舉例這些指令做了什么?
1.push指令
- pushl %eax
將eax數值壓入棧中,可分解為: - subl $4, %esp ——> esp = esp - 4
- movl %eax, (%esp) ——> *(int32_t *)esp = eax
2.popl指令
- pop %eax
將eax數值彈出棧,可分解為: - movl (%esp), %eax ——> eax = *(int32_t *)esp
- addl $4, %esp ——> esp = esp + 4
3.call指令
- call 0x12345
調用0x12345這個地址,可分解為: - pushl %eip ——> 將cpu下一條要執行的指令壓入棧中
- movl $0x12345, %eip ——> eip = 0x12345
注意:CPU下一條指令將會從地址0x12345中取。
4.ret指令
- ret 返回call之前的地址,可分解為:
- popl %eip ——> 將call壓入棧的指令彈出賦給eip
參考鏈接:03_x86匯編指令二(push,pop,call,ret)_weixin_39247141的博客-CSDN博客
https://blog.csdn.net/weixin_39247141/article/details/105523427
學習視頻:03_x86匯編指令二(push,pop,call,ret).
【關於push和pop,牢記住一點:ESP指向的棧頂top是數值】
Push will add an element to the top of the stack.
Pop will remove the top element of the stack.
PUSH instruction
POP instruction
x86棧
參考文檔:
x86-64 下函數調用及棧幀原理 - 知乎 https://zhuanlan.zhihu.com/p/27339191
X86-64寄存器和棧幀_u013982161的專欄-CSDN博客 https://blog.csdn.net/u013982161/article/details/51347944
[翻譯]X86-64下的棧幀布局簡介-軟件逆向-看雪論壇-安全社區|安全招聘|bbs.pediy.com https://bbs.pediy.com/thread-200575.htm
x86 程序內存堆棧模型 - 知乎 https://zhuanlan.zhihu.com/p/180318973
x86-x64寄存器及CallStack調用棧 - tongyishu - 博客園 https://www.cnblogs.com/tongyishu/p/11679829.html
x86匯編函數調用參數傳遞規則 - 繁榮3000的個人頁面-zengfr - OSCHINA - 中文開源技術交流社區 https://my.oschina.net/zengfr/blog/4268091
The x86 microprocessor Assembly language programming - ppt download https://slideplayer.com/slide/14253692/
Kip Irvine: Assembly Language for Intel-Based Computers Overview Stack Operations (PUSH and POP) Procedures Procedure Parameters Software Interrupts MS-DOS. - ppt download https://slideplayer.com/slide/5069076/
Assembly language | the stack https://greysec.net/showthread.php?tid=2008&pid=8029