c语言函数调用详细过程.doc

作者: Badcoffee Email: blog.oliver@ 2004年10月 原文出处: /yayong 这是作者在学习X86汇编过程中的学习笔记，难免有错误和疏漏之处，欢迎指正。 1. 编译环境 ?? OS: Axianux 1.0?? Compiler: gcc 3..2.3 ?? Linker: Solaris Link Editors 5.x?? Debug Tool: gdb?? Editor: vi!--[if !supportLineBreakNewLine]--!--[endif]-- 2. 最简C代码分析!--[if !supportLineBreakNewLine]--!--[endif]-- 为简化问题，来分析一下最简的c代码生成的汇编代码：??? # vi test1.c? ??? int main()??? {?? ?? ? return 0;??? }?? ???? 编译该程序，产生二进制文件：??? # gcc -o start start.c # file start??? ? start: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), not stripped???? start是一个ELF格式32位小端(Little Endian)的可执行文件，动态链接并且符号表没有去除。这正是Unix/Linux平台典型的可执行文件格式。 ???? 用gdb反汇编可以观察生成的汇编代码： [wqf@15h166 attack]$ gdb start GNU gdb Asianux (6.0post-017.1AX) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB.?Type show warranty for details.r This GDB was configured as i386-asianux-linux-gnu...(no debugging symbols found)...Using host libthread_db library /lib/tls/libthread_db.so.1. (gdb) disassemble main牋牋牋牋?--- 反汇编main函数 Dump of assembler code for function main: 0main+0:??? push?? %ebp?? ---ebp寄存器内容压栈，即保存main函数的上级调用函数的栈基地址 0main+1:??? mov??? %esp,%ebp ?--- esp值赋给ebp，设置main函数的栈基址 0main+3:??? sub??? $0x8,%esp? ---通过ESP-8来分配8字节堆栈空间 0main+6:??? and??? $0xfffffff0,%esp ---使栈地址16字节对齐 0main+9:??? mov??? $0x0,%eax? ---? 无意义 0x0804831e main+14:?? sub??? %eax,%esp? ---? 无意义 0main+16:?? mov??? $0x0,%eax? ?--- 设置函数返回值0 0main+21:?? leave???? ---将ebp值赋给esp，pop先前栈内的上级函数栈的基地址给ebp，恢复原栈基址.!--[if !supportLineBreakNewLine]--!--[endif]-- 0main+22:?? ret?? --- main函数返回，回到上级调用. 0main+23:?? nop End of assembler dump. 注：这里得到的汇编语言语法格式