CALL与retn
一.CALL
例如:
004013D9 CALL 00401C4C //ESP = 0060F9C8
004013DE
相当于
sub esp,0x4; //ESP = 0060F9C4
//把CALL下一个指令IP保存栈顶中
mov dword[esp],0x004013DE
jmp 0x00401C4C
-----------------------------------
push 0x004013DE ////ESP = 0060F9C4
jmp 0x00401C4C
-----------------------------------
二RETN
例如:
00401C54 retn //ESP = 0060F9C4 [ESP]= 0x004013DE
00401C55
相当于
jmp [esp]
add esp,0x4
-----------------------------------
pop (EIP)0x0060F9C4 ////ESP = 0060F9C4
jmp 0x004013DE
-----------------------------------
浙公网安备 33010602011771号