[iOS reverse combat three] the basic type (int) parameter of the function is passed

Personal Original, reprint please indicate source:Cnblogs.com/jailbreaker

In this [one of the iOS reverse combat], the arguments passed by the function call are implemented by R0-R3, which we will verify. Let's look at a function code with 4 parameters:

The main method simply calls the compute method and first looks at the assembly code of Main:

It is obvious that the parameter value 1,2,3,4 is passed to R0-r3, and then through the B call function compute, and then the Compute assembly code:

The last line is returned to the caller's next line, the previous post has been learned, the front face 3 generation comments are as follows:

Add R0, r1 //r0 = r0+r1

Add r0,r2 //r0 = r0+r2

Subs R0,r0,r3 //r0 = R0-r3

Compare the assembly code and the source code, you can understand the function of R0-R3, here the called function is 4 parameters, exactly corresponds to R0-R3 4 registers, if the parameters are multiple, and how to modify the source code as follows:

Or look at the main assembly code:

The current assembly of the Main method and the previous version of the difference is still relatively large, row number 36-38, here can be seen to create a new stack frame, and the size is 12 bytes, in fact, the function is the last 3 parameters need to save the position, the number of lines 50-51, do is to create space for 36-38 cleanup work.

Number of rows 39-41, the argument 5,7,6 to R2,r0 and R1, where the order actually does not matter, because the 3 register as a temporary save, the function of the 42,43,45 line will be saved to the [sp+0],[sp+4],[sp+8] memory location, respectively, The remaining MOV code can be understood, then call compute, and then look at the compute internal assembly code:

Focus on the 20, 22, 24 rows of LDR instructions, Ldr lr,[r7, #8] meaning is to save the value of the R7+8 address in the LR, why this is +8, not +0, because in 16 rows, successively push the LR and R7 (27 rows of pop out), exactly 8 bytes, so r7+ 8 is the parameter of the front stack frame allocation.

[iOS reverse combat three] the basic type (int) parameter of the function is passed