了解新的gcc序幕 [英] Understanding new gcc prologue
问题描述
我想知道为什么GCC引入一个新的序幕(和尾声以及),以功能 - 尤其是主要的(),因为我只进行了分析。例如,在此之前,它是:
I was wondering why did gcc introduce a new prologue (and epilogue as well) to functions - especially main() since I only analyzed it. For example, before, it was:
push ebp
mov ebp, esp
sub esp, 0x... ; Allocate memory space into the stack
; ... Some code
; Epilogue
leave
ret
现在,这是一个比较复杂(理解,至少):
Now this is a bit more complex (to understand, at least):
lea ecx,[esp+0x4]
and esp,0xfffffff0
push DWORD PTR [ecx-0x4]
push ebp
mov ebp,esp
push ecx
sub esp,0x64
; Some code
; Epilogue
add esp,0x64
pop ecx
pop ebp
lea esp,[ecx-0x4]
ret
我明白什么具体的做法,但我想不出在目标
它。难道呈现开采(堆栈溢出)尝试多一点棘手?另一个调用约定?只是为了让堆栈安全? (由于我是在战争游戏遇到了这个东西)
I understand what it concretely does, but I cannot figure out the purpose of it. Is it to render the exploitation (stack overflow) attempts a bit more tricky? Another calling convention? Just to make the stack safer? (Since I met this stuff in a wargame)
最后,我的gcc版本是:
gcc版本4.3.2(Debian的4.3.2-1.1)
Finally, my gcc version is : gcc version 4.3.2 (Debian 4.3.2-1.1)
在此先感谢!
推荐答案
目的是将纸叠一个16字节的边界上。
The purpose is to align the stack on a 16-byte boundary.
这篇关于了解新的gcc序幕的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!