ASM Function call return address
Is the return address (the one saved on the stack for the EIP
register to use upon returning) the address of the next instruction after call
, or is it the instruction address of call
?
EDIT:
p call x
q mov y
Is the return address on the stack when calling x()
p
or q
?
在调用之后 - 这将是子例程终止时执行的下一条指令。
The processor pushes the value of the EIP register (which contains the offset of the instruction following the CALL instruction) onto the stack (for use later as a return-instruction pointer).
As @Jester posted, RTFM.
The call
instruction pushes the return address - in the way you've "numbered" your lines that'd be q
- on the stack before transferring execution to the called function.
The ret
instruction pops it off - you could say it does pop EIP
.
But this also means ... before ret
, [ ESP ] == EIP
. Since ret
does nothing else to the stack but adjust the stackpointer (ie ESP
-> ESP + 4
), by the time you return, you should still have EIP == [ ESP - 4 ]
.
You could therefore do:
call func
mov EAX, [ ESP - 4 ]
and are very likely to get the code location for the first byte of that MOV
instruction.
Why only very likely ? The answer to that is that stack contents within the unallocated parts of the stack aren't guaranteed; there are asynchronous events (UN*X signals and similar mechanisms in other operating systems) which might interrupt execution just between the ret
having done the stack pointer adjustment / EIP
change but before that instruction actually executes. If that happens, the signal frame might overwrite the unallocated part of the stack, and thereby clobber the return address that was stored there.
If you want to reliably retrieve your current EIP
, do a PC-relative call that just "skips the call
instruction". Then pop the value on the stack off. Ie like:
call +5 ;; the size of a call is 5 bytes, so ... "skip yourself"
pop EAX ;; EAX now contains the "return address" - its own EIP
See also Reading Program Counter directly as previously answered on SO.
链接地址: http://www.djcxy.com/p/80366.html上一篇: 堆栈上局部变量的地址
下一篇: ASM函数调用返回地址