嗨,我已经拆解了一些程序(linux),我写的是为了更好地理解它是如何工作的,我注意到主函数始终以:
lea ecx,[esp+0x4] ; I assume this is for getting the adress of the first argument of the main...why ?
and esp,0xfffffff0 ; ??? is the compiler trying to align the stack pointer on 16 bytes ???
push DWORD PTR [ecx-0x4] ; I understand the assembler is pushing the return adress....why ?
push ebp
mov ebp,esp
push ecx ;why is ecx pushed too ??
所以我的问题是:为什么所有这些工作都完成了?
我只了解使用:
push ebp
mov ebp,esp
其余对我来说似乎毫无用处……
解决方法:
我已经开始了:
;# As you have already noticed, the compiler wants to align the stack
;# pointer on a 16 byte boundary before it pushes anything. That's
;# because certain instructions' memory access needs to be aligned
;# that way.
;# So in order to first save the original offset of esp (+4), it
;# executes the first instruction:
lea ecx,[esp+0x4]
;# Now alignment can happen. Without the previous insn the next one
;# would have made the original esp unrecoverable:
and esp,0xfffffff0
;# Next it pushes the return addresss and creates a stack frame. I
;# assume it now wants to make the stack look like a normal
;# subroutine call:
push DWORD PTR [ecx-0x4]
push ebp
mov ebp,esp
;# Remember that ecx is still the only value that can restore the
;# original esp. Since ecx may be garbled by any subroutine calls,
;# it has to save it somewhere:
push ecx
标签:x86,linux,assembly,gcc,compiler-construction
来源: https://codeday.me/bug/20190928/1826869.html
扫一扫
1102
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
