#include"stdio.h"
int function(int a,int b)
{
int c=a+b;
return c;
}
void main()
{
function(1,2);
getchar();
}
--- c:\users\wangchao\desktop\test\test\main.cpp -------------------------------
#include "stdio.h"
int function(int a,int b)
{
00C213A0 push ebp
00C213A1 mov ebp,esp
;注意:下面ebp并无改变
00C213A3 sub esp,0CCh ;空出一片栈空间用来存储局部变量,本函数内部使用
00C213A9 push ebx ;esp-4
00C213AA push esi ;esp-4
00C213AB push edi ;esp-4
;写es断点调试,因为临时变量区没有代码,大小为0cch
00C213AC lea edi,[ebp-0CCh]
00C213B2 mov ecx,33h
00C213B7 mov eax,0CCCCCCCCh
00C213BC rep stos dword ptr es:[edi] ;es段edi位置正好是本函数使用开始使用的栈起始地址。
;int c= a+b;
00C213BE mov eax,dword ptr [a] ;mov eax,[ebp+8] 参数1即a 为什么加8,因为前面压入了8字节分别为main做的压入EIP和前面的Push ebp
00C213C1 add eax,dword ptr [b] ;add eax,[ebp+0ch] 参数2即b ebp里的值始终是esp原值
00C213C4 mov dword ptr [c],eax
;return c;
00C213C7 mov eax,dword ptr [c] ;eax始终用来存放返回值
}
00C213CA pop edi
00C213CB pop esi
00C213CC pop ebx
00C213CD mov esp,ebp
00C213CF pop ebp
00C213D0 ret
--- c:\users\wangchao\desktop\test\test\main.cpp -------------------------------
void main()
{
00C213E0 push ebp
00C213E1 mov ebp,esp
00C213E3 sub esp,0C0h
00C213E9 push ebx
00C213EA push esi
00C213EB push edi
00C213EC lea edi,[ebp-0C0h]
00C213F2 mov ecx,30h
00C213F7 mov eax,0CCCCCCCCh
00C213FC rep stos dword ptr es:[edi]
;function(1,2);
00C213FE push 2
00C21400 push 1
00C21402 call function (0C210E6h)
00C21407 add esp,8
;getchar();
00C2140A mov esi,esp
00C2140C call dword ptr [__imp__getchar (0C282B4h)]
00C21412 cmp esi,esp
00C21414 call @ILT+315(__RTC_CheckEsp) (0C21140h)
}
00C21419 xor eax,eax
00C2141B pop edi
00C2141C pop esi
00C2141D pop ebx
00C2141E add esp,0C0h
00C21424 cmp ebp,esp
00C21426 call @ILT+315(__RTC_CheckEsp) (0C21140h)
00C2142B mov esp,ebp
00C2142D pop ebp
00C2142E ret