.: Study Of MS C++ Function Calls And Stack Analysis :.
By Nicholas Hall
int test(int a, int b, int c)
{
return a;
}
int main(int argc, char* argv[])
{
int a, int b,int c;
a = 1;
b = 2;
c = 4;
test(a,b,c);
return 0;
}
00401005 $ E9 46000000 JMP DebugThi.main
0040100A $ E9 11000000 JMP DebugThi.test
0040100F CC INT3
00401010 CC INT3
00401011 CC INT3
00401012 CC INT3
00401013 CC INT3
00401014 CC INT3
00401015 CC INT3
00401016 CC INT3
00401017 CC INT3
00401018 CC INT3
00401019 CC INT3
0040101A CC INT3
0040101B CC INT3
0040101C CC INT3
0040101D CC INT3
0040101E CC INT3
0040101F CC INT3
00401020 >/> 55 PUSH EBP
00401021 |. 8BEC MOV EBP,ESP
00401023 |. 83EC 40 SUB ESP,40
00401026 |. 53 PUSH EBX
00401027 |. 56 PUSH ESI
00401028 |. 57 PUSH EDI
00401029 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
0040102C |. B9 10000000 MOV ECX,10
00401031 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401036 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401038 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040103B |. 5F POP EDI
0040103C |. 5E POP ESI
0040103D |. 5B POP EBX
0040103E |. 8BE5 MOV ESP,EBP
00401040 |. 5D POP EBP
00401041 \. C3 RETN
00401042 CC INT3
00401043 CC INT3
00401044 CC INT3
00401045 CC INT3
00401046 CC INT3
00401047 CC INT3
00401048 CC INT3
00401049 CC INT3
0040104A CC INT3
0040104B CC INT3
0040104C CC INT3
0040104D CC INT3
0040104E CC INT3
0040104F CC INT3
00401050 >/> 55 PUSH EBP
00401051 |. 8BEC MOV EBP,ESP
00401053 |. 83EC 4C SUB ESP,4C
00401056 |. 53 PUSH EBX
00401057 |. 56 PUSH ESI
00401058 |. 57 PUSH EDI
00401059 |. 8D7D B4 LEA EDI,DWORD PTR SS:[EBP-4C]
0040105C |. B9 13000000 MOV ECX,13
00401061 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401066 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401068 |. C745 FC 010000>MOV DWORD PTR SS:[EBP-4],1
0040106F |. C745 F8 020000>MOV DWORD PTR SS:[EBP-8],2
00401076 |. C745 F4 030000>MOV DWORD PTR SS:[EBP-C],4
0040107D |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00401080 |. 50 PUSH EAX
00401081 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00401084 |. 51 PUSH ECX
00401085 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00401088 |. 52 PUSH EDX
00401089 E8 7CFFFFFF CALL DebugThi.0040100A
0040108E |. 83C4 0C ADD ESP,0C
00401091 |. 33C0 XOR EAX,EAX
00401093 |. 5F POP EDI
00401094 |. 5E POP ESI
00401095 |. 5B POP EBX
00401096 |. 83C4 4C ADD ESP,4C
00401099 |. 3BEC CMP EBP,ESP
0040109B |. E8 20000000 CALL DebugThi.__chkesp
004010A0 |. 8BE5 MOV ESP,EBP
004010A2 |. 5D POP EBP
004010A3 \. C3 RETN
---------------------------------------------------------------------------
int test(int a, int b, int c)
{
return c;
}
00401020 >/> 55 PUSH EBP
00401021 |. 8BEC MOV EBP,ESP
00401023 |. 83EC 40 SUB ESP,40
00401026 |. 53 PUSH EBX
00401027 |. 56 PUSH ESI
00401028 |. 57 PUSH EDI
00401029 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
0040102C |. B9 10000000 MOV ECX,10
00401031 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401036 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401038 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0040103B |. 5F POP EDI
0040103C |. 5E POP ESI
0040103D |. 5B POP EBX
0040103E |. 8BE5 MOV ESP,EBP
00401040 |. 5D POP EBP
00401041 \. C3 RETN
---------------------------------------------------------------------------
int test(int a, int b, int c)
{
c = a + b;
return c;
}
00401020 >/> 55 PUSH EBP
00401021 |. 8BEC MOV EBP,ESP
00401023 |. 83EC 40 SUB ESP,40
00401026 |. 53 PUSH EBX
00401027 |. 56 PUSH ESI
00401028 |. 57 PUSH EDI
00401029 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
0040102C |. B9 10000000 MOV ECX,10
00401031 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401036 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401038 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040103B |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]
0040103E |. 8945 10 MOV DWORD PTR SS:[EBP+10],EAX
00401041 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
00401044 |. 5F POP EDI
00401045 |. 5E POP ESI
00401046 |. 5B POP EBX
00401047 |. 8BE5 MOV ESP,EBP
00401049 |. 5D POP EBP
0040104A \. C3 RETN
---------------------------------------------------------------------------
int test(int a, int b, int c)
{
c = a + b;
return c;
}
int main(int argc, char* argv[])
{
int a, int b,int c;
a = 1;
b = 2;
c = 4;
test(a,b,c);
int d; <---- Only These Lines Where Added
d = c; <---------------^
return 0;
}
12: int main(int argc, char* argv[])
13: {
00401050 55 push ebp
00401051 8B EC mov ebp,esp
00401053 83 EC 50 sub esp,50h
00401056 53 push ebx
00401057 56 push esi
00401058 57 push edi
00401059 8D 7D B0 lea edi,[ebp-50h]
0040105C B9 14 00 00 00 mov ecx,14h
00401061 B8 CC CC CC CC mov eax,0CCCCCCCCh
00401066 F3 AB rep stos dword ptr [edi]
14: int a, int b,int c;
15: a = 1;
00401068 C7 45 FC 01 00 00 00 mov dword ptr [ebp-4],1
16: b = 2;
0040106F C7 45 F8 02 00 00 00 mov dword ptr [ebp-8],2
17: c = 4;
00401076 C7 45 F4 04 00 00 00 mov dword ptr [ebp-0Ch],4
18: test(a,b,c);
0040107D 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
00401080 50 push eax
00401081 8B 4D F8 mov ecx,dword ptr [ebp-8]
00401084 51 push ecx
00401085 8B 55 FC mov edx,dword ptr [ebp-4]
00401088 52 push edx
00401089 E8 7C FF FF FF call @ILT+5(test) (0040100a)
0040108E 83 C4 0C add esp,0Ch
19: int d;
20: d = c;
00401091 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
00401094 89 45 F0 mov dword ptr [ebp-10h],eax
21: return 0;
00401097 33 C0 xor eax,eax
22: }
00401099 5F pop edi
0040109A 5E pop esi
0040109B 5B pop ebx
0040109C 83 C4 50 add esp,50h
0040109F 3B EC cmp ebp,esp
004010A1 E8 1A 00 00 00 call __chkesp (004010c0)
004010A6 8B E5 mov esp,ebp
004010A8 5D pop ebp
004010A9 C3 ret
|
|
.: Links :.
Forums
Desert Computer Agents
|
