EAX是102 = x86汇编中的socketcall。
这是我的问题。堆栈如何处理此代码:
xor ebx, ebx
mov al, 102d
push ebx
mov bl, 1d
push ebx
push BYTE 2d ;right here specifically
mov ecx, esp
int 80h
mov edi eax
像这样:
+-~-~-~+ <--- ESP (Pointer - points to Arg Array)
| 0000 | === Protocol: TCP
+-~-~-~+
| 0001 | === Type: SOCKET
+-~-~-~+
| 0002 | === Connection: AF_INET
+-~-~-~+
或者像这样:
+-~-~-~+ <--- ESP (Pointer - points to Arg Array)
| 0000 | === Protocol: TCP
+-~-~-~+
| 0001 | === Type: SOCKET
+-~-~-~+
| 2 | === Connection: AF_INET
+-~-~-~+
基本上,它是4个字节还是只推一个字节?另外,如果我要推送另一个字节,是否会将其推送到新的“盒子”或同一个“盒子”中?