cdecl和stdcall调用约定的汇编代码对比
stdcall方式:
--- d:\projects\lab\call_type\call_type.cpp ------------------------------------
int __stdcall add(int a, int b)
{
002613A0 push ebp
002613A1 mov ebp,esp
002613A3 sub esp,0C0h
002613A9 push ebx
002613AA push esi
002613AB push edi
002613AC lea edi,[ebp-0C0h]
002613B2 mov ecx,30h
002613B7 mov eax,0CCCCCCCCh
002613BC rep stos dword ptr es:[edi]
return a+b;
002613BE mov eax,dword ptr [a]
002613C1 add eax,dword ptr [b]
}
002613C4 pop edi
002613C5 pop esi
002613C6 pop ebx
002613C7 mov esp,ebp
002613C9 pop ebp
002613CA ret 8 ---------------------------------------------------
--- d:\projects\lab\call_type\call_type.cpp ------------------------------------
int main()
{
002613E0 push ebp
002613E1 mov ebp,esp
002613E3 sub esp,0CCh
002613E9 push ebx
002613EA push esi
002613EB push edi
002613EC lea edi,[ebp-0CCh]
002613F2 mov ecx,33h
002613F7 mov eax,0CCCCCCCCh
002613FC rep stos dword ptr es:[edi]
int sum;
sum = add(1,2);
002613FE push 2
00261400 push 1
00261402 call add (261109h)
00261407 mov dword ptr [sum],eax
return 0;
0026140A xor eax,eax
}
0026140C pop edi
0026140D pop esi
0026140E pop ebx
0026140F add esp,0CCh
00261415 cmp ebp,esp
00261417 call @ILT+315(__RTC_CheckEsp) (261140h)
0026141C mov esp,ebp
0026141E pop ebp
0026141F ret ===================================================
cdecl方式:
--- d:\projects\lab\call_type\call_type.cpp ------------------------------------
int add(int a, int b)
{
00E713A0 push ebp
00E713A1 mov ebp,esp
00E713A3 sub esp,0C0h
00E713A9 push ebx
00E713AA push esi
00E713AB push edi
00E713AC lea edi,[ebp-0C0h]
00E713B2 mov ecx,30h
00E713B7 mov eax,0CCCCCCCCh
00E713BC rep stos dword ptr es:[edi]
return a+b;
00E713BE mov eax,dword ptr [a]
00E713C1 add eax,dword ptr [b]
}
00E713C4 pop edi
00E713C5 pop esi
00E713C6 pop ebx
00E713C7 mov esp,ebp
00E713C9 pop ebp
00E713CA ret ---------------------------------------------------
--- d:\projects\lab\call_type\call_type.cpp ------------------------------------
int main()
{
00E713E0 push ebp
00E713E1 mov ebp,esp
00E713E3 sub esp,0CCh
00E713E9 push ebx
00E713EA push esi
00E713EB push edi
00E713EC lea edi,[ebp-0CCh]
00E713F2 mov ecx,33h
00E713F7 mov eax,0CCCCCCCCh
00E713FC rep stos dword ptr es:[edi]
int sum;
sum = add(1,2);
00E713FE push 2
00E71400 push 1
00E71402 call add (0E71096h)
00E71407 add esp,8
00E7140A mov dword ptr [sum],eax
return 0;
00E7140D xor eax,eax
}
00E7140F pop edi
00E71410 pop esi
00E71411 pop ebx
00E71412 add esp,0CCh
00E71418 cmp ebp,esp
00E7141A call @ILT+315(__RTC_CheckEsp) (0E71140h)
00E7141F mov esp,ebp
00E71421 pop ebp
00E71422 ret
---------------------------------------------------
我们的thunkCode如下:
const unsigned char thunkCodeTemplate[] =
{
0x55, // push ebp
0x8B, 0xEC, // mov ebp, esp
0xB8, 0x00, 0x00, 0x00, 0x00, // mov eax, [new_addr]
0xB9, 0x00, 0x00, 0x00, 0x00, // mov ecx, [old_addr]
0x51, // push ecx
0xFF, 0xD0, // call eax
0xC9, // leave
0xC3 // ret
};
{
0x55, // push ebp
0x8B, 0xEC, // mov ebp, esp
0xB8, 0x00, 0x00, 0x00, 0x00, // mov eax, [new_addr]
0xB9, 0x00, 0x00, 0x00, 0x00, // mov ecx, [old_addr]
0x51, // push ecx
0xFF, 0xD0, // call eax
0xC9, // leave
0xC3 // ret
};
