Main
- 1. EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff77C
call SUB EBP = 0xbffff788
mov edx, eax
EIP = MAIN
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770
mov esp, ebp 0xbffff774
pop ebp 0xbffff778
ret 0xbffff77C 0x12345678
- 2. EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff778
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of push ecx
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770
mov esp, ebp 0xbffff774
pop ebp 0xbffff778 0x00000001
ret 0xbffff77C 0x12345678
- 3. EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff774
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of call SUB
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 4. EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff770
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of push ebp
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 5. EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff770
call SUB EBP = 0xbffff770
mov edx, eax
EIP = addr of
mov ebp, esp
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 6. EAX = 0x00000001
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff770
call SUB EBP = 0xbffff770
mov edx, eax
EIP = addr of
mov eax, [ebp+8]
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 7. EAX = 0x00000001
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff770
call SUB EBP = 0xbffff770
mov edx, eax
EIP = addr of
mov esp, ebp
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 8. EAX = 0x00000001
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff774
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of pop ebp
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 9. EAX = 0x00000001
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff778
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of ret
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
- 10. EAX = 0x00000001
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff778
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of
mov edx, eax
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770 0xbffff788
mov esp, ebp 0xbffff774 addr of
pop ebp mov edx, eax
ret 0xbffff778 0x00000001
0xbffff77C 0x12345678
![EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff77C
call SUB EBP = 0xbffff788
mov edx, eax
EIP = MAIN
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770
mov esp, ebp 0xbffff774
pop ebp 0xbffff778
ret 0xbffff77C 0x12345678](https://image.slidesharecdn.com/main-120609100943-phpapp02/85/Main-1-320.jpg)
![EAX = 0x00000000
MAIN: ECX = 0x00000001
push ecx
ESP = 0xbffff778
call SUB EBP = 0xbffff788
mov edx, eax
EIP = addr of push ecx
SUB:
push ebp
mov ebp, esp Stack
mov eax, [ebp+8] ADDRESS VALUE
0xbffff770
mov esp, ebp 0xbffff774
pop ebp 0xbffff778 0x00000001
ret 0xbffff77C 0x12345678](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)