Stack and Invoke conventions

Let's introduce the memory layout of the program.

Modern applications are running in a memory space, in a 32-bit system, the memory size is 4GB (2 of 32), the entire memory is a unified address space, the user can use a 32-bit pointer to access memory anywhere.

In fact, most operating systems use a portion of the 4GB memory space to be used by the kernel, which is called kernel space and cannot be accessed directly by the application. By default, Windows allocates 2GB of space to the kernel (configurable as 1GB), and Linux assigns high-address 1GB space to the kernel by default. The rest of the space is called the user address space.

There is also a reserved area and a dynamic link library mapping area in the user address space

Stack

Stack is a container FIFO grows downward

The stack holds the maintenance information required for a function call in a program run, called a stack frame or activity record, and typically includes the following:

The parameter and return value of the function;

A saved context, including a register that needs to remain unchanged before and after a function call

Temporary variable.

Record of an activity class with EBP and ESP two registers maintained

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7F/7C/wKiom1cgUSjQkkSXAACE0Vkizb8209.png "title=" stack activity record. PNG "alt=" Wkiom1cgusjqkksxaace0vkizb8209.png "/>

When pressing a parameter, all or part of it is pressed into the stack, and the parameters that are not pressed into the stack are passed with certain registers.

The stack will be initialized to 0XCCCCCCCCh, so we define an uninitialized variable on the stack when debugging will see "Hot hot ...", 0XCCCC if the text is the word.

int foo () {return 123;}

The return value of the function above will be placed in the Exa register and the caller can fetch the return value by reading the Exa register.

Invoke conventions

There is such a function

int foo (int m,int n) {int a=0,b=0; ...}    int main () {foo (3,4); }

The caller and callee of the function must have a definite convention on how the function is called, and such a convention becomes the calling convention.

The general calling convention will specify the following:

The order and manner in which the parameters are passed: There are many ways to pass the parameters, the most common being passed through the stack, the caller of the function presses the arguments into the stack, and the function itself takes the parameters out of the stack. For functions with multiple parameters, the calling convention specifies whether the stack order of parameters is left or right, and some conventions allow the use of register values to improve performance.

Stack maintenance: After the parameter is pressed, the function is called, then the parameters in the stack must be ejected so that the stack is consistent before and after the function call .

Name-decorating strategy: to distinguish call management when linking, call management to decorate the name of the function itself. Different conventions have different grooming strategies.

In the C language. There are multiple invocation conventions, but the default is Cdecl

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7F/7C/wKiom1cgUQ_jz5nJAAH-xtu_TFU437.png "title=" multiple invocation conventions . PNG "alt=" Wkiom1cguq_jz5njaah-xtu_tfu437.png "/>

function return value Pass

Exa is the channel that passes the return value, and the function stores the return value in Exa, returning the caller of the function to read the Exa, but the Exa itself is only 4 bytes, and for the object that returns 5-8 bytes, the low 4 bytes are stored in Exa, the 4 bytes are stored in edx, and the Union is returned.

How is an object larger than 8 bytes stored?

typedef struct big_thing{char buf[128];}    Bigthing;big_thing return_test () {big_thing B;    b.buf[0]=0; return b;} int main () {big_thing n=return_test ();}

The pseudo code is represented as follows:

void return _test (void *tmp) {big_thing B;    b.buf[0]=0;    memcpy (temp,&b,sizeof (big_thing)); Exa=temp;}    int main () {big_thing temp;    big_thing N;    Return_test (&temp); memcpy (&n,exa,sizeof (big_thing));}

It can be seen that if the size of the return value type is too large, the C Word function returns using a temporary memory area on the stack as a relay, the result returned value object will be copied two times, and from the called function's stack of the variable b copy to temp, and then from temp to n

—————————————————— from the self-cultivation of programmers

This article is from the "Zero Egg" blog, please be sure to keep this source http://lingdandan.blog.51cto.com/10697032/1768271

Stack and Invoke conventions