함수 호출과 스택 되돌리기
Posted 2007. 6. 13. 15:19, Filed under: Study/Computer Science// main 함수 내에서 printf 와 scanf 호출
00401006 |. 68 48804000 PUSH Strcmp.00408048 ; ASCII "first string: "
0040100B |. E8 D7000000 CALL Strcmp.004010E7
00401010 |. 83C4 04 ADD ESP,4
00401013 |. 8D4424 00 LEA EAX,DWORD PTR SS:[ESP]
00401017 |. 50 PUSH EAX
00401018 |. 68 44804000 PUSH Strcmp.00408044 ; ASCII "%s"
0040101D |. E8 AE000000 CALL Strcmp.004010D0
00401022 |. 83C4 08 ADD ESP,8
00401025 |. 68 34804000 PUSH Strcmp.00408034 ; ASCII "second string: "
0040102A |. E8 B8000000 CALL Strcmp.004010E7
0040102F |. 83C4 04 ADD ESP,4
00401006 |. 68 48804000 PUSH Strcmp.00408048 ; ASCII "first string: "
0040100B |. E8 D7000000 CALL Strcmp.004010E7
00401010 |. 83C4 04 ADD ESP,4
00401013 |. 8D4424 00 LEA EAX,DWORD PTR SS:[ESP]
00401017 |. 50 PUSH EAX
00401018 |. 68 44804000 PUSH Strcmp.00408044 ; ASCII "%s"
0040101D |. E8 AE000000 CALL Strcmp.004010D0
00401022 |. 83C4 08 ADD ESP,8
00401025 |. 68 34804000 PUSH Strcmp.00408034 ; ASCII "second string: "
0040102A |. E8 B8000000 CALL Strcmp.004010E7
0040102F |. 83C4 04 ADD ESP,4
C 스타일의 함수( __ cdecl ) 호출 시 스택은 호출한 쪽에서 되돌려주며 이를 위해 ESP 레지스터에 ADD 연산을 수행한다.
// CopyFile API
77E5E4C1 > 55 PUSH EBP
77E5E4C2 8BEC MOV EBP, ESP
77E5E4C4 51 PUSH ECX
77E5E4C5 51 PUSH ECX
77E5E4C6 56 PUSH ESI
77E5E4C7 FF75 08 PUSH DWORD PTR SS:[EBP+8]
77E5E4CA E8 D2680000 CALL KERNEL32.77E64DA1
77E5E4CF 8BF0 MOV ESI, EAX
77E5E4D1 85F6 TEST ESI, ESI
77E5E4D3 0F84 B0240200 JE KERNEL32.77E80989
77E5E4D9 FF75 0C PUSH DWORD PTR SS:[EBP+C]
77E5E4DC 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
77E5E4DF 50 PUSH EAX
77E5E4E0 E8 C5A20000 CALL KERNEL32.77E687AA
77E5E4E5 85C0 TEST EAX, EAX
77E5E4E7 0F84 9C240200 JE KERNEL32.77E80989
77E5E4ED 33C0 XOR EAX, EAX
77E5E4EF 3945 10 CMP DWORD PTR SS:[EBP+10], EAX
77E5E4F2 0F95C0 SETNE AL
77E5E4F5 50 PUSH EAX
77E5E4F6 6A 00 PUSH 0
77E5E4F8 6A 00 PUSH 0
77E5E4FA 6A 00 PUSH 0
77E5E4FC FF75 FC PUSH DWORD PTR SS:[EBP-4]
77E5E4FF FF76 04 PUSH DWORD PTR DS:[ESI+4]
77E5E502 E8 BFB4FFFF CALL KERNEL32.CopyFileExW
77E5E507 8BF0 MOV ESI, EAX
77E5E509 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
77E5E50C 50 PUSH EAX
77E5E50D FF15 6810E577 CALL DWORD PTR DS:[<&NTDLL.RtlFreeUni>; ntdll.RtlFreeUnicodeString
77E5E513 8BC6 MOV EAX, ESI
77E5E515 5E POP ESI
77E5E516 C9 LEAVE
77E5E517 C2 0C00 RETN 0C
77E5E4C1 > 55 PUSH EBP
77E5E4C2 8BEC MOV EBP, ESP
77E5E4C4 51 PUSH ECX
77E5E4C5 51 PUSH ECX
77E5E4C6 56 PUSH ESI
77E5E4C7 FF75 08 PUSH DWORD PTR SS:[EBP+8]
77E5E4CA E8 D2680000 CALL KERNEL32.77E64DA1
77E5E4CF 8BF0 MOV ESI, EAX
77E5E4D1 85F6 TEST ESI, ESI
77E5E4D3 0F84 B0240200 JE KERNEL32.77E80989
77E5E4D9 FF75 0C PUSH DWORD PTR SS:[EBP+C]
77E5E4DC 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
77E5E4DF 50 PUSH EAX
77E5E4E0 E8 C5A20000 CALL KERNEL32.77E687AA
77E5E4E5 85C0 TEST EAX, EAX
77E5E4E7 0F84 9C240200 JE KERNEL32.77E80989
77E5E4ED 33C0 XOR EAX, EAX
77E5E4EF 3945 10 CMP DWORD PTR SS:[EBP+10], EAX
77E5E4F2 0F95C0 SETNE AL
77E5E4F5 50 PUSH EAX
77E5E4F6 6A 00 PUSH 0
77E5E4F8 6A 00 PUSH 0
77E5E4FA 6A 00 PUSH 0
77E5E4FC FF75 FC PUSH DWORD PTR SS:[EBP-4]
77E5E4FF FF76 04 PUSH DWORD PTR DS:[ESI+4]
77E5E502 E8 BFB4FFFF CALL KERNEL32.CopyFileExW
77E5E507 8BF0 MOV ESI, EAX
77E5E509 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
77E5E50C 50 PUSH EAX
77E5E50D FF15 6810E577 CALL DWORD PTR DS:[<&NTDLL.RtlFreeUni>; ntdll.RtlFreeUnicodeString
77E5E513 8BC6 MOV EAX, ESI
77E5E515 5E POP ESI
77E5E516 C9 LEAVE
77E5E517 C2 0C00 RETN 0C
Windows API는 함수 호출 방식을 파스칼 방식으로 채택하여 VC++ 에서 스택 push 방식을 파스칼 방식으로 통일 - 호출된 쪽에서 스택을 정리(ret 사용)
ret : 주어진 바이트 수만큼 스택 포인터를 감소시킨후 해당 함수로부터 리턴