x64 调用约定
2020-03-23 本文已影响0人
_invincible_
概述
记录一个小实验,演示x64参数如何传递的
结论
func( a, b, c, d, e, f, g ,h )
RCX: 0x64 ('d')
RDX: 0x63 ('c')
RSI: 0x62 ('b')
RDI: 0x61 ('a')
R8 : 0x65 ('e')
R9 : 0x66 ('f')
RBP: 0x7fffffffde00 --> 0x4005c0 (<__libc_csu_init>: push r15)
RSP: 0x7fffffffddf0 --> 0x67 ('g')
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffddf0 --> 0x67 ('g')
0008| 0x7fffffffddf8 --> 0x68 ('h')
# 先push 'h' 后push 'g'
演示
/*
64位函数传参实验
*/
#include <stdio.h>
int func(int a1, int b2, int c3, int d4, int e5, int f6, int g7, int h8){
printf("%d\n", a1+b2+c3+d4+e5+f6+g7+h8);
return 0;
}
int main(){
func('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h');
return 0;
}
/*
Dump of assembler code for function main:
0x0000000000400580 <+0>: push rbp
0x0000000000400581 <+1>: mov rbp,rsp
=> 0x0000000000400584 <+4>: push 0x68
0x0000000000400586 <+6>: push 0x67
0x0000000000400588 <+8>: mov r9d,0x66
0x000000000040058e <+14>: mov r8d,0x65
0x0000000000400594 <+20>: mov ecx,0x64
0x0000000000400599 <+25>: mov edx,0x63
0x000000000040059e <+30>: mov esi,0x62
0x00000000004005a3 <+35>: mov edi,0x61
0x00000000004005a8 <+40>: call 0x400526 <func>
0x00000000004005ad <+45>: add rsp,0x10
0x00000000004005b1 <+49>: mov eax,0x0
0x00000000004005b6 <+54>: leave
0x00000000004005b7 <+55>: ret
End of assembler dump.
gdb-peda$ c
Continuing.
[----------------------------------registers-----------------------------------]
...
RCX: 0x64 ('d')
RDX: 0x63 ('c')
RSI: 0x62 ('b')
RDI: 0x61 ('a')
RBP: 0x7fffffffde00 --> 0x4005c0 (<__libc_csu_init>: push r15)
RSP: 0x7fffffffddf0 --> 0x67 ('g')
RIP: 0x4005a8 (<main+40>: call 0x400526 <func>)
R8 : 0x65 ('e')
R9 : 0x66 ('f')
...
[-------------------------------------code-------------------------------------]
0x400599 <main+25>: mov edx,0x63
0x40059e <main+30>: mov esi,0x62
0x4005a3 <main+35>: mov edi,0x61
=> 0x4005a8 <main+40>: call 0x400526 <func>
0x4005ad <main+45>: add rsp,0x10
0x4005b1 <main+49>: mov eax,0x0
0x4005b6 <main+54>: leave
0x4005b7 <main+55>: ret
...
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffddf0 --> 0x67 ('g')
0008| 0x7fffffffddf8 --> 0x68 ('h')
0016| 0x7fffffffde00 --> 0x4005c0 (<__libc_csu_init>: push r15)
0024| 0x7fffffffde08 --> 0x7ffff7a2d830 (<__libc_start_main+240>: mov edi,eax)
0032| 0x7fffffffde10 --> 0x1
0040| 0x7fffffffde18 --> 0x7fffffffdee8 --> 0x7fffffffe266 ("/home/invincible/Desktop/test/64")
0048| 0x7fffffffde20 --> 0x1f7ffcca0
0056| 0x7fffffffde28 --> 0x400580 (<main>: push rbp)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 2, 0x00000000004005a8 in main () at 64_param_demo.c:13
13 func('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h');
gdb-peda$
*/
