what does LEA directive do when only a displacement is used?

int _tmain(int argc, _TCHAR* argv[])
{
004113D0  push        ebp  
004113D1  mov         ebp,esp 
004113D3  sub         esp,0E4h 
004113D9  push        ebx  
004113DA  push        esi  
004113DB  push        edi  
004113DC  lea         edi,[ebp-0E4h] 
004113E2  mov         ecx,39h 
004113E7  mov         eax,0CCCCCCCCh 
004113EC  rep stos    dword ptr es:[edi] 
    int a=2;
004113EE  mov         dword ptr [a],2 
    int b=3;
004113F5  mov         dword ptr [b],3 
    int c=add(&a,&b);
004113FC  lea         eax,[b] 
004113FF  push        eax  
00411400  lea         ecx,[a] 
00411403  push        ecx  
00411404  call        add (4111CCh) 
00411409  add         esp,8 
0041140C  mov         dword ptr [c],eax 
    printf("%d",c);
0041140F  mov         esi,esp 
00411411  mov         eax,dword ptr [c] 
00411414  push        eax  
00411415  push        offset string "%d" (41563Ch) 
0041141A  call        dword ptr [__imp__printf (4182B8h)] 
00411420  add         esp,8 
00411423  cmp         esi,esp 
00411425  call        @ILT+310(__RTC_CheckEsp) (41113Bh) 
    return 0;
0041142A  xor         eax,eax 
}
0041142C  push        edx  
0041142D  mov         ecx,ebp 
0041142F  push        eax  

00411430 lea edx,[(411454h)] //在安全过程之前,LEA指令在这里做什么?

00411436  call        @ILT+140(@_RTC_CheckStackVars@8) (411091h) 

//what does LEA directive do here,before the security procedure?

It is not a "security procedure". You are looking at code that's generated by the MSVC compiler in the Debug build with the /RTC option turned on. RTC means Run Time error Checks. The LEA instruction loads the address of a table generated by the compiler that describes the local variables in the stack frame. They are organized so they have unused bytes between them, bytes that are filled with 0xcc. Which you see happening at address 004113EC.

The _RTC_CheckStackVars@8 debugging function uses this table to check if those bytes still have the same value. If not then there is conclusive evidence that the code has a bug and stomped the stack frame. Typically by overrunning the end of an array on the stack. These kind of bugs can be very difficult to diagnose without this debugging aid. Very useful.


lea edx, [(411454h)]

是相同的

mov edx, offset [(411454h)]
链接地址: http://www.djcxy.com/p/72388.html

上一篇: IA32汇编:lea指令

下一篇: LEA指令在只使用位移时会做什么?