EBP,ESP和在NASM汇编栈帧 [英] Ebp, esp and stack frame in assembly with nasm

查看:361
本文介绍了EBP,ESP和在NASM汇编栈帧的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我对EBP的一些问题,尤其在以下code堆栈帧。


  1. 为什么我们从。减去28 ESP?我们有两个主要的局部变量x和y。那么为什么我们没有8。减去


  2. 和我们不把值从右堆到剩下什么?那么,为什么我们增加1到[EAX + 8]而不是[EAX + 4]?


  3. 我感到有点混淆这个结构。你能帮我吗? THX。

      FUNC(INT A,INT B,INT C)
    {
      返回+ B + C;
    }
    主要()
    {
     INT X,Y = 3;
     X = FUNC(Y,2,1);
    }



解决方案

  1. 该堆栈指针28,因为你需要8个字节为你的两个局部变量和参数,以FUNC 12字节中减去。额外的8个字节可能是由于你的编译器的企图对准主要的筹码为16字节边界(还有已经在栈上的4个字节为主要的返回地址和另外4个字节时EBP被推建立在主的第一个指令堆栈帧)。见<一href=\"http://gcc.gnu.org/onlinedocs/gcc-4.2.0/gcc/i386-and-x86_002d64-Options.html\">-m$p$pferred-stack-boundary如果你使用GCC。


  2. 正在传递的参数从右到左。由于堆栈空间已经分配给三个参数,当它被从堆栈指针减去1被移动到相对于当前堆栈指针(+8)的最高的位置,2被移动到中间(+4)和y中的值被移动到堆栈指针本身。这是相同的堆栈上推1,在堆栈上推2,然后在栈上推年。由最后推指令,图1是从ESP +8,2是从ESP + 4,y是从ESP + 0。注意FUNC的里面,它有增加8到这些偏移,因为返回地址被压从调用指令堆栈和FUNC EBP推动建立一个堆栈帧。


  3. 混淆有关的结构?


I have a few questions about ebp, esp and stack frame in following code.

  1. Why did we substract 28 from esp ? We have two local variables x and y in main. So why didn't we substract 8?

  2. And don't we put values to stack from right to left? So why did we add 1 to [eax+8] instead of [eax+4] ?

  3. I am a little bit confuse about this structure. Can you help me out? Thx.

    func(int a, int b, int c)
{
  return a+b+c;
}
main()
{
 int x, y=3;
 x=func(y,2,1);
}

解决方案

  1. The stack pointer is subtracted by 28 because you need 8 bytes for your two local variables and 12 bytes for the parameters to func. The extra 8 bytes are likely due to your compiler's attempt to align main's stack to a 16-byte boundary (there's already 4 bytes on the stack for main's return address and another 4 bytes when EBP was pushed to establish the stack frame in main's first instruction). See -mpreferred-stack-boundary if you're using GCC.

  2. The parameters are being passed right-to-left. Since the stack space was already allocated for the three parameters when it was subtracted from the stack pointer, 1 is moved into the "highest" position relative to the current stack pointer (+8), 2 is moved into the middle (+4), and the value in y is moved into the stack pointer itself. This is the same as pushing 1 on the stack, pushing 2 on the stack, and then pushing y on the stack. By the last push instruction, 1 is +8 from ESP, 2 is +4 from ESP, and y is +0 from ESP. Note that inside of func, it has to add 8 to these offsets because the return address is pushed on the stack from the call instruction and func pushes EBP to establish a stack frame.

  3. Confused about which structure?

这篇关于EBP,ESP和在NASM汇编栈帧的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
.NET Framework最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆