英文:
Stack pointer add on loop
问题
00401036 mov [ebp+var_4], 0
0040103D mov [ebp+var_8], 0
00401044 loc_401044:
00401044 cmp [ebp+var_4], 0
00401048 jnz short loc_401063
0040104A call performAction
0040104F mov [ebp+var_8], eax
00401052 mov eax, [ebp+var_8]
00401055 push eax
00401056 call checkResult
0040105B add esp, 4
0040105E mov [ebp+var_4], eax
00401061 jmp short loc_401044
根据我的理解,esp是堆栈指针,所以为什么要在堆栈上添加4呢?如果这是一个递归调用,那么添加4到堆栈会有意义,但这只是一个循环。
英文:
Learning some reverse engineering and I came across some examples of loops in x86 assembly
00401036 mov [ebp+var_4], 0
0040103D mov [ebp+var_8], 0
00401044 loc_401044:
00401044 cmp [ebp+var_4], 0
00401048 jnz short loc_401063
0040104A call performAction
0040104F mov [ebp+var_8], eax
00401052 mov eax, [ebp+var_8]
00401055 push eax
00401056 call checkResult
0040105B add esp, 4
0040105E mov [ebp+var_4], eax
00401061 jmp short loc_401044
From my understanding, esp is the stack pointer so:
Why is 4 being added to the stack? It would make sense if this was a recursive call but it’s just a loop
答案1
得分: 3
这很可能使用了C调用约定,即"调用者清理"。这种约定允许可变参数函数,比如printf,其中被调用者不知道栈上有多少参数。
你应该看的整段代码是:
00401055 push eax // 用于checkResult的参数
00401056 call checkResult
0040105B add esp, 4 // 清理参数
add也可以用pop eax来替代,但代码对值不感兴趣,所以只是移动了栈指针。
英文:
This is likely using C calling convention, which is "caller cleans up". This convention allows for variable-argument functions like printf where the callee does not know how many arguments are on the stack.
The whole bit you should look at is:
00401055 push eax // argument for checkResult
00401056 call checkResult
0040105B add esp, 4 // clean up the argument
the add could have been a pop eax, except the code is not interested in the value, so it just moves the stack pointer.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论