-
initial stack space
-
To pass parameters, first push the parameters onto the stack through the push instruction (c language: push from right to left)
-
The entry address of the call instruction function (jump to the function and push the address of the next statement to the stack)
-
push ebp (save the bottom pointer of the stack, used to restore the bottom of the stack later)
-
mov ebp, esp (raise the bottom pointer of the stack, prepare to allocate stack space for the function)
-
sub esp, xxx (promote the top pointer of the stack, open up a stack space dedicated to this function, and share it with local variables of this function)
-
push register (save the value of the register before entering the function, and ensure that the original value can be restored after the function is called)
-
Execute function code
-
pop register
-
mov esp, ebp (lower the top pointer of the stack, release the stack space dedicated to this function)
-
pop ebp (reduce the bottom pointer of the stack, restore to the original value)
-
retn (pop eip, at this time the position pointed by the top pointer of the stack just saves the address of the next statement before entering the function)
-
add esp, xxx (Because the push parameter before calling the function causes the top pointer of the stack to rise, so the parameter stack space must be released after calling)
question:
- Why stack balancing?
Because the stack size of the application layer of the Windows operating system is 1M by default, each time a function is called, a section of stack space will be opened up.
- Where is the return value of the function?
In most cases, the return value will be placed in eax, but not absolutely.
- Can parameters be passed only by pushing to the stack?
Parameters can also be passed through registers.
Function calling convention:
- __cdecl: The default calling method in C/C++
Feature 1: push parameters, the order is from right to left.
Feature 2: Externally balanced stack. (that is, after retn (outside the function) release the parameter stack space)
- __stdcall: The calling method of windows API function is replaced by WINAPI macro
Feature 1: push parameters, the order is from right to left.
Feature 2: Internal balance stack. (that is, release the parameter stack space before retn (inside the function))
- __fastcall: Fast call method This method chooses to pass parameters from registers first
Feature 1: Register parameter passing, edx, ecx (use push if there are more than 2 parameters), order from right to left
Feature 2: Internal balance stack. (that is, release the parameter stack space before retn (inside the function))