※ Method of calling function
EBP: The extended base point pointer Register (extended base pointer) contains a pointer to the bottom of the top stack frame of the system stack. ESP: (Extended stack pointer) is a pointer register that is used to point to the stack top of the stack.
_cdecl:c/c++ default call method, caller balance stack, indeterminate parameter function can be tried.
Calling party:
1, parameter pressure stack. Esp-=4
2, call the function.
3, realize the stack balance. Esp+=4
The same is true for printf here.
0X004010CB, 0x004010cc Two pressure parameters, a total of 8 bytes
0x004010d6 balances esp. Esp+=8
_stdcall: The balanced stack of the regulator, the function of the indefinite parameter can not be used.
Calling party:
1, parameter pressure stack. Esp-=4
2, call the function.
Callee: 0x00401099 ret 4, balance stack, esp+=4
_fastcall: The Register method is used to transmit parameters, the balance stack is adjusted, and the function of indefinite parameter is unusable. Only 2 registers are used Ecx,edx, which goes beyond the partial to stack pass.
Calling party:
1, the first to second parameter uses the Register
2, out of the partial press into the stack.
Callee: 0x0040114d ret 8, balance stack, esp+=8
printf in the same vein:
0x00401123, 0x00401127, 0x0040112b, 0x0040112f, 0x00401130 altogether 5 times the stack Total (0x14) bytes.
0X0040113A Balance Stack esp+=0x14
When executing to 0x00401130, the incoming 4 parameters 1,2,3,4 are stored in ebp-4, Ebp-8, Ebp+8, ebp+0xc respectively, so what is the EBP and ebp+4?
By 0x00401101 you can see that the EBP at this time is the bottom of the stack, pointing to the value of the previous EBP that 0x00401100 saved earlier.
Ebp+4 saves the next instruction address of 0x0040137b call and automatically presses the next instruction address into the stack when called.
A rough picture of a function stack frame
"The Secret of Anti-compilation and reverse analysis technology in C + +" Learning note how to call the 03--function
