Following code
int _main() {return 0;}
Compiled using the command:
gcc -s -nostdlib -nostartfiles 01-simple.c -o01-simple.exe
gcc version 4.4.1 (TDM-1 mingw32)
OllyDbg produced this result:
Can you explain what is going on here? Analysis so far:
// these two seems to be an idiom: PUSH EBP // places EBP on stack MOV EBP, ESP // overwrites EBP with ESP MOV EAX, 0 // EAX = 0 LEAVE // == mov esp, ebp // pop ebp // according to // http://en.wikipedia.org/wiki/X86_instruction_listings
What is the point of all this?
This creates a frame.
PUSH EBP MOV EBP, ESP
In the calling convention used, the return value is returned via EAX(therefore 0exists because you wrote return 0;- try changing this to return 1;and see how this affects the code).
EAX
0
return 0;
return 1;
MOV EAX, 0
( MOV ESP, EBP, POP EBP, , ):
MOV ESP, EBP
POP EBP
LEAVE
, int _main(),
int _main()
, , EBP + (WORD, BYTE, LONG ..).
EBP
EAX ,
MOV EAX, 0 LEAVE
, , 0 .
, .
, , ( DOS), unix-, , , script.
MOV EAX, 0 ' . .
"LEAVE" , . , , , .
Source: https://habr.com/ru/post/1746933/More articles:How can I recursively define Hash in Ruby from the provided arguments? - algorithmXQuery fn: replace not as expected - excelIs it possible to have other UIControls in a UITableView? - objective-cCannot connect to HTTPS using X509 client certificate - c #Официальное поддерживающее приложение Android для twitter - androidCompiling a one-click application requiring an administrator? - vb.netWhy is this not working? - c ++java looping - declaring a class outside / inside a loop - javaLazy Download wpf Combined Items - c #Java code efficiency with primitive types - javaAll Articles