Reverse learning - drawing stack map

0x00: EDITORIAL

For many beginners, it is very difficult to reverse entry, many need to take the high ground to climb, then the stack for many people is a highland, how to conquer the stack? Stack Figure painting is a good way to understand the stack.

0x01: Introduction Stack

Stack is a kind of a data item data structure in sequence, only one end (referred to as a top of the stack (Top)) to insert and delete data items.

Important: stack: Stack random order: LIFO (Last-In / First-Out)

1, the stack area (stack) - released automatically allocated by the compiler, the storage function parameters, local variables, and the like. Operate similarly to a stack data structure.
2, the heap area (heap) - typically assigned by the programmer is released, if the programmer does not release at the end of the program may be recovered by the OS. Note that this data structure is totally different in the stack, similar to the distribution list touches

0x02: started

Preparation: OD (my love crack dedicated OD)

Drawing tools excel

Program: Helloworld.exe (link: https: //pan.baidu.com/s/130job_JfoQLEWQxKn0SMYQ Password: 71xq)

Here then we add OD loader F2 breakpoint at 00,401,168.

00401168 Helloworld.exe here is a function of the entry point wherein

Here, when a program break, attention register window EIP: 00401168, then this bit is the next hop of the program at this time.

Observation register windows ESP, EBP

Then the initial stack lower graph of FIG.

Step by step down the F8 execution

First look at the push 0x2 00,401,168 position (push 0x2 (16 hex))

Since two push is a type of assembler instruction. Write - put together

Press-fitted into the stack 0x2 and 0x1 (note are hexadecimal), then the stack into two ESP (stack -8) = 0012FF2C, EBP (stack bottom no change), 1, and 2 are pushed to be used .

Next to this function the call HelloWor.0040100A

So F7 directly into the call in