char str[6] = {'a','b','c','d','e','f'};
char str[] = "ABCDEF";
char *str = "ABCDEF";1 char str[6] = {'a','b','c','d','e','f'};, following disassembly
The address can be found at all times be treated by ebp indirect assignment , you do not need to rely on any thing, only to have the EBP register as a reference! In the shellcode in the exploit also play the role of a part of!
6: char str[6] = {'a','b','c','d','e','f'};
00401038 mov byte ptr [ebp-8],61h
0040103C mov byte ptr [ebp-7],62h
00401040 mov byte ptr [ebp-6],63h
00401044 mov byte ptr [ebp-5],64h
00401048 mov byte ptr [ebp-4],65h
0040104C mov byte ptr [ebp-3],66h
7: return 0;
00401050 xor eax,eax
8: }
2 char str[] = "ABCDEF";, following disassembly
Can obviously find the difference between the wording of the above, ABCDEFit is stored in the memory address! The value of time is to address itself as a reference!
6: char str[] = "ABCDEF";
00401038 mov eax,[string "ABCDEF" (00422fa4)]
0040103D mov dword ptr [ebp-8],eax
00401040 mov cx,word ptr [string "ABCDEF"+4 (00422fa8)]
00401047 mov word ptr [ebp-4],cx
0040104B mov dl,byte ptr [string "ABCDEF"+6 (00422faa)]
00401051 mov byte ptr [ebp-2],dl
7: return 0;
00401050 xor eax,eax
}3 char *str = "ABCDEF";, following disassembly
Almost with the above, you need to own address as a support, different places that this is one step, directly formatted string is then stored in an address!
5: int main(){
00401020 push ebp
00401021 mov ebp,esp
00401023 sub esp,44h
00401026 push ebx
00401027 push esi
00401028 push edi
00401029 lea edi,[ebp-44h]
0040102C mov ecx,11h
00401031 mov eax,0CCCCCCCCh
00401036 rep stos dword ptr [edi]
6: char *str = "ABCDEF"; //我在这里!
00401038 mov dword ptr [ebp-4],offset string "ABCDEF" (00422fa4)
7: return 0;
0040103F xor eax,eax
8: }