x86汇编堆栈1堆栈操作x86汇编中的堆栈是一块特殊的内存区域用于存储程序运行时的数据。它遵循后进先出LIFO的原则主要用于函数调用时的参数传递、局部变量存储以及保存返回地址。堆栈操作的核心指令是PUSH和POP。PUSH指令将一个操作数压入堆栈顶部同时栈顶指针ESP会相应地向下移动在32位系统中ESP减少4字节。POP指令则将堆栈顶部的值弹出到指定的寄存器或内存位置并使栈顶指针向上移动ESP增加4字节。其他与堆栈相关的指令包括PUSHF/POPF分别用于将整个标志寄存器压入堆栈或弹出堆栈到标志寄存器。PUSHAD/POPAD用于将所有通用寄存器EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI一次性压入堆栈或弹出堆栈。堆栈平衡是指在函数执行完毕后所有压入堆栈的数据都必须被正确弹出以恢复堆栈到调用前的状态避免内存混乱或程序崩溃。2堆栈优缺点优点可以临时存储大量数据便于数据查找。堆栈遵循先进后出原则数据存取有序结构简单稳定不易混乱。常用于函数调用程序运行表达式计算等场景可临时保存中间结果和现场信息操作效率高。堆栈实现简单仅需入栈/出栈/取栈顶等基本操作内存管理方便。缺点访问受限只能对栈顶数据进行操作不能随机访问中间数据空间大小固定或受限时容易出现栈溢出不适合需要频繁随机查找/修改和遍历的数据场景。3)常用指令和寄存器PUSH指令将一个操作数压入堆栈顶部同时栈顶指针ESP会相应地向下移动在32位系统中ESP减少4字节。POP指令则将堆栈顶部的值弹出到指定的寄存器或内存位置并使栈顶指针向上移动ESP增加4字节观察ESP栈顶和EBP栈底0040101F . 52 PUSH EDX00401020 . 6A 00 PUSH 0 ; /pModule NULL00401022 . E8 4BE00A00 CALL JMP.KERNEL32.GetModuleHandleA ; \GetModuleHandleA画堆栈图案例并进行分析00F017F2 6A 02 PUSH 2 传参00F017F4 6A 01 PUSH 100F017F6 E8 C6FAFFFF CALL Project1.00F012C1 add(00F01770) 调用 add 函数实际执行地址 00F0177000F017FB 83C4 08 ADD ESP,8 调用后清理栈2个参数各占4字节共8字节00F01770 55 PUSH EBP 提升堆栈/0C000F01771 8BEC MOV EBP,ESP00F01773 81EC C0000000 SUB ESP,0C000F01779 53 PUSH EBX 00F0177A 56 PUSH ESI00F0177B 57 PUSH EDI00F0177C 8BFD MOV EDI,EBP00F0177E 33C9 XOR ECX,ECX00F01780 B8 CCCCCCCC MOV EAX,CCCCCCCC00F01785 F3:AB REP STOS DWORD PTR ES:[EDI]00F01787 B9 08C0F000 MOV ECX,Project1.00F0C00800F0178C E8 8FFBFFFF CALL Project1.00F0132000F01791 90 NOP00F01792 8B45 08 MOV EAX,DWORD PTR SS:[EBP8] 获取push参数100F01795 0345 0C ADD EAX,DWORD PTR SS:[EBPC] eax 获取push参数200F01798 5F POP EDI 恢复现场00F01799 5E POP ESI00F0179A 5B POP EBX00F0179B 81C4 C0000000 ADD ESP,0C000F017A1 3BEC CMP EBP,ESP00F017A3 E8 97FAFFFF CALL Project1.00F0123F00F017A8 8BE5 MOV ESP,EBP00F017AA 5D POP EBP 恢复栈底00F017AB C3 RETN 函数执行完毕返回4外平栈内平栈平栈栈平衡的核心是函数调用后恢复栈指针避免栈溢出或数据错乱外平栈与内平栈的核心区别在于谁来执行平栈操作。外平栈平栈操作由调用者call指令的外部即发起函数调用的代码段完成。调用者在执行call指令调用函数后手动调整栈指针如add esp, n恢复栈平衡。内平栈平栈操作由被调用者call指令的内部即被调用的函数体完成。被调用函数在执行完核心逻辑后通过ret n等指令自动恢复栈指针调用者无需额外操作。5案例;sdk ;https://masm32.com/download.htm ;Project mouse rigth propertis ;Microsoft Macro Assembler - General - Include Paths ;C:\masm32\include ;Linker - General - Additional Library Directories ;C:\masm32\lib ;Project mouse right - Build Dependencies - Build Customizations ;Project mouse file.asm - propertis - item type - Microsoft Macro Assembler ;vs2022 is error ;masm build ;cmd ;C:\masm32\bin\ml.exe /c /nologo /Zi /FoDebug\asm2masm32InputOut.obj /I C:\masm32\include /W3 /coff /Cp /TaD:\asm2masm32InputOut.asm ;cd Project4 ;C:\masm32\bin\link.exe /SUBSYSTEM:CONSOLE /LIBPATH:C:\masm32\lib Debug\asm2masm32InputOut.obj user32.lib kernel32.lib /OUT:asm2masm32InputOut.exe ;or ;*.asm mouse rigth find propertis - Item type select Cutom Build Tool - In General Command Line input ;C:\masm32\bin\ml.exe /c /nologo /Zi /Fo$(OutDir)\$(FileName).obj /I C:\masm32\include /W3 /Ta$(ProjectDir)asm2masm32InputOut.asm ;or finally done change error code ;alrt_eventname WCHAR (EVLEN 1) dup(?) ;alrt_servicename WCHAR (SNLEN 1) dup(?) ;.586 ;Instruction set .386 .MODEL flat,stdcall ; Call convention option casemap:none ; Case-sensitive naming matches Windows API ; Link core Windows libraries include windows.inc include user32.inc include kernel32.inc include msvcrt.inc includelib user32.lib includelib kernel32.lib includelib msvcrt.lib .data ; Stack elements szA db AAAAAA, 0 szB db BBBBBBB, 0 szC db CCCCCC, 0 ; Output szAllPushed db All elements pushed:, 0dh, 0ah db Stack top (szC): %s, 0dh, 0ah db Middle (szB): %s, 0dh, 0ah db Bottom (szA): %s, 0dh, 0ah, 0 szPopStep1 db Pop 1 element (szC): %s, 0dh, 0ah db New stack top (szB): %s, 0dh, 0ah db Stack bottom (szA): %s, 0dh, 0ah, 0 szPopStep2 db Pop 1 more element (szB): %s, 0dh, 0ah db Final stack top (szA): %s, 0dh, 0ah, 0 ; Code segment .code simple_subroutine proc ;pushad ;pushad ;Use pushad to save all registers, modify them, then restore ;simple_subroutine: pushad ; Save all 32-bit general-purpose registers to stack mov eax, 12345678 ; Modify EAX original value is safe on stack mov ecx, 87654321 ; Modify ECX ; Other operations that change register values ... popad ; Restore all registers to their original state ret ; Return from subroutine original register values preserved simple_subroutine endp END _mainCRTStartup END其他案例请查看aes解码,密钥123456789密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bg