function parameter pressure stack, stack frame ebp,esp how to move?

Press Stack once ESP-4,EBP unchanged

ESP is the stack-top pointer register, and the stack operation is only related to ESP
For example, there is a function A, there are two parameters, which is generally the case
Push 1 parameter 2 pressure stack, esp-4
Push 2 parameter 1 pressure stack, esp-4
Call a calls

A:
PUSH EBP Save Ebp
MOV ebp,esp changes stack frame, accesses parameters later via EBP, accesses local variables via ESP
SUB esp,8 assigning local variable space

...
ADD esp,8
POP EBP Recovery Ebp
RETN 8 Back, esp+8

The C statement corresponds to the assembly statement:

For example, a function:

int aaa (int a,int b)
{
int C;
C=a+b;
return C;
}

AAA ();

Debug version of AAA code
PUSH EBP
MOV Ebp,esp
SUB esp,4//allocates local variable space, an int is 4 bytes
MOV eax,dword PTR ss:[ebp+8]//Read parameter a
Add Eax,dword PTR ss:[ebp+c]//plus parameter b
MOV DWORD PTR ss:[ebp-4],eax//saved to local variable C
MOV Eax,dword PTR Ss:[ebp-4]//eax is the return value
MOV esp,ebp//recovery Stack top pointer
POP ebp//Recovery EBP
retn//return

Call
Push 2//parameter 2 press stack, esp-4
Push 1//parameter 1 press stack, esp-4
Call aaa//calling function
ADD esp,8//esp+8, balance stack, clear out parameters

The release of this is the case, a lot of reduced content
MOV Eax,dword PTR Ss:[esp+8]
MOV Ecx,dword PTR Ss:[esp+4]
ADD EAX,ECX
RETN

。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。

Here is how the subroutine accesses the parameters, because the default stack operation register has ESP and EBP, and ESP is a stack pointer, cannot be used temporarily, so generally use EBP to access the stack, assuming that there are two parameters in a call, and the stack pointer before the first parameter of the push ESP is X, then After two parameters of the ESP is X-8, the program began to execute the call instruction, called the return address on the stack, when the ESP is X-C, it is already in the subroutine, we can start to use EBP to access parameters, but in order to restore the value of EBP on return, we still need a sentence Push EBP to first save the value of EBP, then ESP for X-10, and then execute a MOV ebp,esp, according to can be seen, actually this time [EBP + 8] is the parameter 1,[EBP + c] is the parameter 2. In addition, the local variables are also defined in the stack, their position is generally placed after the value of the EBP saved by the push EBP, the local variables 1, 2 corresponding address is [ebp-4], [ebp-8], the following is a typical subroutine, you can complete the first parameter minus the second parameter, It is defined as:

MyProc proto Var1,var2; there are two parameters
Local lvar1,lvar2; there are two local variables

Note that the two local variables here are not actually used, just for demonstration purposes, the implementation code is:

MYPROC proc

Push EBP
MOV Ebp,esp
Sub esp,8
mov Eax,dword ptr [ebp + 8]
Sub Eax,dword ptr [Ebp + c]
Add esp,8
Pop EBP
RET 8

MyProc ENDP

Now for this subroutine analysis, push Ebp/mov ebp,esp is routine to save and set the EBP code, sub esp,8 in the stack to leave two local variable space, Mov/add statement completion Add, add esp,8 fix two local variables using the stack, ret 8 fixed the stack used by two parameters, which is equivalent to the effect of Ret/add esp,8 two lines of code. As you can see, this is a standard stdcall convention subroutine, which is used when the last parameter is first on the stack and is returned by a stack fix by the subroutine. Of course, this subroutine uses the method of manually saving EBP and setting local variables in order to demonstrate the execution process, in fact, the 386 processor has two dedicated instructions to complete this function, that is, the function of the Enter and Leave,enter statements is to push Ebp/mov EBP, Esp/sub esp,xxx, this xxx is Enter, Leave to complete the function of add Esp,xxx/pop EBP, so the above program can be changed to:

MYPORC proc

Enter 8,0

mov Eax,dword ptr [ebp + 8]
Sub Eax,dword ptr [Ebp + c]

Leave
RET 8

MyProc ENDP

Article Source: Flying Connaught Network (www.diybl.com): http://www.diybl.com/course/3_program/hb/hbjs/20071226/93663_2.html

。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。

One: In the analysis of assembly code always encounter countless call, for these call, as far as possible according to call before the parameters and call return value to determine the function of call. The work of passing parameters must be reconciled by the function caller and the function itself, and the computer provides a data structure called a stack to support parameter passing.
When the number of arguments is more than one, the arguments are pressed into the stack in what order. After the function is called, who will restore the stack. In high-level languages, these two problems are illustrated by function calling conventions. The common calling conventions are:

Two: The stack frame is also called the activity record, it is the return address of the program, pass in the parameters, save the register to drink local variables to save the stack space. The stack frame is created by following these steps.

1: The parameter is pressed into the stack.

2: The procedure is called and the return address is pressed into the stack.

3: EBP is pressed into the stack when the process begins execution.

4: The values of EBP and ESP are equal, from here, EBP is used as the base address pointer of the addressing parameter.

5: You can subtract a value from the ESP to create space for the local variables of the procedure.

"Example" Call function Test2 (PAR1, PAR2) by __stdcall Convention


Push par2; Parameter 2; Parameters are pressed into the stack (right-to-left)
Push par1; Parameter 1;
Call Test2; ; Procedure is called
{; process starts execution
Push EBP; EBP is pressed into the stack to protect the field's original EBP pointer
MOV ebp, esp; Make Ebp=esp, set a new EBP pointer, point to the top of the stack,

; From here, EBP acts as a base-point pointer to the addressing parameter.
mov eax, [ebp+0c]; Calling Parameter 2
mov ebx, [ebp+08]; Calling parameter 1
Sub ESP, 8; If the function is to use a local variable, make a little space in the stack

; Subtract a value from the ESP to create space for the local variables of the procedure
...
Add ESP, 8; Releasing a stack occupied by a local variable
Pop ebp; Restore the site of the EBP pointer
RET 8; Return (equivalent to RET; Add esp,8)
}

Three: its stack call: (more clearly stated in the tutorial on compiling the Principles)

Four: Example

00401000/$ 6a04 push 4; /ARG2 = 00000004

00401002 |. 6A03 Push 3; | ARG1 = 00000003

00401004 |. E8 16000000 call 0040101F; \local.0040101f

00401009 |. 8BD8 mov ebx, eax

0040100B |. 6a00 push 0; /exitcode = 0

0040100D \. FF15 00204000 call DWORD ptr [<&KERNEL32. exitproces>; \exitprocess

00401013 db 00

00401014 db 00

00401015 db 00

00401016 db 00

00401017 db 00

00401018 db 00

00401019 db 00

0040101A db 00

0040101B db 00

0040101C db 00

0040101D db 00

0040101E db 00

0040101F/$-Push EBP

00401020 |. 8BEC mov ebp, esp

; Make EBP=ESP=0012FFB4

; Set a new EBP pointer, point to the top of the stack,

; From here, EBP acts as a base-point pointer to the addressing parameter.

00401022 |. 83EC Sub ESP, 4

; Extended Stack Space esp=0012ffb0

00401025 |. 8B450C mov eax, DWORD ptr [Ebp+c];

; Number of 3 double-word offsets for the current stack

; Ebp+c=0012ffb4+c=0012ffc0

; eax=[0012ffc0]=00000004

00401028 |. 8B5D mov ebx, DWORD ptr [Ebp+8]

; Number of 2 double-word offsets for the current stack

; Ebp+8==0012ffb4+8=0012ffbc

; ebx=[0012ffbc]=00000003

0040102B |. 895D FC mov dword ptr [ebp-4], ebx

; [Ebp-4] is a local variable =[0012ffb4-4]=[0012ffb0]

; Automatically minus 4, that is, the value in EBX 00000003

; At the 0012ffb0 address where the stack is placed

; Parameter 1 put in local variable

0040102E |. 0345 FC add eax, DWORD ptr [ebp-4]

; Add local variables to EAX and put them in EAX

; eax=00000007

; Add parameter 2 to local variables

00401031 |. 83C4 Add ESP, 4

; Frees the stack that the local variable occupies, ESP:0012FFB4

00401034 |. 5D Pop EBP

; Restore the original EBP, ESP:0012FFB8

00401035 \. C2 0800 RETN 8

; Return (equivalent to RET; add esp,8)

; Esp:0012ffc4

Stack condition:

0012ffb0 00000003; Local variables

0012FFB4 0012fff0; Save EBP, Push EBP

0012ffb8 00401009; Press-In return address

; Return to local.< module entry point >+9 from local.0040101f

0012FFBC 00000003; Push 3, each stack address plus 32 bits, double word

0012FFC0 00000004; Push 4

V: Description

Intel's stack is scaled down in memory. The data memory address of the advanced stack is the highest, and the data memory address of the backward stack decreases. And the data is stored by a small tail type, for example: the value of 12345678H stored in the form (assuming the word): first save 1234, then store 5678

function parameter pressure stack, stack frame ebp,esp how to move?