Function call process stack Dynamic Analysis

Stack call Analysis of a piece of code: the code analyzed below: [cpp]/** ======================================== ========================================================== =============** Filename: stack. c ** Description: usage of the gdb stack. analysis process of the stack ** Version: 1.0 * Created: February 10, 2013 * Revision: none * Compiler: gcc ** Author: LeoK, * Organization: ** ===================================================== ========================================================== =========*/# include <stdli B. h> # include <stdio. h> # include <ctype. h> # include <stdlib. h> # define MAX (1UL <20) typedef unsigned long u64; typedef unsigned int u32; u32 max_addend = MAX; u64 sum_till_MAX (u32 n) {u64 sum; n ++; sum = n; if (n <max_addend) {sum + = sum_till_MAX (n) ;}return sum ;} int main (int argc, char ** argv) {u64 sum = 0; if (argc = 2 & isdigit (* (argv [1]) max_addend = strtoul (argv [1], NULL, 0 ); If (max_addend> = MAX | max_addend = 0) {fprintf (stderr, "Invalid number is specidied \ n"); return 1;} www.2cto.com sum = sum_till_MAX (0 ); printf ("sum (0 .. % lu) = % llu \ n ", max_addend, sum); return 0;} in the assembly code of Figure 1 main function, main calls sum_till_MAX Step 1: figure 1 movl $0x0, (% esp). The Assembly Code is the preparation for calling sum_till_MAX by main. the main task is stack. c: 51 rows. Pass in the 0 function parameter (the code is shown in figure 2 ). figure 2 after Step 1 is executed, the stack is as follows. Because the program is run with a logical Address, the stack Address is assumed to start with 0x8fff0000 and Address Conte. Nt Expain0x8fff0000 0x0 $ esp points to 0x8ffefffc ??? Content random0x8ffefff8 ??? Content random0x8ffefff4 ??? Content random0x8ffefff0 ??? Content random0x8ffeffec ??? Content random0x8ffeffe8 ??? Content random0x8ffeffe4 ??? Content random0x8ffeffe0 ??? Content random figure 3 the stack content after Step 1 is complete Note: If the function has multiple parameters, the parameter's inbound stack order is from right to left, such asint sum (int a, int B, int c) the order of the function's inbound stack is push c => push B => push a. The reason may be that the function executes variable parameters. Step 2. The main function calls the call sum_till_MAX function first. press the eip on the stack, the eip is the next address for executing the program. The stack4Address Content Expain0x8fff0000 0x0 push 00x8ffefffc 0x0804858d register eip esp points to 0x8ffefff8 ??? Content random0x8ffefff4 ??? Content random0x8ffefff0 ??? Content random0x8ffeffec ??? Content random0x8ffeffe8 ??? Content random0x8ffeffe4 ??? Content random0x8ffeffe0 ??? Content random figure 4 step 2 The decompiling code of the sum_till_MAX function sum_till_MAX is as follows: Figure 5sum_till_MAX function assembly code Step 1 push % ebp load the ebp that calls the sum_till_MAX function, it is used to restore the previous stack frame. The stack is as follows: address Content Expain0x8fff0000 0x0 push 00x8ffefffc 0x0804858d register eip 0x8ffefff8 $ stack base Address of a stack frame on ebp $ esp points to 0x8ffefff4 ??? Content random0x8ffefff0 ??? Content random0x8ffeffec ??? Content random0x8ffeffe8 ??? Content random0x8ffeffe4 ??? Content random0x8ffeffe0 ??? Content random Step 2 mov % esp, % ebp this code indicates pointing ebp to esp is also the address 0x8ffefff4 address. Step 3 sub $0x28, % esp indicates to point the esp pointer to 0x8ffefff4-0x28 = 0x8FFEFFCC, that is, to open up new spaces inside the function, is 2*16 + 8 = 40 bytes. The stack is as follows: Address Content Expain0x8fff0000 0x0 push 00x8ffefffc 0x0804858d register eip 0x8ffefff8 $ base Address of the stack frame on the ebp 0x8ffefff4 ??? $ Ebp points to 0x8ffefff0 ??? Content random0x8ffeffec ??? Content random ......... 0x8ffeffcc ??? Esp points to here Step 4 addl $0x1, 0x8 (% ebp) This Code is to take 0 out (% ebp + 0x8 ), step 5 mov 0x8 (% ebp), % eax put the Variable n in the eax register step 6 mov 0x0, % edx clear the register edx Step 7 mov % eax,-0x10 (% ebp) sum = n assigns n to the execution of the sum step 21 leave command to delete the stack frame. It executes the opposite processing as 1 and 2 to release the previous stack. Step 22 ret is the subprogram return instruction. POP the returned address saved in the stack to the program count register and return the control to the caller.