解释这个程序ESP,EBP [英] Explain esp-ebp in this program
问题描述
我有这个C函数:
void hello(char * src) {
char buffer[64];
strcpy(buffer, src);
printf("Hello %s !\n", buffer);
}
(其中包含一个安全问题,我所知道的)
(which contains a security problem I am aware of)
有关它的x86汇编为
push ebp
mov ebp,esp
sub esp,0x58
为何将0x58(即88)?我希望64 + 4 + 4 + 4(局部变量缓冲区+参数+老 EBP
+返回地址)或什么的,我错过什么?
Why is it 0x58 (i.e 88) ? I would expect 64 + 4 + 4 + 4 (local variable buffer + argument + old ebp
+ return address) or something, what am I missing ?
推荐答案
好吧,这是一个疯狂的猜测,但让我们跑起来的旗杆,看看会发生什么。
Okay, this is a crazy guess but let's run it up the flag pole and see what happens.
也许编译不优化的空间,这是一个字对齐的调整,以节省跨越边界的四字为移位寄存器加载的话。
Perhaps the compiler is not optimising for space and this is a word alignment adjustment to save shifting words for register loading across quadword boundaries.
看的价值观,和将0x58功放; 8个字节 - >下一个四字边界96 0x60的。更容易从至少弹出EBP(或者是它最再次尾数;))在存储器中的四元字线的显著;前瞻性的思维和所有。
Look at the values, 0x58 & 8bytes -> next quadword boundary 96 0x60. Much easier to pop ebp from the least (or is it most again endian? ;) ) significant of a quad word line in memory; forward thinking and all that.
编辑:正是! (他说的话...)
exactly! (What he said...)
这篇关于解释这个程序ESP,EBP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!