Under normal circumstances, we write a C / C function, even an empty function, the compiler also made a lot of work for us, generated some "necessary" code. Please see the function below (for explaining questions):
INT test () {IrgeTurn; char sztemp [33]; sztemp [0] = 'a'; sztemp [1] = '/ 0'; IRETURN = MessageBox (NULL, SZTEMP, SZTEMP, MB_OK); MessageBeep (IReturn) Return IReturn;}
Below is the anti-assessment code compiled with VC6 in the Release mode:
00401000 SUB ESP, 24h // Increase stack space storage local variable (24h = 36d, 4 bytes aligned, notice that there is no IRETURN allocation space) 00401003 PUSH ESI // Save important register 00401004 Lea Eax, [ESP 4 ] // The following is the parameter 00401008 PUSH 00040100A Lea ECX, [ESP 8] // compiler is stupid, two are Sztemp, two PUSH EAX0040100F PUSH ecx00401010 push 000401012 mov byte ptr [esp 14h], 41h00401017 mov byte ptr [esp 15h], 00040101C call dword ptr ds: [40509Ch] // call MessageBox () 00401022 mov esi, eax // return value to the variable iReturn . by! Variable IRETURN automatically uses ESI, the compiler is too smart: 00401024 Push ESI00401025 Call DWORD PTR DS: [4050A0H] // Call MessageBeep () 0040102B MOV EAX, ESI // Turn the variable IReturn to ESI as the return value 0040102D POP ESI / / Restore important register 0040102E add ESP, 24h // Reduce Stack Space 00401031 RET // Stack length minus 4 and return
Although this code is very desirable (can automatically use registers to save variables), but sometimes we don't need a compiler to provide these self-proposal code (such as writing drivers, I haven't encountered this. What happens, huh ~~), we hope that all the functions are written in their own (BT ^ O ^). Ok, please go out today's protagonist - "Naked" (how is naked?), Welcome! Visual C extension Keyword Naked allows us to completely customize a function, nonsense, see example (ZZZZZZZZ ~~):
__Declspec (Naked) int test () {__ASM {Sub ESP, 24h Push ESI Lea Eax, [ESP 4] Push 0 Push Eax Push Eax Push 0 MOV BYTE PTR [ESP 14H], 41H MOV BYTE PTR [ESP 15h ], 0 Call Dword PTR [MessageBoxa] MOV ESI, EAX PUSH ESI CALL DWORD PTR [MessageBeep] MOV ES, ESI POP ESI Add ESP, 24H RET}} The above code is the inline assembly used by the VC, and the VC compile The generated code is completely the same (very fully controlled accomplishment, ^ _ ^). Above we did not save anything (saving PUSH ECX is not a Nake's credit), but sometimes it is really necessary (can't come out, falling!). Finally, please tell me: 1. Use the naked key to build an EBP parameter pointer (if eBP is used as a parameter pointer); 2. You must return yourself (unless you don't return).
