Cº¯Êý·µ»Ø½á¹¹ÌåÔÚ»ã±àϵÄʵÏÖ

 
±àÒëÆ÷£ºvc++6.0(ÒòΪ´ËÖÖʵÏÖÒÀÀµ±àÒëÆ÷´¦Àí)
´Ë´¦Ö»¼òÒªÐðÊöһϻúÖÆ¡£²¢¸½²¿·Ö¹Ø¼üÖ¸ÁîÐòÁС£
×¼±¸£º
1£¬¹ØÓÚEBP£º³Æ×öÕ»»ùÖ·Ö¸Õ롣ΪʲôÕâÑù˵ÄØ£¿ÎÒÃÇÏÈÀ´¿´¿´º¯Êýµ÷ÓõĹý³Ì£º
²ÎÊý´ÓÓÒµ½×óѹջ¡£
callÖ¸ÁîÖ´ÐУ¬¸ÃÖ¸Áµ¼ÖÂEIPѹջ¡£
ÿ¸öº¯ÊýÇ°Á½¾ä±Ø¶¨ÊÇ£ºpush ebp   mov ebp,esp¡£ÔòcallÖ¸Áîºó£¬Ìøµ½±»µ÷º¯Êý³ö¿ªÊ¼Ö´ÐС£±£´æebp£¬¼´ebpѹջ¡£
¾Ö²¿±äÁ¿Ñ¹Õ»¡£Ò»°ãÊÇsub esp,xxxµÄÐÎʽ¡£
Õâ¾ÍÊǽ«ebp³ÆΪ»ùÖ¸ÕëµÄÔ­Òò£ºebp-xx·ÃÎʵÄʱ¾Ö²¿±äÁ¿£»ebp+xx·ÃÎʵÄÊDzÎÊý¡£×î×ó±ß²ÎÊýµØÖ·ÊÇebp+8h¡£ebp×øÕòÖмäΪ»ù×¼¡£
2£¬º¯Êý·µ»Øֵͳһ·ÅÈëeaxÖС£Ö»Òª·ÅµÃÏ¡£
3£¬Õ»À©Õ¹·½ÏòΪ´Ó¸ßµØÖ·µ½µÍµØÖ·¡£½á¹¹ÄڵıäÁ¿´æÖü·½Ê½£ºµÍµØÖ·¶ÔÓ¦ÉùÃ÷˳Ðò¿¿Ç°µÄ³ÉÔ±¡£Ò»¶¨Òª×¢ÒâÕâÀïµÄÇø±ð£¡Ëü¹Øϵµ½·´»ã±àÉú³ÉµÄ´úÂëÀïÃæµÄÊý×ÖÊÇÔõôËã³öÀ´µÄ¡£µ«Èç¹ûÄã×Ô¼ºÐ´»ã±à´úÂë¾Í²»Óÿ¼ÂÇÕâЩÁË¡£Ö»È¡³ÉÔ±Ãû¼´¿É¡£
4£¬²»ÄÜÖ±½ÓÔÚÁ½¸ö´æ´¢Æ÷±äÁ¿¼äÓÃmovÖ¸Áî¡£
Ö÷ÒªÔ­Àí£º
    µ±µ÷ÓÃÒ»¸ö·µ»Ø½á¹¹ÌåµÄº¯Êýʱ£¬ÔÚvc++Ï£¬ÊÇÕâÑù´¦Àí£º
    Ê×ÏÈsub esp,xx£¬ÔÚ¶ÑÕ»ÉÏ¿ª±ÙÒ»¸ö¿Õ¼ä¡£´óСΪ½á¹¹Ìå´óС¡£
    È»ºólea eax,[esp-xx]£¬¼´½«½á¹¹ÌåÔÚ¶ÑÕ»ÖеĵØÖ·ËÍeax¡£
    push ²ÎÊý¡£
    push eax¡£
    call º¯Êý¡£
    ±»µ÷Óú¯ÊýÄÚ²¿£º
    routine£º
    push ebp     mov ebp,esp
    Ò»°ãÊǶ¨ÒåÒ»¸ö½á¹¹Ìå¾Ö²¿±äÁ¿£º
    struct aa a;
    sub esp, sizeof aa
    È»ºó´¦Àí½á¹¹Ì壬
.
.
.
.
×îºóreturn a¡£
Ê×ÏÈmov eax,[ebp+8h]      ;½«ÍâÃæµÄµ÷Óú¯ÊýÔÚ¶ÑÕ»ÄÚ¿ª±ÙµÄ½á¹¹ÌåÖ¸Õ븳Óèeax¡£
È»ºó½«±»µ÷Óú¯ÊýÔÚ¶ÑÕ»ÄÚ¿ª±ÙµÄ½á¹¹ÌåÄÚµÄÖµ¸³µ½µ÷Óú¯Êý¿ª±ÙµÄ½á¹¹ÌåÄÚ¡£
Ò»°ãÐÎʽÊÇ:mov ecx,[ebp-½á¹¹Ìå´óС]        £»¸³µÚÒ»¸ö³ÉÔ±
                mov [eax],ecx
                mov ecx,[ebp-½á¹¹Ìå´óС+µÚÒ»¸ö³ÉÔ±´óС£¨¿¼ÂǶÔÆ룩]
  &nbs