Reverse Assembly instance _ simple function call

 

Reverse Assembly instance _ simple function call

By: for example

Chapter 1 of reverse disassembly, basic function call

Sample Code:

 1 #include"stdio.h" 2 int function(int a,int b) 3 { 4     int c=a+b; 5     return c; 6 } 7 void main() 8 { 9     function(1,2);10     getchar();11 } 

Disassembly result:

 

1 #include "stdio.h"2 3  int function(int a,int b)4 5 {

 

00c213a3 sub ESP, 0cch; an empty stack space is used to store local variables. This function is used internally.

00c213a9 push EBX; esp-4 save environment 00c213aa push ESI; esp-4 save environment 00c213ab push EDI; esp-4 save environment; write es breakpoint debugging, because the Temporary Variable Area has no code, the size is 0cch00c213ac Lea EDI, [ebp-0CCh] 00c213b2 mov ECx, 33 H 00c213b7 mov eax, 0 cccccccch 00c213bc rep STOs dword ptr es: [EDI]; the EDI position of the es segment is exactly the starting address of the stack used in this function.

1 ;int c= a+b;

00c213be mov eax, dword ptr [a]; MoV eax, [EBP + 8] parameter 1: Why is a plus 8, because the EIP is pushed into main and the push EBP is pushed in 8 bytes.

00c213c1 add eax, dword ptr [B]; add eax, [EBP + 0ch] parameter 2 that is, the value in B EBP is always the original ESP Value

00c213c4 mov dword ptr [c], eax

1 ;return c;

00c213c7 mov eax, dword ptr [c]; eax is always used to store return values

 

}

 

00c213ca pop EDI; restore the environment

00c213cb pop ESI; restore the environment

00c213cc pop EBX; restore the environment

 

 

 

00c213cd mov ESP, EBP

00c213cf pop EBP 00c213d0 RET