Learn disassembly through VC-function Call _ assembly

1 parameter passing (default calling convention)

Use VC6.0 to create a new empty console application, create a new source file Main.c, write the following code, pay attention to debug compile, do not use release, lest the code by VC optimization, disassembly does not correspond.

int addint (int a, int b)
{
 int c = a+b;
 return c;
}

int main ()
{
 int x = AddInt (1, 3); 
 return 0;
}

In the main function into the braces down, press F5 run, the program is broken, then press the combination of "alt+8", you can open the Disassembly window, each C statement the following lines are the corresponding assembly code.

7:    int main ()
8:    {
00401060   push        ebp
00401061   mov         ebp,esp
00401063   Sub         esp,44h
00401066   push        ebx
00401067   push        esi
00401068   Push        EDI
00401069   Lea         edi,[ebp-44h]
0040106C   mov         ecx,11h
00401071   mov         eax,0cccccccch
00401076   Rep stos    dword ptr [edi]
9:        int x = AddInt (1, 3);
00401078   push        3
0040107A   push        1
0040107C   call        @ILT +0 (addint) (00401005)
00401081   Add         esp,8
00401084   mov         dword ptr [Ebp-4],eax
: Return       0;
00401087   xor         eax,eax
:
00401089   pop         edi
0040108A   pop         ESI
0040108B   pop         ebx
0040108C   add         esp,44h
0040108F   cmp         ebp,esp
00401091   Call        __chkesp (004010b0)
00401096   mov         esp,ebp
00401098   pop         EBP
00401099   ret

Other content for the time being not considered, we see 0040107C this sentence call @ILT +0 (addint) (00401005), it is called addint this function. There are two key statements before the call:

00401078   push        3
0040107A   push        1

As you can see, when the default function call is used, the arguments are passed through the stack and are pushed from right to left in the stack.
After the call:

00401081   Add         esp,8

This is to balance the stack, because the argument just entered the stack is two integer number, the top of the stack moved 8 bytes, so here ESP plus 8, keep the stack balance. 2 preservation of the return value

In the program in the previous section, place the breakpoint at the AddInt function:
F5 run off, press "Alt+f8" to open the Disassembly window

1:    int addint (int a,int b)
2:    {
00401020   push        ebp
00401021   mov         ebp,esp
00401023   Sub         esp,44h
00401026   push        ebx
00401027   push        esi
00401028   push        EDI
00401029   Lea         edi,[ebp-44h]
0040102C   mov         ecx,11h
00401031   mov         eax,0cccccccch
00401036   Rep stos    dword ptr [edi]
3:        int c = a+b;
00401038   mov         eax,dword ptr [ebp+8]
0040103B   add         eax,dword ptr [ebp+0ch]
0040103E   mov         dword ptr [Ebp-4],eax
4: Return        C;
00401041   mov         eax,dword ptr [ebp-4]
5:    }
00401044   pop         edi
00401045   Pop         esi
00401046   pop         ebx
00401047   mov         esp,ebp
00401049   pop         EBP
0040104A   ret

Let's look at the assembly code at the end of the function return:

4: Return        C;
00401041   mov         eax,dword ptr [ebp-4]

This is to save the result of the a+b in the address of [ebp-4] to the register EAX. So, we can know that the return value of the function is saved in eax, and basically this is how the function passes the return value.