在pop ebp(返回)代码指令之前的末尾,ret在IA-32和x86-64机器中意味着什么?所以我确实有新旧ebp,并且通过调用函数将新的ebp推入堆栈。那么这个ebp是pop'ed? pop指令如何更改ebp的值?
答案 0 :(得分:2)
PUSH EAX
基本上意味着:
SUB ESP,4
MOV [ESP],EAX
并且
POP EAX
意思是:
MOV EAX,[ESP]
ADD ESP,4
当你谈论新旧EBP时,我猜你指的是功能序言和结语?
PUSH EBP ; Store caller's EBP on the stack
MOV EBP,ESP ; Set EBP to the current stack pointer
; Here we can do things like:
MOV EAX,[EBP+8]
PUSH EAX
MOV EBX,[EBP+12]
POP EAX
; ..to access the stack. Since we've got a fixed reference point for
; the stack in EBP we don't have to worry about the stack pointer
; changing.
; For example, we could do this instead to access the same stack
; elements as above:
MOV EAX,[ESP+8]
PUSH EAX
MOV EBX,[ESP+16]
POP EAX
; But notice that we had to change the second offset since the push
; instruction changed the stack pointer. It's obviously easier to deal
; with a base address that doesn't change every time we execute
; certain instructions.
MOV ESP,EBP ; Restore the stack pointer
POP EBP ; Restore the caller's EBP before returning