Win32程序函数调用时堆栈变化情况分析(国外英文资料).docVIP

Win32程序函数调用时堆栈变化情况分析(国外英文资料) The Win32 program function calls the stack changes condition analysis In the classic assembly language tutorial, the use of the stack for function calls is a matter of emphasis. With the increasing sophistication of high-level languages, there is not much that can be done using assembly. But the understanding of the function call stack when the trend is still help us clear execution process, thus in the process of programming and debugging with a clear train of thought. One. Call convention In Win32, there are two main conventions for the invocation of functions. 1. _stdcall Functions invoked by the __stdcall method have the following characteristics: The # 8226; The parameters are pressed from right to left The # 8226; When the call returns, the stack is adjusted by the tuning function 2. The __cdecl The __cdecl convention is the default invocation convention for C/C + + functions. It has the following characteristics: The # 8226; The parameters are pressed from right to left The # 8226; When the call returns, the stack is adjusted by the caller Two. Win32 function call process Pressure parameter This is where the parameters given by the caller are pressed into the stack by the method above. Push the break point When the program executes the Call instruction, the address of the current statement is pressed into the stack as the breakpoint address. jump The value of the eip is reset to the starting address of the callback function. Mov ebp, esp This is where the ebp is used to look for parameters that are pressed by the caller in the stack, as well as a backup of the caller stack pointer. It should have been done before: Push ebp Save the original value of the ebp. Sub esp, N Here N is the total number of bytes of local variables in the function plus an integer, usually 40. The esp is then the stack pointer to the tuned function. Initialize the N byte space between esp ~ esp-n This is the initialization of the memory space allocated