一、存储分配,局部内存变量,堆栈和函数调用
1、首先写一个简单的C字符串拷贝程序
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void overflow(void)
{
char buf[10];
strcpy(buf,"aaaaaaaaaa");
}//end overflow
int main(void)
{
overflow();
return 0;
}//end main
2、按F11进入"Step into"调试模式,其实只需要留意对我们研究和学习有用的汇编程序段,如下:
2: #include <stdlib.h>
3: #include <string.h>
4:
5: void overflow(void)
6: {
00401020 55 push ebp
00401021 8B EC mov ebp,esp
00401023 83 EC 4C sub esp,4Ch
00401026 53 push ebx
00401027 56 push esi
00401028 57 push edi
00401029 8D 7D B4 lea edi,[ebp-4Ch]
0040102C B9 13 00 00 00 mov ecx,13h
00401031 B8 CC CC CC CC mov eax,0CCCCCCCCh
00401036 F3 AB rep stos dword ptr [edi]
7: char buf[10];
8: strcpy(buf,"aaaaaaaaaa");
00401038 68 1C F0 41 00 push offset string "aaaaaaaaaa" (0041f01c)
0040103D 8D 45 F4 lea eax,[ebp-0Ch]
00401040 50 push eax
00401041 E8 6A 00 00 00 call strcpy (004010b0)
00401046 83 C4 08 add esp,8
9:
10: }//end overflow
00401049 5F pop edi
0040104A 5E pop esi
0040104B 5B pop ebx
0040104C 83 C4 4C add esp,4Ch
0040104F 3B EC cmp ebp,esp
00401051 E8 4A 01 00 00 call __chkesp (004011a0)
00401056 8B E5 mov esp,ebp
00401058 5D pop ebp
00401059 C3 ret
11:
12: int main(void)
13: {
00401070 55 push ebp
00401071 8B EC mov ebp,esp
00401073 83 EC 40 sub esp,40h
00401076 53 push ebx
00401077 56 push esi
00401078 57 push edi
00401079 8D 7D C0 lea edi,[ebp-40h]
0040107C B9 10 00 00 00 mov ecx,10h
00401081 B8 CC CC CC CC mov eax,0CCCCCCCCh
00401086 F3 AB rep stos dword ptr [edi]
14: overflow();
00401088 E8 7D FF FF FF call @ILT+5(overflow) (0040100a)
15: return 0;
0040108D 33 C0 xor eax,eax
16: }//end main
0040108F 5F pop edi
00401090 5E pop esi
00401091 5B pop ebx
00401092 83 C4 40 add esp,40h
00401095 3B EC cmp ebp,esp
00401097 E8 04 01 00 00 call __chkesp (004011a0)
评论
没安装畅言模块