-
-
[学习]邪恶的 ENTER 指令
-
发表于:
2008-7-22 10:37
6318
-
; PSEUDO-CODE OF ENTER INSTRUCTION
;
; ENTER STORAGE, LEVEL
;
; PUSH EBP
; FRAME_PTR = ESP
; IF ( LEVEL > 0 )
; {
; DO ( LEVEL - 1 ) TIMES
; {
; SUB EBP, 4
; PUSH DWORD PTR [EBP]
; }
; PUSH FRAME_PTR
; }
; EBP = FRAME_PTR
; SUB ESP, STORAGE
;
; LEVEL == 0 -- Non-nested stack frame
;
; PUSH EBP
; MOV EBP, ESP
; SUB ESP, STORAGE
;
; EBP-STORAGE -> Dynamic storage
; [EBP] = Previous EBP
; EBP+4 -> Previous stack
; [EBP+4] = Return address
; [EBP+8] = Arg0
; [EBP+C] = Arg1
; ...
;
; LEVEL == 1..31 -- Nested stack frame
;
; EBP-(LEVEL-1)*4-4-STORAGE
; -> Dynamic storage
; [EBP-(LEVEL-1)*4-4]
; = FRAME_PTR (EBP)
; ...
; [EBP-8] = Previous [EBP-8]
; [EBP-4] = Previous [EBP-4]
; [EBP] = Previous EBP
; [EBP+4] = Return address
; [EBP+8] = Arg0
; [EBP+C] = Arg1
; ...
;
; A variable can passthrough from lower nesting level to higher nesting level as COPY
;
.386
.model flat, stdcall
.code
start: call nesting_1 ; demo for a single variable passthrough
; grab more variable is ok if you give a higher level
retn
; level 1
nesting_1: enter 4, 1 ; allocate a variable X can passthrough the whole call-chain
mov dword ptr [ebp-4], 78787878h ; markup it
call nesting_2
leave
retn
; level 2
nesting_2: enter 0, 2
add dword ptr [ebp-4], 10101010h ; we got copy of X and increase it to 88888888h
call nesting_3
leave
retn
; level 3
nesting_3: enter 4, 3
add dword ptr [ebp-4], 22222222h ; -> AAAAAAAAh
int 3 ; have a look: `dd [ebp-4]`
leave
retn
end start
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
