理解双指针

struct stu1

{

       int i;

       int j;

};

 

void func1(stu1** tmpp)

{

       *tmpp = new stu1;

}

 

void main()

{

       stu1* p = 0;

 

       func1(&p);

 

}

 

反汇编代码：

void func1(stu1** tmpp)

10:   {

00401020 55                   push        ebp

00401021 8B EC                mov         ebp,esp

00401023 83 EC 44             sub         esp,44h

00401026 53                   push        ebx

00401027 56                   push        esi

00401028 57                   push        edi

00401029 8D 7D BC             lea         edi,[ebp-44h]

0040102C B9 11 00 00 00       mov         ecx,11h

00401031 B8 CC CC CC CC       mov         eax,0CCCCCCCCh

00401036 F3 AB                rep stos    dword ptr [edi]

11:       *tmpp = new stu1;

00401038 6A 08                push        8

0040103A E8 81 00 00 00       call        operator new (004010c0)

0040103F 83 C4 04             add         esp,4

00401042 89 45 FC             mov         dword ptr [ebp-4],eax // new 返回值保存在ebp-4内存处

00401045 8B 45 08             mov         eax,dword ptr [ebp+8] //  main函数种ebp-4的值赋值给eax 即p的地址

00401048 8B 4D FC             mov         ecx,dword ptr [ebp-4] //

0040104B 89 08                mov         dword ptr [eax],ecx

12:   }

0040104D 5F                   pop         edi

0040104E 5E                   pop         esi

0040104F 5B                   pop         ebx

00401050 83 C4 44             add         esp,44h

00401053 3B EC                cmp         ebp,esp

00401055 E8 86 00 00 00       call        __chkesp (004010e0)

0040105A 8B E5                mov         esp,ebp

0040105C 5D                   pop         ebp

0040105D C3                   ret

 

void main()

15:   {

00401070 55                   push        ebp

00401071 8B EC                mov         ebp,esp

00401073 83 EC 44             sub         esp,44h

00401076 53                   push        ebx

00401077 56                   push        esi

00401078 57                   push        edi

00401079 8D 7D BC             lea         edi,[ebp-44h]

0040107C B9 11 00 00 00       mov         ecx,11h

00401081 B8 CC CC CC CC       mov         eax,0CCCCCCCCh

00401086 F3 AB                rep stos    dword ptr [edi]

16:       stu1* p = 0;

00401088 C7 45 FC 00 00 00 00 mov         dword ptr [ebp-4],0 // 指针p保存在[ebp-4]内存处，并赋指0

17:

18:       func1(&p);

0040108F 8D 45 FC             lea         eax,[ebp-4]  // ebp-4的值,也即内存地址赋值给eax

00401092 50                   push        eax

00401093 E8 72 FF FF FF       call        @ILT+5(func1) (0040100a)

00401098 83 C4 04             add         esp,4

19:

20:   }

0040109B 5F                   pop         edi

0040109C 5E                   pop         esi

0040109D 5B                   pop         ebx

0040109E 83 C4 44             add         esp,44h

004010A1 3B EC                cmp         ebp,esp

004010A3 E8 38 00 00 00       call        __chkesp (004010e0)

004010A8 8B E5                mov         esp,ebp

004010AA 5D                   pop         ebp

004010AB C3                   ret

 总结：指针，双指针其实就是c,c++等高级语言提供的一种语法，程序员通过这种语法能够编写灵活的代码，

然后通过c,c++等高级语言相对应的编译器，编译成汇编代码！就如上例中所示，

指针p 被编译成

00401088 C7 45 FC 00 00 00 00 mov         dword ptr [ebp-4],0 // 指针p保存在[ebp-4]内存处，并赋指0

在func1()函数中

00401042 89 45 FC             mov         dword ptr [ebp-4],eax // new 返回值保存在ebp-4内存处

00401045 8B 45 08             mov         eax,dword ptr [ebp+8] //  main函数中ebp-4的值（即p的地址 ）赋值给eax

00401048 8B 4D FC             mov         ecx,dword ptr [ebp-4] // new 函数返回值保存到ecx

0040104B 89 08                mov         dword ptr [eax],ecx // new函数的返回值赋值给main函数中ebp-4内存，即修改了p指针的值。