vs2005中,斷點斷在要反彙編的程序中,alt + 8 顯示反彙編窗口
代碼如下:
- // TestMem.cpp : 定義控制檯應用程序的入口點。
- //
- #include "stdafx.h"
- #include <memory.h>
- void f(int param1, int param2, int param3)
- {
- 004113A0 push ebp
- 004113A1 mov ebp,esp
- 004113A3 sub esp,0E4h
- 004113A9 push ebx
- 004113AA push esi
- 004113AB push edi
- 004113AC lea edi,[ebp-0E4h]
- 004113B2 mov ecx,39h
- 004113B7 mov eax,0CCCCCCCCh
- 004113BC rep stos dword ptr es:[edi]
- int local1 = 1;
- 004113BE mov dword ptr [local1],1
- int local2 = 2;
- 004113C5 mov dword ptr [local2],2
- int local3 = 3;
- 004113CC mov dword ptr [local3],3
- memset(&local3, 0, 24);
- 004113D3 push 18h
- 004113D5 push 0
- 004113D7 lea eax,[local3]
- 004113DA push eax
- 004113DB call @ILT+460(_memset) (4111D1h)
- 004113E0 add esp,0Ch
- local3 = local1 + local2;
- 004113E3 mov eax,dword ptr [local1]
- 004113E6 add eax,dword ptr [local2]
- 004113E9 mov dword ptr [local3],eax
- }
- --- e:\myproject\testmem\testmem.cpp -------------------------------------------
- //param3->param2->param1->call_next_addr->local1->local2->local3
- int _tmain(int argc, _TCHAR* argv[])
- {
- 00411450 push ebp
- 00411451 mov ebp,esp
- 00411453 sub esp,0C0h
- 00411459 push ebx
- 0041145A push esi
- 0041145B push edi
- 0041145C lea edi,[ebp-0C0h]
- 00411462 mov ecx,30h
- 00411467 mov eax,0CCCCCCCCh
- 0041146C rep stos dword ptr es:[edi]
- f(1, 2, 3);
- 0041146E push 3
- 00411470 push 2
- 00411472 push 1
- 00411474 call f (411195h)
- 00411479 add esp,0Ch
- return 0;
- 0041147C xor eax,eax
- }
局部變量地址:
程序觀察的結果:
1,執行memset語句前的
2,執行memset語句後的
結論堆棧結構:
Param3=>Param2=>param1=>call_next_addr=>local1=>local2=>local3
擴展如果有數組,則設爲int a[4], 則棧爲....=>a[3]=>a[2]=>a[1]=>a[0]