先引一段权威描述:
这是一个空的main函数在debug模式编译的结果:
代码:
00401010 |> \55 push ebp 00401011 |. 8BEC mov ebp, esp 00401013 |. 83EC 40 sub esp, 40 00401016 |. 53 push ebx 00401017 |. 56 push esi 00401018 |. 57 push edi 00401019 |. 8D7D C0 lea edi, dword ptr [ebp-40] 0040101C |. B9 10000000 mov ecx, 10 00401021 |. B8 CCCCCCCC mov eax, CCCCCCCC 00401026 |. F3:AB rep stos dword ptr es:[edi] 00401028 |. 5F pop edi 00401029 |. 5E pop esi 0040102A |. 5B pop ebx 0040102B |. 8BE5 mov esp, ebp 0040102D |. 5D pop ebp 0040102E \. C3 retn
leave起的正是这个作用
以上代码就可以压缩为
代码:
00401010 |> \55 push ebp 00401011 |. 8BEC mov ebp, esp 00401013 |. 83EC 40 sub esp, 40 00401016 |. 53 push ebx 00401017 |. 56 push esi 00401018 |. 57 push edi 00401019 |. 8D7D C0 lea edi, dword ptr [ebp-40] 0040101C |. B9 10000000 mov ecx, 10 00401021 |. B8 CCCCCCCC mov eax, CCCCCCCC 00401026 |. F3:AB rep stos dword ptr es:[edi] 00401028 |. 5F pop edi 00401029 |. 5E pop esi 0040102A |. 5B pop ebx leave 0040102E \. C3 retn
mov esp,ebp pop ebp是用来恢复esp与ebp,而esp与ebp被改变的地方在
push ebp mov ebp, esp
代码:
00401010 |> \55 push ebp 00401011 |. 8BEC mov ebp, esp 00401013 |. 83EC 40 sub esp, 40
归纳为
代码:
enter 40,0 00401016 |. 53 push ebx 00401017 |. 56 push esi 00401018 |. 57 push edi 00401019 |. 8D7D C0 lea edi, dword ptr [ebp-40] 0040101C |. B9 10000000 mov ecx, 10 00401021 |. B8 CCCCCCCC mov eax, CCCCCCCC 00401026 |. F3:AB rep stos dword ptr es:[edi] 00401028 |. 5F pop edi 00401029 |. 5E pop esi 0040102A |. 5B pop ebx leave 0040102E \. C3 retn
以上便是一些不成熟的心得,但似乎enter见得很少,leave+retn在某些高级语言编译的程序倒是常见