-
Push ebp holds ebp, sub esp, 80h allocates local variables in the stack, the size is 80h
MOV EBP, ESP uses EBP to indicate the local variables of the current function, the parameters of the current function, and the return address of the current function.
mov [ebp+04h], eax [ebp+04h] saves the return address of the current function, modifies the return address here, and returns to the address pointed by EAX to continue the execution after the current function is executed.
push 0 is a function argument.
push 'ayra'Press-in function parameters.
push 'rbil'Press-in function parameters.
push 'daol'Press-in function parameters.
Push esp press-in function arguments.
Push edi press-in function arguments.
call dword ptr ss:[ebp+04h] //call(eax)。The call function is indicated by eax, [ebp+04h]=eax
mov [ebp+08h], eax gets the return result of call(eax) and writes it to [ebp+08h], which is the parameter of the current function. Since the value of the parameter is modified, the parameter is a pointer or reference.
1: If push ebp, sub esp, and 80h are the beginning of the function (i.e., the call instruction jumps here), then use the register to pass the function arguments, and eax and edi are all function arguments.
2: Since the return address of the current function is broken, then there should be a fix operation later (A: balance the stack and jump B: Rewrite [EBP+04] C: Other operations to fix).
3: Is this a shell program (most likely written by win32 assembly)? This paragraph has too little information to be judged according to the context, and only so much can be analyzed.
-
There are so many programs on your topic for no reason, although I have studied compilation, but I can't understand it.
There's not a lot of logic here, it's better to add the pseudo-directives along so that everyone can do it.
The reason why the stack in and out of the stack is because some registers save temporary variables, but there is no place to put its initial value, so it can only be saved first, and then out of the stack, returning the original value.
-
To look at the program as a whole, it is possible to see what a certain segment of the program does and why it is done according to the context.
God can't even understand this paragraph, and he can't say why he wrote it that way.
-
in your question.
Top 3 Whys:
push ebp
sub esp,80h ;Why write it like that.
mov ebp,esp ;Why write it like that.
mov [ebp+04h],eax ;Why write it like that.
These are all things that must be done before starting a subroutine.
The function is to make the EBP ESP point to the subroutine, so that the CPU can execute the subroutine, and when the subprogram ends, it can make the EBP ESP return to the place where the subroutine was called.
2 more whys:
push 0
push 'ayra'
push 'rbil'
push 'daol'
push esp ;Why write it like that.
push edi ;Why write it like that.
Let me tell you a trick.
The push before the call is usually a parameter for the call function.
For example, invoke messagebox, hwnd, lptext, lpcaption, utype, which is actually the push utype that is executed
push lpcaption
push lptext
push hwnd
call messagebox
One more why.
call dword ptr ss:[ebp+04h] ;Why write it like that.
Because you're disassembling it**, it's hard for you or the master to tell what the call is.
This leads to the SS:[EBP+04H] place that SS points to to see what it is.
The last 1 why.
mov [ebp+08h],eax ;Why write it like that.
The result of the call subroutine is usually placed in EAX
The meaning of this sentence is to pass the contents of the returned result EAX to the variable [EBP+08H].
-
code segment
assume cs:code
start:
mov bl,0 ;The number of bl deposits.
mov si,1000h
mov cx,10
op:cmp [si],0
jne op2
inc bl ;If it is zero, add one.
op2:inc si
loop op;Judge the number of comparisons.
mov dl,bl;Number of outputs.
mov ah,2h
int 21h
code ends
end start
-
It is to call 16 bytes of Qi as a Heling unit, and if it is less than 16 bytes, it will be counted as 16 bytes.
n 16 + 1) * 16 = n (integer part) + 16 e.g. 16 bytes, accounting for 16 bytes.
17 bytes, that's 32 bytes.
30 bytes, which is also the answer branch accounts for 32 bytes.
-
next: add [bx+8],sum ;Illegal memory early core references, source operands and destination operands cannot be memory at the same time.
add [bx+7],30h ;The destination operand needs to specify the data type, and change it to: add byte ptr [bx+7], 30h
or Swift Liquid. add word ptr [bx+7],30hadd [bx+8],30h ;The purpose operand needs to specify the number of Luchang excavation types.
-
Lack of conditions to analyze concretely!
-
;Procedure above:
mov dptr, #
mov r2, #50 ;Loop 50 loops:
mov dph, #01000000b ;The source address is eight bits higher movx a, @dptr
mov dph, #00100000b ;Destination high eight bits MOVX @dptr, A
inc dptr
djnz r2, loop
sjmp $
end--- the following program:
mov dptr, #
mov r2, #50 ;Loop 50 loops:
mov dph, #10000000b ;The source address is eight bits higher movx a, @dptr
mov dph, #00100000b ;Destination high eight bits MOVX @dptr, A
inc dptr
djnz r2, loop
sjmp $end
-
Do you see that the address specified by DX and AL is the same? It's okay if it's different.
-
The assembly is closer to the hardware than the C language, so you need to learn the principles of microcomputers and the knowledge of microcontrollers.
I think it's okay, now the system is mostly written in C, but it may be written in C at the beginning, and then the system is bigger, it is difficult to change it to C++, because the system is relatively large, so I think it is good to write in C++, easy to control, of course, the speed is to be discounted, but stability and flexibility should be more important, after all, the slow is better than the unmodifiable and the old crash, and the speed of C++ is not much worse than C, and even faster in some places, because now C++ development is much faster than CAs Bjarne Stroustrup said, learning C is just about dealing with the ** that is being taken as a legacy, hehe. I wonder if that's a bit too much? >>>More
1.Because the fire is generally combustible, the tools that are available or in use are oxidized to carbon dioxide, and the tools cannot be used, which is a loss, so people will become sad; >>>More
Assembly language can be said to be machine language, and what deals directly with hardware is to transform computer language into 1001 that machines can recognize. It's not going to go out of style, at least not for this decade. It's mostly about the hardware side though. >>>More
1 Bubbles are produced on the surface of the metal The solution changes from colorless to light green. >>>More
The Trojan is not clear, and you are explaining the meaning of the MOV instruction in general terms, without explaining the specific addressing process. >>>More