#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
void f1();
void f2();
int main();
unsigned long f1_ret;
void
f1(){
char c;
int i;
printf("0x%x,0x%x\n",(unsigned int) &c,(unsigned int)&i);
unsigned long local_arg_addr =(unsigned long) &c;
printf("f1 before called\n");
f1_ret=*(unsigned long *)(local_arg_addr+1+4);
*(unsigned long *)(local_arg_addr+1+4) =(unsigned long) f2;
printf("f1 after called\n");
}
void
f2(){
char c;
printf("f2 before called\n");
*(unsigned long *)(&c+1+4) = f1_ret;
printf("f2 after called\n");
}
int
main(){
char c;
int i;
printf("&c=0x%x,&i=0x%x\n",(unsigned int) &c,(unsigned int)&i);
printf("main before called\n");
f1();
printf("main after called\n");
exit(1);//這里使用exit,還暫時(shí)不能使用return ,因?yàn)閙ain堆棧沒有完全建立好,待完善
}
程序運(yùn)行結(jié)果:
&c=0xbff87f83,&i=0xbff87f7c
main before called
0xbff87f57,0xbff87f50
f1 before called
f1 after called
f2 before called
f2 after called
main after called
通過這個(gè)實(shí)驗(yàn)分析linux堆棧結(jié)構(gòu)
通過堆棧結(jié)構(gòu)可以看出linux C語言幾個(gè)重要的特性:
1 參數(shù)自右壓棧
2 棧是有低地址向高地址增加
f1的堆棧示意如下:
