The question of compilation, the two questions of compilation!!

Push ebp holds ebp, sub esp, 80h allocates local variables in the stack, the size is 80h

MOV EBP, ESP uses EBP to indicate the local variables of the current function, the parameters of the current function, and the return address of the current function.

mov [ebp+04h], eax [ebp+04h] saves the return address of the current function, modifies the return address here, and returns to the address pointed by EAX to continue the execution after the current function is executed.

push 0 is a function argument.

push 'ayra'Press-in function parameters.

push 'rbil'Press-in function parameters.

push 'daol'Press-in function parameters.

Push esp press-in function arguments.

Push edi press-in function arguments.

call dword ptr ss:[ebp+04h] //call(eax)。The call function is indicated by eax, [ebp+04h]=eax

mov [ebp+08h], eax gets the return result of call(eax) and writes it to [ebp+08h], which is the parameter of the current function. Since the value of the parameter is modified, the parameter is a pointer or reference.

1: If push ebp, sub esp, and 80h are the beginning of the function (i.e., the call instruction jumps here), then use the register to pass the function arguments, and eax and edi are all function arguments.

2: Since the return address of the current function is broken, then there should be a fix operation later (A: balance the stack and jump B: Rewrite [EBP+04] C: Other operations to fix).

3: Is this a shell program (most likely written by win32 assembly)? This paragraph has too little information to be judged according to the context, and only so much can be analyzed.

There are so many programs on your topic for no reason, although I have studied compilation, but I can't understand it.

There's not a lot of logic here, it's better to add the pseudo-directives along so that everyone can do it.

The reason why the stack in and out of the stack is because some registers save temporary variables, but there is no place to put its initial value, so it can only be saved first, and then out of the stack, returning the original value.

To look at the program as a whole, it is possible to see what a certain segment of the program does and why it is done according to the context.

God can't even understand this paragraph, and he can't say why he wrote it that way.

in your question.

Top 3 Whys:

push ebp

sub esp,80h ;Why write it like that.

mov ebp,esp ;Why write it like that.

mov [ebp+04h],eax ;Why write it like that.

These are all things that must be done before starting a subroutine.

The function is to make the EBP ESP point to the subroutine, so that the CPU can execute the subroutine, and when the subprogram ends, it can make the EBP ESP return to the place where the subroutine was called.

2 more whys:

push 0

push 'ayra'

push 'rbil'

push 'daol'

push esp ;Why write it like that.

push edi ;Why write it like that.

Let me tell you a trick.

The push before the call is usually a parameter for the call function.

For example, invoke messagebox, hwnd, lptext, lpcaption, utype, which is actually the push utype that is executed

push lpcaption

push lptext

push hwnd

call messagebox

One more why.

call dword ptr ss:[ebp+04h] ;Why write it like that.

Because you're disassembling it**, it's hard for you or the master to tell what the call is.

This leads to the SS:[EBP+04H] place that SS points to to see what it is.

The last 1 why.

mov [ebp+08h],eax ;Why write it like that.

The result of the call subroutine is usually placed in EAX

The meaning of this sentence is to pass the contents of the returned result EAX to the variable [EBP+08H].

code segment

assume cs:code

start:

mov bl,0 ;The number of bl deposits.

mov si,1000h

mov cx,10

op:cmp [si],0

jne op2

inc bl ;If it is zero, add one.

op2:inc si

loop op;Judge the number of comparisons.

mov dl,bl;Number of outputs.

mov ah,2h

int 21h

code ends

end start

It is to call 16 bytes of Qi as a Heling unit, and if it is less than 16 bytes, it will be counted as 16 bytes.

n 16 + 1) * 16 = n (integer part) + 16 e.g. 16 bytes, accounting for 16 bytes.

17 bytes, that's 32 bytes.

30 bytes, which is also the answer branch accounts for 32 bytes.

next: add [bx+8],sum ;Illegal memory early core references, source operands and destination operands cannot be memory at the same time.

add [bx+7],30h ;The destination operand needs to specify the data type, and change it to: add byte ptr [bx+7], 30h

or Swift Liquid. add word ptr [bx+7],30hadd [bx+8],30h ;The purpose operand needs to specify the number of Luchang excavation types.

Lack of conditions to analyze concretely!

;Procedure above:

mov dptr, #

mov r2, #50 ;Loop 50 loops:

mov dph, #01000000b ;The source address is eight bits higher movx a, @dptr

mov dph, #00100000b ;Destination high eight bits MOVX @dptr, A

inc dptr

djnz r2, loop

sjmp $

end--- the following program:

mov dptr, #

mov r2, #50 ;Loop 50 loops:

mov dph, #10000000b ;The source address is eight bits higher movx a, @dptr

mov dph, #00100000b ;Destination high eight bits MOVX @dptr, A

inc dptr

djnz r2, loop

sjmp $end

Do you see that the address specified by DX and AL is the same? It's okay if it's different.

The assembly is closer to the hardware than the C language, so you need to learn the principles of microcomputers and the knowledge of microcontrollers.