c&汇编rkvir

printf函数

• printf("%d", num);

• 汇编代码调用过程:

  0071183F  mov         eax,dword ptr [num]  
  00711842  push        eax  
  00711843  push        offset string "%d" (0717B30h)  
  00711848  call        _printf (0711046h)  
  0071184D  add         esp,8  
  

• ida

call    ___main
mov     dword ptr [esp+1Ch], 1
mov     eax, [esp+1Ch]
mov     [esp+4], eax
mov     dword ptr [esp], offset aD ; "%d"
call    _printf
mov     eax, 0
leave
retn
_main endp

函数分析

#include <stdio.h>
int main()
{
	printf("Hello,World!");
	return 0;
}

#include <stdio.h>

int main()
{
00841810  push        ebp       ;压栈
00841811  mov         ebp,esp  	;
00841813  sub         esp,0C0h  ;抬高栈
00841819  push        ebx  		;保留现场
0084181A  push        esi  		;保留现场
0084181B  push        edi 		;保留现场
0084181C  lea         edi,[ebp-0C0h]  
00841822  mov         ecx,30h  
00841827  mov         eax,0CCCCCCCCh  
0084182C  rep stos    dword ptr es:[edi]   ;① 把这段空间全刷为0CCCCCCCCh 
0084182E  mov         ecx,offset _6AD0E0B9_test@c (084C003h)  
00841833  call        @__CheckForDebuggerJustMyCode@4 (0841217h)  
	printf("Hello,World!");
00841838  push        offset string "Hello,World!" (0847BD0h)  
0084183D  call        _printf (0841046h)  
00841842  add         esp,4  
	return 0;
00841845  xor         eax,eax  
}
00841847  pop         edi  ;堆栈平衡
00841848  pop         esi  ;
00841849  pop         ebx  ;
0084184A  add         esp,0C0h ;  
00841850  cmp         ebp,esp  ;
00841852  call        __RTC_CheckEsp (0841221h)  
00841857  mov         esp,ebp  
00841859  pop         ebp  
0084185A  ret

① https://blog.csdn.net/ypist/article/details/8467163