ESP和EBP之间是什么? [英] What is between ESP and EBP?
问题描述
对,我确定这是很多次隐含的回答,但我似乎无法完全理解。
Right, I'm sure this is implicitly answered many times, but I seem not to be able to quite get to it.
如果你有一个(x86 )堆栈跟踪(例如,在WinDbg中查看它),并且您查看寄存器,EBP和ESP值意味着什么是x字节?
If you have a (x86) stack trace (say, looking at it in WinDbg), and you look at the registers, what does it mean for EBP and ESP values to be x bytes apart?
链接:
- http:// stackoverflow。 com / a / 3699916/321013
- http://stackoverflow.com/ a / 2466587/321013
- http://stackoverflow.com/a/ 5738940/321013
- http://stackoverflow.com/a/3699916/321013
- http://stackoverflow.com/a/2466587/321013
- http://stackoverflow.com/a/5738940/321013
举一个最近堆栈跟踪的例子:
To give an example of a recent stack trace I had:
0:016> k
ChildEBP RetAddr
1ac5ee8c 76b831bb ntdll!NtDelayExecution+0x15
1ac5eef4 76b83a8b KERNELBASE!SleepEx+0x65
1ac5ef04 0060e848 KERNELBASE!Sleep+0xf
1ac5ef10 76859d77 MyApp!application_crash::CommonUnhandledExceptionFilter+0x48 [...\applicationcrash.inc.cpp @ 47]
1ac5ef98 775a0df7 kernel32!UnhandledExceptionFilter+0x127
1ac5efa0 775a0cd4 ntdll!__RtlUserThreadStart+0x62
1ac5efb4 775a0b71 ntdll!_EH4_CallFilterFunc+0x12
1ac5efdc 77576ac9 ntdll!_except_handler4+0x8e
1ac5f000 77576a9b ntdll!ExecuteHandler2+0x26
1ac5f0b0 7754010f ntdll!ExecuteHandler+0x24
1ac5f0b0 6e8858bb ntdll!KiUserExceptionDispatcher+0xf
1ac5f400 74e68ed7 mfc80u!ATL::CSimpleStringT<wchar_t,1>::GetString [f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h @ 548]
1ac5fec0 6e8c818e msvcr80!_NLG_Return [F:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\eh\i386\lowhelpr.asm @ 73]
1ac5ff48 74e429bb mfc80u!_AfxThreadEntry+0xf2 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 109]
1ac5ff80 74e42a47 msvcr80!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
1ac5ff88 76833677 msvcr80!_threadstartex+0x66 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
1ac5ff94 77569f02 kernel32!BaseThreadInitThunk+0xe
1ac5ffd4 77569ed5 ntdll!__RtlUserThreadStart+0x70
1ac5ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
0:016> r
eax=00000000 ebx=1ac5efc8 ecx=19850614 edx=00000000 esi=1ac5eed0 edi=00000000
eip=7754fd21 esp=1ac5ee8c ebp=1ac5eef4 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
ESP的值 1ac5ee8c - EBP 1ac5eef4 = 104字节差异。那么那里有什么?
Values of ESP 1ac5ee8c - EBP 1ac5eef4 = 104 bytes difference. So what's in there?
推荐答案
ESP是当前的堆栈指针。 EBP是当前堆栈帧的基本指针。
ESP is the current stack pointer. EBP is the base pointer for the current stack frame.
当您调用函数时,通常在堆栈上为局部变量保留空格。该空间通常通过EBP引用(所有局部变量和函数参数是函数调用期间从该寄存器的已知常数偏移量)。另一方面,ESP在函数调用期间将随其他函数调用而改变,或者作为临时堆栈空间用于部分操作结果。
When you call a function, typically space is reserved on the stack for local variables. This space is usually referenced via EBP (all local variables and function parameters are a known constant offset from this register for the duration of the function call.) ESP, on the other hand, will change during the function call as other functions are called, or as temporary stack space is used for partial operation results.
请注意,大多数编译器都可以通过ESP引用所有本地变量。一般来说,当您查看功能顶部的反汇编代码时,您会看到这样的东西,这样就可以使用EBP作为通用寄存器。
Note that most compilers these days have an option to reference all local variables through ESP. This frees up EBP for use as a general purpose register.
:
push EBP
mov EBP, ESP
sub ESP, <some_number>
所以EBP将指向这个框架的堆栈顶部,ESP将指向下一个堆栈上的可用字节。 (堆栈通常 - 但不必 - 在记忆中长大。)
So EBP will point to the top of your stack for this frame, and ESP will point to the next available byte on the stack. (Stacks usually - but don't have to - grow down in memory.)
这篇关于ESP和EBP之间是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
