装配中调用，推入+退出和推入+跳转之间的区别 [英] Differences between call, push+ret and push+jump in assembly

问题描述

我有一条跟踪指令，想提取函数调用并返回。

I have a trace instruction and want to extract function calls and returns.

我发现除了 call 以外指令， push + jmp 和 push + ret 可以用于函数调用吗？首先，我想确定是否正确？如果是，它们之间有什么区别？

I found that except call instruction, push+jmp and push+ret can be used for function call? At first I want to be sure is that correct? and if yes what are the differences between them?

如果 push + ret 是一种调用，那么函数的结束或返回是什么？仅看到 ret 之前没有 push 指令？

Also if push+ret is kind of call so what would be the end or return of a function? Seeing only ret without push instruction before it?

推荐答案

是的，您是正确的。

发出呼叫时，压入堆栈的返回地址是下一个应该继续执行的地址（当前指令之后的地址）。本质上，它是原子 push ，后跟 jmp 。

When a call is issued, the return address pushed onto the stack is the next address where execution should continue (the address immediately following the current instruction). In essence it is an atomic push followed by a jmp.

这意味着，如果您先手动 push ，然后再 jmp ，则以后跳转到的功能 ret ，并且在该函数中所有堆栈访问均达到平衡的情况下，它将返回到您之前推送的地址。

This means that if you manually push and then jmp, the function that you jump into can later ret and, provided all stack access in the function is balanced, it will return to the address that you previously pushed.

同样，您可以先按 push ，然后按 ret 模拟呼叫返回，但这并不能使您能够稍后再返回。这种类型的行为通常是通过抛出反汇编程序来完成的，这使得使用一个简单的反汇编程序来确定代码实际指向的地址更加困难。

Similarly, you can push and then ret to simulate a call return, but this does not set you up to be able to later return again. This type of behavior is more commonly done to throw off disassemblers, making it more difficult to determine which address the code is actually heading to with a simple disassembler.

这篇关于装配中调用，推入+退出和推入+跳转之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！