栈,ebp和esp寄存器的简单探索

#include<iostream>using namespace std;void ff(){cout << "f executing "<< endl;int  a =0,b = 0,c = 0,d = 0,e =0;/* *cpu 的读值顺序,是从低地址到高地址,这里不要以big-endian或者 *little-endian的方式去理解哈,是一小段低地址读取"完"后,又从高地址读 *取一小段值.如,变量int a 在 低地址,int b在高地址, *int *p指定a地址处,read (int)p,就读的是a的值, *read (int)(p+4)就读的是b的值 * * */__asm{mov a,ebp;mov b,esp;mov eax,[ebp+4];//调用者的"call ff"后的EIP,指令地址mov c,eax;jmp c;//跳转到该指令地址mov eax,[ebp-8];mov d,eax;mov eax,[ebp];//用被调用者(即ff函数)的[ebp]地址处的值,得到调用者的ebp的值mov e,eax;}cout << "in f ebp := " << a << endl;cout << "in f esp := " << b << endl;cout << "in f ebp+4 := " << c << endl;cout << "in f ebp-8 := " << d << endl;cout << "in f [ebp] := " << e << endl;}int main(){int a = 0,b=0,c=0,d=0,e=0,f=0;int g =0,h=0,i=0;int addr = 0;__asm{mov g,ebp;mov  a,esppush 123;push 456;push 789;push 999;push 888;call ff;mov h,ebp;mov b,esp;pop c;mov d,esp;pop e;mov f,esp;mov i,ebp;mov eax,[ebp];mov addr,eax;}cout << "esp first := " << a << endl;cout << "esp second after push order := " << b << endl;cout << "after pop order, c := " << c << endl;cout << "esp third after pop order := " << d << endl;cout << "after pop order,e := " << e << endl;cout << "esp fourth after pop order := " << f << endl;cout << "ebp first := " << g << endl;cout << "ebp second after push order := " << h << endl;cout << "ebp third after two pop order := " << i << endl;cout << "main address := " << (int)main << endl;cout << "ebp pointer address content := " << addr << endl;cout << "ff address := " << int(ff) << endl; //被调用者的指令地址cout << "我已经执行过了!" << endl;return 0;}

f executingesp first := 14881597esp second after push order := 3274656after pop order, c := 0esp third after pop order := 14883616after pop order,e := 14881788esp fourth after pop order := 3274676ebp first := 15043440ebp second after push order := 15043440ebp third after two pop order := 14887950main address := 14881488ebp pointer address content := 3274652ff address := 14881168我已经执行过了!esp first := 3274704esp second after push order := 3274684after pop order, c := 888esp third after pop order := 3274688after pop order,e := 999esp fourth after pop order := 3274692ebp first := 3274744ebp second after push order := 3274744ebp third after two pop order := 3274744main address := 14881488ebp pointer address content := 3274816ff address := 14881168我已经执行过了!

#include<iostream>using namespace std;void ff(){cout << "f executing "<< endl;int  a =0,b = 0,c = 0,d = 0,e =0;/* *cpu 的读值顺序,是从低地址到高地址,不是big-endian或者 *little-endian的方式哈,是一小段低地址读取"完"后,又从高地址读 *取一小段值.如,变量int a 在 低地址,int b在高地址, *int *p指定a地址处,read (int)p,就读的是a的值, *read (int)(p+4)就读的是b的值 * * */__asm{mov a,ebp;mov b,esp;mov eax,[ebp+4];//调用者的代码中"call ff"后 EIP,指令地址mov c,eax;//jmp c;//跳转到该指令地址执行,不在执行下面的内容//call c;  //同样也不再执行下面的内容mov eax,[ebp-8];mov d,eax;mov eax,[ebp];//用被调用者(即ff函数)的[ebp]地址处的值,得到调用者的ebp的值mov e,eax;}cout << "in f ebp := " << a << endl;cout << "in f esp := " << b << endl;cout << "in f ebp+4 := " << c << endl;cout << "in f ebp-8 := " << d << endl;cout << "in f [ebp] := " << e << endl;}int main(){int a = 0,b=0,c=0,d=0,e=0,f=0;int g =0,h=0,i=0;int addr = 0;__asm{mov g,ebp;mov  a,esppush 123;push 456;push 789;push 999;push 888;call ff;mov h,ebp;mov b,esp;pop c;mov d,esp;pop e;mov f,esp;mov i,ebp;mov eax,[ebp];mov addr,eax;}cout << "esp first := " << a << endl;cout << "esp second after push order := " << b << endl;cout << "after pop order, c := " << c << endl;cout << "esp third after pop order := " << d << endl;cout << "after pop order,e := " << e << endl;cout << "esp fourth after pop order := " << f << endl;cout << "ebp first := " << g << endl;cout << "ebp second after push order := " << h << endl;cout << "ebp third after two pop order := " << i << endl;cout << "main address := " << (int)main << endl;cout << "ebp pointer address content := " << addr << endl;cout << "ff address := " << int(ff) << endl; //被调用者的指令地址cout << "我已经执行过了!" << endl;return 0;}

f executingin f ebp := 3537220in f esp := 3537200in f ebp+4 := 660269in f ebp-8 := 3537200in f [ebp] := 3537288esp first := 3537248esp second after push order := 3537228after pop order, c := 888esp third after pop order := 3537232after pop order,e := 999esp fourth after pop order := 3537236ebp first := 3537288ebp second after push order := 3537288ebp third after two pop order := 3537288main address := 660160ebp pointer address content := 3537360ff address := 659856我已经执行过了!