1. Current instruction Stack
call mysetjmp
int _fastcall
MSVC _fastcall stores
mysetjmp(myjmp_buf *)
the first argument in Ret. From mysetjmp
ECX register.
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
2. Current instruction Stack
pop edx
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
3. Current instruction Stack
mov [ecx], edx
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
4. Current instruction Stack
mov [ecx+4], esp
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
5. Current instruction Stack
mov [ecx+8], ebp
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
6. Current instruction Stack
mov [ecx+12], ebx
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
7. Current instruction Stack
mov [ecx+16], edi
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
8. Current instruction Stack
mov [ecx+20], esi
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf
9. Current instruction Stack
xor eax, eax
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
Zero! myjmp_buf
10. Current instruction Stack
mov [ecx+24], eax
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf NULL!
11. Current instruction Stack
mov [ecx+28], eax
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf Zero!
12. Current instruction Stack
jmp edx
Return to caller!
Ret. From mysetjmp
Caller frame
Registers
EIP ECX EBP ESP EIP ESP EBP EBX
EAX EBX EDX ESI EDI EDI ESI Stack Len
ETC…
myjmp_buf Zero!