問題描述
如何使用 call 和 ret 更改堆棧內容? (how to change stack content with call and ret?)
這段代碼類似於圖靈機的模擬。我正在檢測此代碼,並且我製作了一張關於更改它的每一步的表格,但我不明白如何使用 CALL AND RET
.model small
.data
bant db 0,0,0,0,0,0,0,0,0
.code
.startup
mov si,4
call stateA
.exit
stateA proc near
cmp bant[si],0
je AB
jmp AC
AB:
mov bant[si],1
inc si
call stateB
jmp RTA
AC:
mov bant[si],1
dec si
call stateC
RTA: ret
stateA endp
stateB proc near
cmp bant[si],0
je BA
jmp BB
BA:
mov bant[si],1
dec si
call stateA
jmp RTB
BB:
mov bant[si],1
inc si
call stateB
RTB: ret
stateB endp
stateC proc near
cmp bant[si],0
je CB
jmp CHLT
CB:
mov bant[si],1
dec si
call stateB
jmp RTC
CHLT:
mov bant[si],1
inc si
RTC: ret
stateC endp
end
參考解法
方法 1:
RET doesn't write to the stack, but it does modify SP. CALL writes a return address to the stack, as well as modifying SP.
The only value you can write to the stack is the IP of the instruction after the CALL, so I don't think it's possible to do very much with just CALL and RET instructions.
You're probably going to need to do it the normal way with MOV instructions and other instructions. Usually with addressing modes relative to [BP], after making a stack frame.
方法 2:
There's neat trick how to load offset of some value on top of stack:
call print_message ; address of string is pushed on top of stack
db "some text message to print",0 ; defined inside code
print_message:
call some_print_function ; which want single argument on stack as "ptr to string"
; restore stack as needed (but don't do "ret", it would execute string)
But this is very likely of more usage in 32b mode, as the pushed offset is inside code segment cs, so in 16b real mode this would work well (conveniently) only with code which has everything in single segment and cs = ds. For example most of the ".com" executables would fit this description.
If your code is using more segments, then that print routine has to be written in a way to address that string through cs:, which is not very common.
(by muco、Peter Cordes、Ped7g)