cdecl和stdcall调用约定的汇编代码对比-白红宇

cdecl和stdcall调用约定的汇编代码对比

stdcall方式：

--- d:\projects\lab\call_type\call_type.cpp ------------------------------------

int __stdcall add(int a, int b)

{

002613A0 push ebp

002613A1 mov ebp,esp

002613A3 sub esp,0C0h

002613A9 push ebx

002613AA push esi

002613AB push edi

002613AC lea edi,[ebp-0C0h]

002613B2 mov ecx,30h

002613B7 mov eax,0CCCCCCCCh

002613BC rep stos dword ptr es:[edi]

return a+b;

002613BE mov eax,dword ptr [a]

002613C1 add eax,dword ptr [b]

}

002613C4 pop edi

002613C5 pop esi

002613C6 pop ebx

002613C7 mov esp,ebp

002613C9 pop ebp

002613CA ret 8

---------------------------------------------------

--- d:\projects\lab\call_type\call_type.cpp ------------------------------------

int main()

{

002613E0 push ebp

002613E1 mov ebp,esp

002613E3 sub esp,0CCh

002613E9 push ebx

002613EA push esi

002613EB push edi

002613EC lea edi,[ebp-0CCh]

002613F2 mov ecx,33h

002613F7 mov eax,0CCCCCCCCh

002613FC rep stos dword ptr es:[edi]

int sum;

sum = add(1,2);

002613FE push 2

00261400 push 1

00261402 call add (261109h)

00261407 mov dword ptr [sum],eax

return 0;

0026140A xor eax,eax

}

0026140C pop edi

0026140D pop esi

0026140E pop ebx

0026140F add esp,0CCh

00261415 cmp ebp,esp

00261417 call @ILT+315(__RTC_CheckEsp) (261140h)

0026141C mov esp,ebp

0026141E pop ebp

0026141F ret

===================================================

cdecl方式：

--- d:\projects\lab\call_type\call_type.cpp ------------------------------------

int add(int a, int b)

{

00E713A0 push ebp

00E713A1 mov ebp,esp

00E713A3 sub esp,0C0h

00E713A9 push ebx

00E713AA push esi

00E713AB push edi

00E713AC lea edi,[ebp-0C0h]

00E713B2 mov ecx,30h

00E713B7 mov eax,0CCCCCCCCh

00E713BC rep stos dword ptr es:[edi]

return a+b;

00E713BE mov eax,dword ptr [a]

00E713C1 add eax,dword ptr [b]

}

00E713C4 pop edi

00E713C5 pop esi

00E713C6 pop ebx

00E713C7 mov esp,ebp

00E713C9 pop ebp

00E713CA ret

---------------------------------------------------

--- d:\projects\lab\call_type\call_type.cpp ------------------------------------

int main()

{

00E713E0 push ebp

00E713E1 mov ebp,esp

00E713E3 sub esp,0CCh

00E713E9 push ebx

00E713EA push esi

00E713EB push edi

00E713EC lea edi,[ebp-0CCh]

00E713F2 mov ecx,33h

00E713F7 mov eax,0CCCCCCCCh

00E713FC rep stos dword ptr es:[edi]

int sum;

sum = add(1,2);

00E713FE push 2

00E71400 push 1

00E71402 call add (0E71096h)

00E71407 add esp,8

00E7140A mov dword ptr [sum],eax

return 0;

00E7140D xor eax,eax

}

00E7140F pop edi

00E71410 pop esi

00E71411 pop ebx

00E71412 add esp,0CCh

00E71418 cmp ebp,esp

00E7141A call @ILT+315(__RTC_CheckEsp) (0E71140h)

00E7141F mov esp,ebp

00E71421 pop ebp

00E71422 ret

---------------------------------------------------

我们的thunkCode如下：

const unsigned char thunkCodeTemplate[] =
{
    0x55, // push ebp
    0x8B, 0xEC, // mov ebp, esp
    0xB8, 0x00, 0x00, 0x00, 0x00, // mov eax, [new_addr]
    0xB9, 0x00, 0x00, 0x00, 0x00, // mov ecx, [old_addr]
    0x51, // push ecx
    0xFF, 0xD0, // call eax
    0xC9, // leave
    0xC3 // ret
};

本文转sinojelly51CTO博客，原文链接：

http://blog.51cto.com/sinojelly/431704

，如需转载请自行联系原作者