基礎知識
函數傳參存在兩種方式,一種是通過棧,一種是通過寄存器。對於x64體系結構,如果函數參數不大於6個時,使用寄存器傳參,對於函數參數大於6個的函數,前六個參數使用寄存器傳遞,后面的使用棧傳遞。參數傳遞的規律是固定的,即前6個參數從左到右放入寄存器: rdi, rsi, rdx, rcx, r8, r9,后面的依次從 “右向左” 放入棧中。
例如:
H(a, b, c, d, e, f, g, h);
a->%rdi, b->%rsi, c->%rdx, d->%rcx, e->%r8, f->%r9
h->8(%rsp)
g->(%rsp)
實驗驗證
源碼示例
1 #include <stdio.h>
2 #include <stdlib.h>
3 int test_pass_parm(int a, int b, int c, int d, int e, int f, int g, int h)
4 {
5 printf("a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n", a,b,c,d,e,f,g,h);
6 return 0;
7 }
8 int main(int argc, char **argv)
9 {
10 int a = 1, b= 2, c=3, d = 4, e =5, f=6, g= 7, h =8;
11 test_pass_parm(a,b,c,d,e,f,g,h);
12 return 0;
13 }
使用 gcc pass_parm.c -o pass_parm -g生成可執行程序 pass_parm.
反匯編 pass_parm
從中我們取出來main函數以及test_pass_parm 匯編進行分析驗證。
main 匯編分析
119 int main(int argc, char **argv)
120 {
121 40057b: 55 push %rbp
122 40057c: 48 89 e5 mov %rsp,%rbp
123 40057f: 48 83 ec 40 sub $0x40,%rsp //rsp棧指針下移0x40(64)個字節
124 400583: 89 7d dc mov %edi,-0x24(%rbp) // main函數的第一個參數argc放置在距離棧底0x24字節處
125 400586: 48 89 75 d0 mov %rsi,-0x30(%rbp) // main函數的第一個參數argv放置在距離棧底0x30字節處
126 int a = 1, b= 2, c=3, d = 4, e =5, f=6, g= 7, h =8;
127 40058a: c7 45 fc 01 00 00 00 movl $0x1,-0x4(%rbp) //變量a
128 400591: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp)//變量b
129 400598: c7 45 f4 03 00 00 00 movl $0x3,-0xc(%rbp)//變量c
130 40059f: c7 45 f0 04 00 00 00 movl $0x4,-0x10(%rbp)//變量d
131 4005a6: c7 45 ec 05 00 00 00 movl $0x5,-0x14(%rbp)//變量e
132 4005ad: c7 45 e8 06 00 00 00 movl $0x6,-0x18(%rbp)//變量f
133 4005b4: c7 45 e4 07 00 00 00 movl $0x7,-0x1c(%rbp) //變量g
134 4005bb: c7 45 e0 08 00 00 00 movl $0x8,-0x20(%rbp) //變量h
135 // 以上匯編將main函數的局部a, b, c, d, e, f, g, h變量從左到右依次入棧
136 test_pass_parm(a,b,c,d,e,f,g,h);
137 4005c2: 44 8b 4d e8 mov -0x18(%rbp),%r9d //傳送-0x18(%rbp)(變量f) 位置的值到r9寄存器中
138 4005c6: 44 8b 45 ec mov -0x14(%rbp),%r8d //傳送-0x14(%rbp)(變量e) 位置的值到r8寄存器中
139 4005ca: 8b 4d f0 mov -0x10(%rbp),%ecx //傳送-0x10(%rbp)(變量d) 位置的值到cx寄存器中
140 4005cd: 8b 55 f4 mov -0xc(%rbp),%edx //傳送-0xc(%rbp)(變量c) 位置的值到dx寄存器中
141 4005d0: 8b 75 f8 mov -0x8(%rbp),%esi //傳送-0x8(%rbp)(變量b) 位置的值到si寄存器中
142 4005d3: 8b 45 fc mov -0x4(%rbp),%eax //暫存-0x4(%rbp)(變量a) 位置的值到ax寄存器中
143 4005d6: 8b 7d e0 mov -0x20(%rbp),%edi //傳送-0x20(%rbp)(變量h) 位置的值到di寄存器中中轉
144 4005d9: 89 7c 24 08 mov %edi,0x8(%rsp) //傳送di寄存器的值到(變量h) 0x8(%rsp)位置
145 4005dd: 8b 7d e4 mov -0x1c(%rbp),%edi //傳送-0x1c(%rbp)(變量g) 位置的值到di寄存器中中轉
146 4005e0: 89 3c 24 mov %edi,(%rsp) //傳送di寄存器的值到(變量g) (%rsp)位置
147 4005e3: 89 c7 mov %eax,%edi //最后將ax寄存器保存的a變量的值傳送到di寄存器
148 // 以上匯編准備傳給test_pass_parm函數的參數,然后調用test_pass_parm
149 4005e5: e8 33 ff ff ff callq 40051d <test_pass_parm>
150 return 0;
151 4005ea: b8 00 00 00 00 mov $0x0,%eax
152 }
153 4005ef: c9 leaveq
154 4005f0: c3 retq
155 4005f1: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
156 4005f8: 00 00 00
157 4005fb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
test_pass_parm 匯編分析
82 int test_pass_parm(int a, int b, int c, int d, int e, int f, int g, int h)
83 {
84 40051d: 55 push %rbp
85 40051e: 48 89 e5 mov %rsp,%rbp
86 400521: 48 83 ec 30 sub $0x30,%rsp
87 400525: 89 7d fc mov %edi,-0x4(%rbp) //a
88 400528: 89 75 f8 mov %esi,-0x8(%rbp) //b
89 40052b: 89 55 f4 mov %edx,-0xc(%rbp) //c
90 40052e: 89 4d f0 mov %ecx,-0x10(%rbp) //d
91 400531: 44 89 45 ec mov %r8d,-0x14(%rbp) //e
92 400535: 44 89 4d e8 mov %r9d,-0x18(%rbp) /f
93 //從寄存器恢復實參到當前函數的棧中
94 printf("a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n", a,b,c,d,e,f,g,h);
95 400539: 44 8b 45 ec mov -0x14(%rbp),%r8d
96 40053d: 8b 7d f0 mov -0x10(%rbp),%edi
97 400540: 8b 4d f4 mov -0xc(%rbp),%ecx
98 400543: 8b 55 f8 mov -0x8(%rbp),%edx
99 400546: 8b 45 fc mov -0x4(%rbp),%eax
100 400549: 8b 75 18 mov 0x18(%rbp),%esi //0x18(%rbp)的地址是上一個函數的棧頂位置 + 8,從這拿出h
101 40054c: 89 74 24 10 mov %esi,0x10(%rsp)
102 400550: 8b 75 10 mov 0x10(%rbp),%esi //0x10(%rbp)的地址是上一個函數的棧頂位置,從這拿出g
103 400553: 89 74 24 08 mov %esi,0x8(%rsp)
104 400557: 8b 75 e8 mov -0x18(%rbp),%esi
105 40055a: 89 34 24 mov %esi,(%rsp)
106 40055d: 45 89 c1 mov %r8d,%r9d
107 400560: 41 89 f8 mov %edi,%r8d
108 400563: 89 c6 mov %eax,%esi
109 400565: bf 90 06 40 00 mov $0x400690,%edi
110 40056a: b8 00 00 00 00 mov $0x0,%eax
111 // 以上匯編准備傳給printf函數的參數,然后調用printf
112 40056f: e8 8c fe ff ff callq 400400 <printf@plt>
113 return 0;
114 400574: b8 00 00 00 00 mov $0x0,%eax
115 }
116 400579: c9 leaveq
117 40057a: c3 retq
實驗
使用gdb進行匯編代碼調試,分別在執行匯編指令的0x4005c2、0x4005e5、0x400539、0x40056f處設置斷點,查看寄存器的值以及函數棧幀中的值,驗證分析的結果。
設置斷點
斷點1處的棧數值
斷點2處的棧數值以及寄存器值
斷點3處的棧數值以及寄存器值
斷點4處的棧數值以及寄存器值
結論
實驗結果完全驗證了所分析的結果,從這次實踐中可以更好地了解函數參數的傳遞過程以及函數調用所引起的堆棧變化,完整的調試過程見附錄。
附錄 完整匯編與調試過程
完整匯編代碼
[root@localhost test]# objdump -j .text -S pass_parm > a.txt
[root@localhost test]# nl a.txt1 pass_parm: 文件格式 elf64-x86-64 2 Disassembly of section .text: 3 0000000000400430 <_start>: 4 400430: 31 ed xor %ebp,%ebp 5 400432: 49 89 d1 mov %rdx,%r9 6 400435: 5e pop %rsi 7 400436: 48 89 e2 mov %rsp,%rdx 8 400439: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 9 40043d: 50 push %rax 10 40043e: 54 push %rsp 11 40043f: 49 c7 c0 70 06 40 00 mov $0x400670,%r8 12 400446: 48 c7 c1 00 06 40 00 mov $0x400600,%rcx 13 40044d: 48 c7 c7 7b 05 40 00 mov $0x40057b,%rdi 14 400454: e8 b7 ff ff ff callq 400410 <__libc_start_main@plt> 15 400459: f4 hlt 16 40045a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 17 0000000000400460 <deregister_tm_clones>: 18 400460: b8 37 10 60 00 mov $0x601037,%eax 19 400465: 55 push %rbp 20 400466: 48 2d 30 10 60 00 sub $0x601030,%rax 21 40046c: 48 83 f8 0e cmp $0xe,%rax 22 400470: 48 89 e5 mov %rsp,%rbp 23 400473: 77 02 ja 400477 <deregister_tm_clones+0x17> 24 400475: 5d pop %rbp 25 400476: c3 retq 26 400477: b8 00 00 00 00 mov $0x0,%eax 27 40047c: 48 85 c0 test %rax,%rax 28 40047f: 74 f4 je 400475 <deregister_tm_clones+0x15> 29 400481: 5d pop %rbp 30 400482: bf 30 10 60 00 mov $0x601030,%edi 31 400487: ff e0 jmpq *%rax 32 400489: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 33 0000000000400490 <register_tm_clones>: 34 400490: b8 30 10 60 00 mov $0x601030,%eax 35 400495: 55 push %rbp 36 400496: 48 2d 30 10 60 00 sub $0x601030,%rax 37 40049c: 48 c1 f8 03 sar $0x3,%rax 38 4004a0: 48 89 e5 mov %rsp,%rbp 39 4004a3: 48 89 c2 mov %rax,%rdx 40 4004a6: 48 c1 ea 3f shr $0x3f,%rdx 41 4004aa: 48 01 d0 add %rdx,%rax 42 4004ad: 48 d1 f8 sar %rax 43 4004b0: 75 02 jne 4004b4 <register_tm_clones+0x24> 44 4004b2: 5d pop %rbp 45 4004b3: c3 retq 46 4004b4: ba 00 00 00 00 mov $0x0,%edx 47 4004b9: 48 85 d2 test %rdx,%rdx 48 4004bc: 74 f4 je 4004b2 <register_tm_clones+0x22> 49 4004be: 5d pop %rbp 50 4004bf: 48 89 c6 mov %rax,%rsi 51 4004c2: bf 30 10 60 00 mov $0x601030,%edi 52 4004c7: ff e2 jmpq *%rdx 53 4004c9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 54 00000000004004d0 <__do_global_dtors_aux>: 55 4004d0: 80 3d 55 0b 20 00 00 cmpb $0x0,0x200b55(%rip) # 60102c <_edata> 56 4004d7: 75 11 jne 4004ea <__do_global_dtors_aux+0x1a> 57 4004d9: 55 push %rbp 58 4004da: 48 89 e5 mov %rsp,%rbp 59 4004dd: e8 7e ff ff ff callq 400460 <deregister_tm_clones> 60 4004e2: 5d pop %rbp 61 4004e3: c6 05 42 0b 20 00 01 movb $0x1,0x200b42(%rip) # 60102c <_edata> 62 4004ea: f3 c3 repz retq 63 4004ec: 0f 1f 40 00 nopl 0x0(%rax) 64 00000000004004f0 <frame_dummy>: 65 4004f0: 48 83 3d 28 09 20 00 cmpq $0x0,0x200928(%rip) # 600e20 <__JCR_END__> 66 4004f7: 00 67 4004f8: 74 1e je 400518 <frame_dummy+0x28> 68 4004fa: b8 00 00 00 00 mov $0x0,%eax 69 4004ff: 48 85 c0 test %rax,%rax 70 400502: 74 14 je 400518 <frame_dummy+0x28> 71 400504: 55 push %rbp 72 400505: bf 20 0e 60 00 mov $0x600e20,%edi 73 40050a: 48 89 e5 mov %rsp,%rbp 74 40050d: ff d0 callq *%rax 75 40050f: 5d pop %rbp 76 400510: e9 7b ff ff ff jmpq 400490 <register_tm_clones> 77 400515: 0f 1f 00 nopl (%rax) 78 400518: e9 73 ff ff ff jmpq 400490 <register_tm_clones> 79 000000000040051d <test_pass_parm>: 80 #include <stdio.h> 81 #include <stdlib.h> 82 int test_pass_parm(int a, int b, int c, int d, int e, int f, int g, int h) 83 { 84 40051d: 55 push %rbp 85 40051e: 48 89 e5 mov %rsp,%rbp 86 400521: 48 83 ec 30 sub $0x30,%rsp 87 400525: 89 7d fc mov %edi,-0x4(%rbp) 88 400528: 89 75 f8 mov %esi,-0x8(%rbp) 89 40052b: 89 55 f4 mov %edx,-0xc(%rbp) 90 40052e: 89 4d f0 mov %ecx,-0x10(%rbp) 91 400531: 44 89 45 ec mov %r8d,-0x14(%rbp) 92 400535: 44 89 4d e8 mov %r9d,-0x18(%rbp) 93 printf("a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n", a,b,c,d,e,f,g,h); 94 400539: 44 8b 45 ec mov -0x14(%rbp),%r8d 95 40053d: 8b 7d f0 mov -0x10(%rbp),%edi 96 400540: 8b 4d f4 mov -0xc(%rbp),%ecx 97 400543: 8b 55 f8 mov -0x8(%rbp),%edx 98 400546: 8b 45 fc mov -0x4(%rbp),%eax 99 400549: 8b 75 18 mov 0x18(%rbp),%esi100 40054c: 89 74 24 10 mov %esi,0x10(%rsp)
101 400550: 8b 75 10 mov 0x10(%rbp),%esi
102 400553: 89 74 24 08 mov %esi,0x8(%rsp)
103 400557: 8b 75 e8 mov -0x18(%rbp),%esi
104 40055a: 89 34 24 mov %esi,(%rsp)
105 40055d: 45 89 c1 mov %r8d,%r9d
106 400560: 41 89 f8 mov %edi,%r8d
107 400563: 89 c6 mov %eax,%esi
108 400565: bf 90 06 40 00 mov $0x400690,%edi
109 40056a: b8 00 00 00 00 mov $0x0,%eax
110 40056f: e8 8c fe ff ff callq 400400 printf@plt
111 return 0;
112 400574: b8 00 00 00 00 mov $0x0,%eax
113 }
114 400579: c9 leaveq
115 40057a: c3 retq116 000000000040057b
:117 int main(int argc, char **argv)
118 {
119 40057b: 55 push %rbp
120 40057c: 48 89 e5 mov %rsp,%rbp
121 40057f: 48 83 ec 40 sub $0x40,%rsp
122 400583: 89 7d dc mov %edi,-0x24(%rbp)
123 400586: 48 89 75 d0 mov %rsi,-0x30(%rbp)
124 int a = 1, b= 2, c=3, d = 4, e =5, f=6, g= 7, h =8;
125 40058a: c7 45 fc 01 00 00 00 movl $0x1,-0x4(%rbp)
126 400591: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp)
127 400598: c7 45 f4 03 00 00 00 movl $0x3,-0xc(%rbp)
128 40059f: c7 45 f0 04 00 00 00 movl $0x4,-0x10(%rbp)
129 4005a6: c7 45 ec 05 00 00 00 movl $0x5,-0x14(%rbp)
130 4005ad: c7 45 e8 06 00 00 00 movl $0x6,-0x18(%rbp)
131 4005b4: c7 45 e4 07 00 00 00 movl $0x7,-0x1c(%rbp)
132 4005bb: c7 45 e0 08 00 00 00 movl $0x8,-0x20(%rbp)
133 test_pass_parm(a,b,c,d,e,f,g,h);
134 4005c2: 44 8b 4d e8 mov -0x18(%rbp),%r9d
135 4005c6: 44 8b 45 ec mov -0x14(%rbp),%r8d
136 4005ca: 8b 4d f0 mov -0x10(%rbp),%ecx
137 4005cd: 8b 55 f4 mov -0xc(%rbp),%edx
138 4005d0: 8b 75 f8 mov -0x8(%rbp),%esi
139 4005d3: 8b 45 fc mov -0x4(%rbp),%eax
140 4005d6: 8b 7d e0 mov -0x20(%rbp),%edi
141 4005d9: 89 7c 24 08 mov %edi,0x8(%rsp)
142 4005dd: 8b 7d e4 mov -0x1c(%rbp),%edi
143 4005e0: 89 3c 24 mov %edi,(%rsp)
144 4005e3: 89 c7 mov %eax,%edi
145 4005e5: e8 33 ff ff ff callq 40051d <test_pass_parm>
146 return 0;
147 4005ea: b8 00 00 00 00 mov $0x0,%eax
148 }
149 4005ef: c9 leaveq
150 4005f0: c3 retq
151 4005f1: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
152 4005f8: 00 00 00
153 4005fb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)154 0000000000400600 <__libc_csu_init>:
155 400600: 41 57 push %r15
156 400602: 41 89 ff mov %edi,%r15d
157 400605: 41 56 push %r14
158 400607: 49 89 f6 mov %rsi,%r14
159 40060a: 41 55 push %r13
160 40060c: 49 89 d5 mov %rdx,%r13
161 40060f: 41 54 push %r12
162 400611: 4c 8d 25 f8 07 20 00 lea 0x2007f8(%rip),%r12 # 600e10 <__frame_dummy_init_array_entry>
163 400618: 55 push %rbp
164 400619: 48 8d 2d f8 07 20 00 lea 0x2007f8(%rip),%rbp # 600e18 <__init_array_end>
165 400620: 53 push %rbx
166 400621: 4c 29 e5 sub %r12,%rbp
167 400624: 31 db xor %ebx,%ebx
168 400626: 48 c1 fd 03 sar $0x3,%rbp
169 40062a: 48 83 ec 08 sub $0x8,%rsp
170 40062e: e8 95 fd ff ff callq 4003c8 <_init>
171 400633: 48 85 ed test %rbp,%rbp
172 400636: 74 1e je 400656 <__libc_csu_init+0x56>
173 400638: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
174 40063f: 00
175 400640: 4c 89 ea mov %r13,%rdx
176 400643: 4c 89 f6 mov %r14,%rsi
177 400646: 44 89 ff mov %r15d,%edi
178 400649: 41 ff 14 dc callq *(%r12,%rbx,8)
179 40064d: 48 83 c3 01 add $0x1,%rbx
180 400651: 48 39 eb cmp %rbp,%rbx
181 400654: 75 ea jne 400640 <__libc_csu_init+0x40>
182 400656: 48 83 c4 08 add $0x8,%rsp
183 40065a: 5b pop %rbx
184 40065b: 5d pop %rbp
185 40065c: 41 5c pop %r12
186 40065e: 41 5d pop %r13
187 400660: 41 5e pop %r14
188 400662: 41 5f pop %r15
189 400664: c3 retq
190 400665: 90 nop
191 400666: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
192 40066d: 00 00 00193 0000000000400670 <__libc_csu_fini>:
194 400670: f3 c3 repz retq
完整調試過程
[root@kfzhao test]# gdb pass_parm
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /root/test/pass_parm...done.
(gdb) b *0x4005c2
Breakpoint 1 at 0x4005c2: file pass_parm.c, line 13.
(gdb) b *0x4005e5
Breakpoint 2 at 0x4005e5: file pass_parm.c, line 13.
(gdb) b *0x400539
Breakpoint 3 at 0x400539: file pass_parm.c, line 6.
(gdb) b *0x40056f
Breakpoint 4 at 0x40056f: file pass_parm.c, line 6.
(gdb) info breakpoints
Num Type Disp Enb Address What
1 breakpoint keep y 0x00000000004005c2 in main at pass_parm.c:13
2 breakpoint keep y 0x00000000004005e5 in main at pass_parm.c:13
3 breakpoint keep y 0x0000000000400539 in test_pass_parm at pass_parm.c:6
4 breakpoint keep y 0x000000000040056f in test_pass_parm at pass_parm.c:6
(gdb) r
Starting program: /root/test/pass_parmBreakpoint 1, main (argc=1, argv=0x7fffffffe528) at pass_parm.c:13
13 test_pass_parm(a,b,c,d,e,f,g,h);
(gdb) layout regs
(gdb) info registers
rax 0x40057b 4195707
rbx 0x0 0
rcx 0x400600 4195840
rdx 0x7fffffffe538 140737488348472
rsi 0x7fffffffe528 140737488348456
rdi 0x1 1
rbp 0x7fffffffe440 0x7fffffffe440
rsp 0x7fffffffe400 0x7fffffffe400
r8 0x7ffff7dd5e80 140737351868032
r9 0x0 0
r10 0x7fffffffdf20 140737488346912
r11 0x7ffff7a30350 140737348043600
r12 0x400430 4195376
r13 0x7fffffffe520 140737488348448
r14 0x0 0
r15 0x0 0
rip 0x4005c2 0x4005c2 <main+71>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/8dw $rbp - 0x20
0x7fffffffe420: 8 7 6 5
0x7fffffffe430: 4 3 2 1
(gdb) c
Continuing.Breakpoint 2, 0x00000000004005e5 in main (argc=1, argv=0x7fffffffe528) at pass_parm.c:13
13 test_pass_parm(a,b,c,d,e,f,g,h);
(gdb) info registers
rax 0x1 1
rbx 0x0 0
rcx 0x4 4
rdx 0x3 3
rsi 0x2 2
rdi 0x1 1
rbp 0x7fffffffe440 0x7fffffffe440
rsp 0x7fffffffe400 0x7fffffffe400
r8 0x5 5
r9 0x6 6
r10 0x7fffffffdf20 140737488346912
r11 0x7ffff7a30350 140737348043600
r12 0x400430 4195376
r13 0x7fffffffe520 140737488348448
r14 0x0 0
r15 0x0 0
rip 0x4005e5 0x4005e5 <main+106>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/8dw $rbp - 0x20
0x7fffffffe420: 8 7 6 5
0x7fffffffe430: 4 3 2 1
(gdb) c
Continuing.Breakpoint 3, test_pass_parm (a=1, b=2, c=3, d=4, e=5, f=6, g=7, h=8) at pass_parm.c:6
6 printf("a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n", a,b,c,d,e,f,g,h);
(gdb) info registers
rax 0x1 1
rbx 0x0 0
rcx 0x4 4
rdx 0x3 3
rsi 0x2 2
rdi 0x1 1
rbp 0x7fffffffe3f0 0x7fffffffe3f0
rsp 0x7fffffffe3c0 0x7fffffffe3c0
r8 0x5 5
r9 0x6 6
r10 0x7fffffffdf20 140737488346912
r11 0x7ffff7a30350 140737348043600
r12 0x400430 4195376
r13 0x7fffffffe520 140737488348448
r14 0x0 0
r15 0x0 0
rip 0x400539 0x400539 <test_pass_parm+28>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/4dw $rbp + 0x10
0x7fffffffe400: 7 0 8 0
(gdb) c
Continuing.Breakpoint 4, 0x000000000040056f in test_pass_parm (a=1, b=2, c=3, d=4, e=5, f=6, g=7, h=8) at pass_parm.c:6
6 printf("a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n", a,b,c,d,e,f,g,h);
(gdb) info registers
rax 0x0 0
rbx 0x0 0
rcx 0x3 3
rdx 0x2 2
rsi 0x1 1
rdi 0x400690 4195984
rbp 0x7fffffffe3f0 0x7fffffffe3f0
rsp 0x7fffffffe3c0 0x7fffffffe3c0
r8 0x4 4
r9 0x5 5
r10 0x7fffffffdf20 140737488346912
r11 0x7ffff7a30350 140737348043600
r12 0x400430 4195376
r13 0x7fffffffe520 140737488348448
r14 0x0 0
r15 0x0 0
rip 0x40056f 0x40056f <test_pass_parm+82>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) p (char*)0x400690
$1 = 0x400690 "a:%0x, b:%0x c:%0x d:%0x e:%0x f:%0x g;%0x h:%0x\n"
(gdb) x/6dw $rsp
0x7fffffffe3c0: 6 32767 7 32767
0x7fffffffe3d0: 8 0
(gdb)