内存中栈的具体表现

栈在内存中到底是如何表现的呢？我们来做一个实例调试一下。

代码如下：

#include
void main()
{
_asm
{
push 0x12345678
push 0x11112222
pop eax
pop ebx
}
}

按F9下一个断点，然后按F5进行调试。反汇编窗口如下

5: _asm
6: {
7: push 0x12345678
00401028 push 12345678h
8: push 0x11112222
0040102D push 11112222h
9: pop eax
00401032 pop eax
10: pop ebx
00401033 pop ebx
11: }
寄存器窗口如下：

EAX = CCCCCCCC EBX = 7FFDF000 ECX = 00000000 EDX = 00191030 ESI = 00000000
EDI = 0012FF48 EIP = 00401028 ESP = 0012FEFC EBP = 0012FF48 EFL = 00000202

EBP的地址是0012FF48，ESP的地址是0012FEFC，通过这两个值就可以找到栈

0012FEE4 00 00 00 00 02 00 00 00 30 2F ........0/
0012FEEE 42 00 83 00 00 00 E0 06 19 00 B.........
0012FEF8 1C FF 12 00 00 00 00 00 00 00 ..........
0012FF02 00 00 00 F0 FD 7F CC CC CC CC ...瘕.烫烫
0012FF0C CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF16 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF20 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF2A CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF34 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF3E CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF48 88 FF 12 00 89 11 40 00 01 00 ......@...
0012FF52 00 00 B8 0F 19 00 30 10 19 00 ......0...

然后按F11单步执行，这时发现

EAX = CCCCCCCC EBX = 7FFDF000 ECX = 00000000 EDX = 00191030 ESI = 00000000 EDI = 0012FF48 EIP = 0040102D ESP = 0012FEF8 EBP = 0012FF48 EFL = 00000202

0012FEE4 00 00 00 00 02 00 00 00 30 2F ........0/
0012FEEE 42 00 83 00 00 00 E0 06 19 00 B.........
0012FEF8 78 56 34 12 00 00 00 00 00 00 xV4.......
0012FF02 00 00 00 F0 FD 7F CC CC CC CC ...瘕.烫烫
0012FF0C CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF16 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF20 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF2A CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF34 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF3E CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF48 88 FF 12 00 89 11 40 00 01 00 ......@...
0012FF52 00 00 B8 0F 19 00 30 10 19 00 ......0...
0012FF5C 00 00 00 00 00 00 00 00 00 F0 ..........

然后再单步

EAX = CCCCCCCC EBX = 7FFDF000 ECX = 00000000 EDX = 00191030 ESI = 00000000 EDI = 0012FF48 EIP = 00401032 ESP = 0012FEF4 EBP = 0012FF48 EFL = 00000202

0012FEE4 00 00 00 00 02 00 00 00 30 2F ........0/
0012FEEE 42 00 83 00 00 00 22 22 11 11 B.....""..
0012FEF8 78 56 34 12 00 00 00 00 00 00 xV4.......
0012FF02 00 00 00 F0 FD 7F CC CC CC CC ...瘕.烫烫
0012FF0C CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF16 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF20 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF2A CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF34 CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF3E CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫
0012FF48 88 FF 12 00 89 11 40 00 01 00 ......@...
0012FF52 00 00 B8 0F 19 00 30 10 19 00 ......0...

然后再单步

EAX = 11112222 EBX = 7FFDF000 ECX = 00000000 EDX = 00191030 ESI = 00000000 EDI = 0012FF48 EIP = 00401033 ESP = 0012FEF8 EBP = 0012FF48 EFL = 00000202

然后再单步
EAX = 11112222 EBX = 12345678 ECX = 00000000 EDX = 00191030 ESI = 00000000 EDI = 0012FF48 EIP = 00401034 ESP = 0012FEFC EBP = 0012FF48 EFL = 00000202

转载请注明：exchen's blog » 内存中栈的具体表现

内存中栈的具体表现

与本文相关的文章

Hi，您需要填写昵称和邮箱！