关于CALL陈述的问题 [英] Question about CALL statement

问题描述

我是x86汇编语言的初学者.我正在编写一个代码，用于在VC ++中读取线程的堆栈.我在两者之间插入了一些汇编代码.所以这是问题所在:
我从其堆栈框架中获得函数的返回地址.在此寄信人地址之前不能没有CALL语句.所以我提取了返回地址之前的字节.
有时像E8 ff ff ff d8这样的近距离呼叫.我的目标是计算函数的基地址.因此，对于上面的语句，我从函数的返回地址中减去偏移量0x28以获得其基地址(该地址位于内存中).
问题是我不知道如何为FAR呼叫计算此值.我一段时间以来一直在尝试找出方法.所以我提取了返回地址之前的前5个字节，它们是
ff 75 08 ff d2< return_addr>
我认为这代表CALL ecx(ff d2)，但我不确定.如果有人能告诉我这是哪种CALL语句，以及如何从此类调用中计算出函数的基地址，我将非常感谢.

I am a Beginner in x86 Assembly Language. I am writing a code for reading a thread''s stack in VC++. I have inserted some assembly code in between. So here''s the problem:
I get the function''s return address from its stack frame. No before this return address there should be a CALL statement. So I extract out the bytes before the return address.
Sometimes it a near call like E8 ff ff ff d8. My objective is to calculate the function''s base address. So for the above statement I subtract the offset 0x28 from the function''s return address to get its base address (where it resides in memory).
The problem is I don''t know how to calculate this for a FAR call. I have been trying to find out how to do it for some time now. So I have extracted out the first 5 bytes before the return address and they are
ff 75 08 ff d2 <return_addr>
I think this stands for CALL ecx (ff d2) but I am not sure. I will be very grateful if someone can tell me what kind of CALL statement is this and how I can calculate the function''s base address from this kind of call.

推荐答案

您是要获取正在编写的汇编函数还是调用函数的地址?

看看这种 x86汇编语言 [分配内存 [ ^ ].如果指令从例程返回时执行，那么您所能获得的只是地址-仅当您的函数和调用函数对该函数的操作方式相同时，这才是正确的.

这就是为什么我们谈论调用约定 [

Are you trying to get the address of the assembly function you are writing or the calling function?

Take a look at this x86 assembly language[^]

To get the address of your method push eip (32-bit) or push rip (64-bit) as the first instruction of your assembly routine. Then pop it into eax to examine it.

You can''t really calculate the calling functions address based on the address pushed on the stack. The calling function may have done any number of things with the stack, including allocating memory[^]. All you can get is the address if the instruction to execute upon return from your routine - and thats only true if your function and the calling function have the same notion of how this should operate.

Thats why we talk about calling convention[^] of a function/method.

regards
Espen Harlinn

这篇关于关于CALL陈述的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！