address := " << (int)main << endl;
	cout << "ebp pointer address content := " << addr << endl;
	cout << "ff address := " << int(ff) << endl; //被调用者的指令地址
	cout << "我已经执行过了!" << endl;
	return 0;
}

f executing
in f ebp := 3537220
in f esp := 3537200
in f ebp+4 := 660269
in f ebp-8 := 3537200
in f [ebp] := 3537288
esp first := 3537248
esp second after push order := 3537228
after pop order, c := 888
esp third after pop order := 3537232
after pop order,e := 999
esp fourth after pop order := 3537236
ebp first := 3537288
ebp second after push order := 3537288
ebp third after two pop order := 3537288
main address := 660160
ebp pointer address content := 3537360
ff address := 659856
我已经执行过了!




__BMGT()
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值