First enter the main function, the system opens up a stack frame for the main function, and sequentially push x=10 (occupying 4 bytes), y=20 (occupying 4 bytes), z=0 (occupying 4 bytes), and executing to z =fun(x,y); call the sub-function fun, open the stack frame of the sub-function fun, first assign the value of y to b, b=20 into the stack, and then assign the value of x to a, and a=10 into the stack , Then push the bottom pointer of the main function into the stack, and then push the main function z=fun (x, y); the address of the latter instruction is also pushed into the stack, which is called field protection . Then assign the value 30 of a+b to c, and push c=30 onto the stack. The sub function executes to return c at this time; the system registers the value 30 in the eax register, and then assigns the value 30 of the eax register to the z of the main function. Then restore the instruction address of z=fun(x,y); and the stack bottom pointer of the main function to the main function, which is called on-site recovery . The main function executes printf("%d",z); return 0; end of program
push push src push instruction pushes the source operand src onto the stack
pop pop dest pop instruction pops data from the top of the stack to dest
mov mov dest, src moves data from src to dest
add Addition instruction add dest, src is based on dest Add src
sub subtraction instruction sub dest, src subtract src
inc on the basis of dest add 1 instruction dec subtract 1 instruction inc dest add 1 on the basis of dest dec dest subtract 1 on the basis of dest
not invert operation instruction not dest
and and or or xor and dest, src take the AND operation of dest and src and send it back to dest or dest, src take the OR of dest and src and send it back to the dest
loop. The counting loop is the value of ecx minus 1, when the value of ecx is not 0 when the jump to the label, otherwise the statement after the execution Loop
call procedure call instruction call label called directly label the current ip or ip cs and go onto the stack at the label transfer can not be achieved short
jmp unconditional command jmp label unconditionally
Jump to the position labeled label je conditional transfer instruction je label zf=1, jump to the position labeled label
jne conditional transfer instruction je label zf=0, jump to the position labeled label
[eax] Register indirect addressing The eax register directly addresses
ret and uses the data in the stack to modify ip (near transfer)
reft uses the data in the stack to modify cs:ip (far transfer)
lea sends the 4-digit hexadecimal offset address of the memory operand to the specified register. The source operand must be a memory operand, and the destination operand must be a 16-bit general-purpose register. This register is often used as an address pointer.
rep stos stos string storage instruction transfers the data in exa to the destination address (default es:[edi]),
rep repeats the prefix instruction every time it is executed, ecx is reduced by 1 until ecx is reduced to 0. Repeated execution ends
rep stos dword ptr es;[ edi]; Fill
0cccccccch from the low address to the high address, which plays the role of filling and is responsible for clearing the space of the previous function.
The addresses in the above list are all registered in the eip register
It is also the field protection and field recovery of function call
Stack space from top to bottom, from low address to high address
Pay attention to the stack balance, lift the stack and push the stack
