Analysis of computer function call mechanism and stack frame structure by disassembly C code

Note: Autumn Wind + original works reproduced please specify the source + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

C Program code (simple function call and return):

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/62/wKiom1T70UrDuEyVAAEXuKD7xcM376.jpg "style=" float: none; "title=" Qq20150307212646.png "alt=" Wkiom1t70urdueyvaaexukd7xcm376.jpg "/>

Compile the C source code into the assembly:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/5E/wKioL1T70mTx4cbOAAEWmOoDdSY210.jpg "style=" float: none; "title=" Qq20150307212729.png "alt=" Wkiol1t70mtx4cboaaewmooddsy210.jpg "/>

Valid assembly code content:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/62/wKiom1T70UqCyi_QAAJqsTEfsQI659.jpg "style=" float: none; "title=" Qq20150307212856.png "alt=" Wkiom1t70uqcyi_qaajqstefsqi659.jpg "/>

By carefully analyzing the changes in the stack during the work of the assembly code, you can draw a picture of the stack frame structure used in the function call process as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/5E/wKioL1T74KCTiK4qAAE4U9Bfsto636.jpg "title=" Qq20150308133449.png "alt=" Wkiol1t74kctik4qaae4u9bfsto636.jpg "/>

Summarize:

The computer uses the program stack to support function or procedure calls at work, and the machine passes parameters, stores return information, holds register values for later recovery, and stores local variables. Stack to the low address direction, register%esp point to the top of the stack, using the PUSHL and POPL instructions for data compression and stack operation, reduce the%ESP value can be assigned to the data space without the specified initial value, by increasing the%ESP to release the data space.

Suppose P calls Q, then the parameter of Q is in the stack frame of P, and the return address of P (where the program should continue to execute when it returns from Q, that is, the next instruction address of the call statement in P) is also pressed into the tail of the P stack frame. The stack frame of Q starts with the save stack base address pointer (%EBP), followed by values, variables, and so on for other registers (such as%EIP, etc.).

Appendix: Other relevant Knowledge points

Linux using the/T assembly format

B,W,L,Q stands for 8,16,32,64 each

PUSHL%eax subl $4,%esp movl%eax, (%ESP)

POPL%eax MOVL (%ESP),%eax Addl $4,%esp

The above pop and push instructions can be replaced by the following two instructions equivalent to use

Call 0x1234 PUSHL%eip movl $0x1234,%eip

RET POPL%EIP

EIP register can not be directly operated, need to use call, RET and other special instructions to modify

Enter

PUSHL%EBP

MOVL%ESP,%EBP

Leave

MOVL%ebp,%esp

POPL%EBP

Computer work model (von Neumann architecture)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/5E/wKioL1T74d7CyxrNAAFTdJZx_gM514.jpg "title=" Computer architecture. png "alt=" wkiol1t74d7cyxrnaaftdjzx_gm514.jpg "/>

(1) Computer processing of data and instructions are used in binary number representation

(2) Sequential execution procedure

In the process of running the computer, the program to be executed and the data processed are first stored in the main memory (memory), and the computer executes the program automatically and sequentially takes out the instruction from the main memory to execute, which is called the Sequential execution program.

(3) The computer hardware consists of five parts: the arithmetic device, the controller, the memory, the input device and the output device.

This article is from "Whispering Autumn Wind" blog, please be sure to keep this source http://xjhznick.blog.51cto.com/3608584/1618368

Analysis of computer function call mechanism and stack frame structure by disassembly C code