怎么样__RTC_CheckEsp实施? [英] How's __RTC_CheckEsp implemented?
问题描述
__ RTC_CheckEsp 是验证的尤其,堆栈,寄存器的正确性打电话。这就是所谓的确保的值尤其保存跨函数调用。
__RTC_CheckEsp is a call that verifies the correctness of the esp, stack, register. It is called to ensure that the value of the esp was saved across a function call.
任何人都知道它是如何实现的?
Anyone knows how it's implemented?
推荐答案
嘛汇编检查的一点点给它远
Well a little bit of inspection of the assembler gives it away
0044EE35 mov esi,esp
0044EE37 push 3039h
0044EE3C mov ecx,dword ptr [ebp-18h]
0044EE3F add ecx,70h
0044EE42 mov eax,dword ptr [ebp-18h]
0044EE45 mov edx,dword ptr [eax+70h]
0044EE48 mov eax,dword ptr [edx+0Ch]
0044EE4B call eax
0044EE4D cmp esi,esp
0044EE4F call @ILT+6745(__RTC_CheckEsp) (42BA5Eh)
有2条线在此要注意。在0x44ee35首先要注意它的ESP的当前值存储到ESI。
There are 2 lines to note in this. First note at 0x44ee35 it stores the current value of esp to esi.
然后函数呼叫完成后它尤指与ESI之间的cmp。它们应该在现在是相同的。如果他们不那么有人要么解开堆栈两次或两次不解开它。
Then after the function call is completed it does a cmp between esp and esi. They should both be the same now. If they aren't then someone has either unwound the stack twice or not unwound it.
该_RTC_CheckEsp功能如下:
The _RTC_CheckEsp function looks like this:
_RTC_CheckEsp:
00475A60 jne esperror (475A63h)
00475A62 ret
esperror:
00475A63 push ebp
00475A64 mov ebp,esp
00475A66 sub esp,0
00475A69 push eax
00475A6A push edx
00475A6B push ebx
00475A6C push esi
00475A6D push edi
00475A6E mov eax,dword ptr [ebp+4]
00475A71 push 0
00475A73 push eax
00475A74 call _RTC_Failure (42C34Bh)
00475A79 add esp,8
00475A7C pop edi
00475A7D pop esi
00475A7E pop ebx
00475A7F pop edx
00475A80 pop eax
00475A81 mov esp,ebp
00475A83 pop ebp
00475A84 ret
正如你可以看到它检查的第一件事是较早比较的结果是否是不等于,即ESI!= ESP。如果多数民众赞成的话,那么就跳转到失败code。如果它们是相同的,然后函数只是返回。
As you can see the first thing it check is whether the result of the earlier comparison were "not equal" ie esi != esp. If thats the case then it jumps to the failure code. If they ARE the same then the function simply returns.
这篇关于怎么样__RTC_CheckEsp实施?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
