我有一些汇编代码,通过首先分配144个字节来初始化堆栈中的值,然后通过一次移动8个字节并存储伪值来手动设置堆栈中的值。
但是,在代码的开头,它使用
将存储在%rdi中的值移动到%rax。movq %rdi, %rax
然后最后用$ p将$ 0移至(%rax)
movq $0, (%rax)
我知道命令
movq $0, 12(%rax)
将值0移动到距%rax偏移量为12个字节的空间中,所以movq $ 0,(%rax)不是仅将0移动到距(%rax)偏移为0%的空间中,这仅仅是%rax吗?因此,“ movq $ 0,(%rax)”只是覆盖了命令“ movq%rdi,%rax”中执行的操作?
很显然,我对“ movq”的工作方式有误,因为如果我删除了(%rax)周围的寄生虫,那么它将无法正常工作。
这是完整的代码。从头到尾几乎都是同一件事。
movq %rdi, %rax # We want to return the stack, so we move the stack
# from %rdi to the return register
# Allocate 144 bytes of space on the stack from %rax since there are
# 18*8 = 144 bytes to store
# Stacks grow downard, so start from return address and move up
subq $144, %rax
# sthread_finish will be called when a thread's function returns,
# so we want to return this as soon as the rest of the stack has
# been popped
leaq __sthread_finish(%rip), %rbx # Return address of passed function
movq %rbx, 136(%rax)
movq %rsi, 128(%rax) # Return address of f
# Set all registers and flags to dummy value zero
# General registers
movq $0, 120(%rax) # %rax = 0
movq $0, 112(%rax) # %rbx = 0
movq $0, 104(%rax) # %rcx = 0
movq $0, 96(%rax) # %rdx = 0
movq $0, 88(%rax) # %rbp = 0
movq $0, 80(%rax) # %rsi = 0
# Except for rdi, since we want to
# pass the function argument along in %rdi
movq %rdx, 72(%rax) # %rdi = argument passed to f
# Registers 8 - 15
movq $0, 64(%rax) # %r8 = 0
movq $0, 56(%rax) # %r9 = 0
movq $0, 48(%rax) # %r10 = 0
movq $0, 40(%rax) # %r11 = 0
movq $0, 32(%rax) # %r12 = 0
movq $0, 24(%rax) # %r13 = 0
movq $0, 16(%rax) # %r14 = 0
movq $0, 8(%rax) # %r15 = 0
# Set rflags = 0
movq $0, (%rax)
ret # Return