CIW-02(缓冲区溢出攻击、暴力破解密码) 网络安全认证培训.pptVIP

* * * * * * * * * -----------------------------Linux系统下的函数调用--------------------------------- gcc functioncall.c –o functioncall ./functioncall b: 0xbffff7c4 a: 0xbffff7c0 ret addr here: 0xbffff7bc stored ebp here: 0xbffff7b8 retVal: 0xbffff7b4 vi functioncall.c 注释printf语句 gcc functioncall.c -o functioncall gdb functioncall (gdb) disasse main Dump of assembler code for function main: 0main+0: push %ebp //保存栈基址 0main+1: mov %esp,%ebp //esp当前栈顶 0x0804830b main+3: sub $0x8,%esp 0x0804830e main+6: and $0xfffffff0,%esp //16字节对齐 0main+9: mov $0x0,%eax 0main+14: sub %eax,%esp //代码对齐 0main+16: sub $0x8,%esp 0x0804831b main+19: push $0x2 //压调用参数 0x0804831d main+21: push $0x1 //压调用参数－从右到左 0x0804831f main+23: call 0x80482f4 func //调用函数 0main+28: add $0x10,%esp //恢复栈顶指针 0main+31: mov %eax,0xfffffffc(%ebp) 0x0804832a main+34: mov $0x0,%eax //返回值 0x0804832f main+39: leave 0main+40: ret //返回 (gdb) disasse func Dump of assembler code for function func: 0x080482f4 func+0: push %ebp //保存栈基址 0x080482f5 func+1: mov %esp,%ebp //栈顶指针 0x080482f7 func+3: sub $0x4,%esp //retVal返回值 0x080482fa func+6: mov 0xc(%ebp),%eax //参数取到eax 0x080482fd func+9: add 0x8(%ebp),%eax //执行加法 0func+12: mov %eax,0xfffffffc(%ebp) //结果放入返回值retVal地址处 0func+15: mov 0xfffffffc(%ebp),%eax //func函数返回结果在eax中 0func+18: leave 0func+19: ret //返回 -----------------------------------------------Win32系统下的函数调用------------------------------------------------- E:\bof_codes\win32\backgroundcl functioncall.c Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86 Copyright (C) Microsoft Corp 1984-1998. All rights reserved. functioncall.c Microsoft (R) Incremental Linker Version 6.00.8168 Copyright (C) Microsoft Corp 1992-1998. All rights