Here are a few of the things I've been trying to figure out, just to record the problem and take the time to figure it out.
1) Intel assembly and T-assembly
2) The compilation difference of # define and const in C language
3) The difference between standard call __stdcal and C call __cdecl
I. Intel assembly and T-compilation
The two styles of assembly instructions are the Intel assembler and the AT-and-t assembly, respectively, by Microsoft Windows/visual C + + and Gnu/gas:
Second, #define和const的区别
Use this simple piece of code to do the testing:
1 #define NUM2#define MOTD "HELLOWORLD"34int main ()5{ 6 constint n=20; 7 Char* s=MOTD; 8 return 0 ; 9 }
The results of the compilation are:
6:const int n=20;
00401028 mov dword ptr [ebp-4],1ch
7:char* S=MOTD;
0040102F mov dword ptr [Ebp-8],offset string "HELLOWORLD" (0042201c)
The resulting executable is then placed in the ollydbg, and 00422000 is the read-only data segment of the runnable program:
The in-memory data is:
00422000-XX, DF 3 A, xx, XX, xx ..........
00422010 4C, XX, XX, A0, 4C 4C L ...????. HELL
00422020 4F 4F, 4C, xx, xx, xx, XX, Oworld .....
You can see that the variables defined by the # define are stored in the file read-only data segment, while the const-modified variables are managed directly on the stack.
The const is identical to the definition of a common variable after assembly. Const is a constant that is implemented only by the compiler, and is a false constant. In practice, using a const-defined variable, and ultimately a variable, is only checked within the compiler, and the error is found to be modified. Variables modified by const can be modified because the compiler checks for const variables during compilation. You can modify the corresponding data content by using the pointer to get to the const-modified variable address, forcing the const modifier of the pointer to be removed.
This picture extracts from the "C + + disassembly and reverse analysis technology disclosure", demonstrates the const modified variable after the situation. After being modified by const, the variables are not changed in nature or can be modified.
#define和const的区别
Three,__cdecl, __stdcal and __fastcall Difference
The __fastcall call was found when the data was checked.
The calling convention (calling convention) determines the content:
1) stacking order of function parameters
2) The Parameters pop-up stack by the caller or by the caller
3) method of generating a function decorated name
|
1 |
2 |
__cdel |
From right to left |
Call Function person |
__stdcal |
From right to left |
called function |
__fastcall |
Two parameters from the left are placed on ECX and edx Remaining parameters are still stacked from right to left __fastcall parameter typically does not exceed 4 bytes |
called function |
The only difference between __cdecl and __stdcal is whether the callee cleans up the stack when it returns, or whether the stack is cleaned by the caller.
In addition to variable-length functions such as fprintf (), the callee cannot know the lengths of the parameters beforehand, and the cleanup is not done normally, so we can only use __cdel in this case. It is best to use the __stdcall keyword in cases where there are no variable parameters involved in the program.
ASSEMBLY01: Three Distinguishing issues