Stack after calling function
Before calling to function the caller must push arguments to the stack? Who pushes the address of next instruction? If the called function will use variables of her own it will push them to the stack so when returning using RET
it pops the value and set the EIP
to this value that got popped.But its not there because the function allocated variables so the stack changed? How can it be? and who pushes the address of the next instruction before the call
command? Solved!
The return address is pushed onto the stack during a call instruction. Functions must keep track of how many variables were pushed onto the stack, any space allocated from the stack from using alloca(), and any other changes made to esp, and at function exit, restore esp so that a return instruction will return to the proper place. If stack frame option is enabled, the function will usually start off with push ebp | mov ebp,esp and never modify ebp. The exit code then does mov esp,ebp | pop ebp, then a return.
For "C" calling convention, after a return from the called function, the calling function needs to add to esp to restore it to it's prior state before pushing any parameters onto the stack. For "Pascal" calling convention, the called function will use a ret n instruction, where n is the value added to ESP after the call to compensate for the pushed parameters.
Depending on the calling convention, some parameters are passed in registers instead of the stack. For Visual Studio, this is an option in 32 bit mode, but in 64 bit mode, the first 4 parameters are always passed in registers, rcx, rdx, r8, and r9.
链接地址: http://www.djcxy.com/p/80376.html上一篇: 函数调用和堆栈
下一篇: 调用函数后堆叠