#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>

void f1();
void f2();
int main();

unsigned long f1_ret;
void
f1(){
        char c;
        int i;

        printf("0x%x,0x%x\n",(unsigned int) &c,(unsigned int)&i);
        unsigned long local_arg_addr =(unsigned long) &c;
        printf("f1 before called\n");
        f1_ret=*(unsigned long *)(local_arg_addr+1+4);
        *(unsigned long *)(local_arg_addr+1+4) =(unsigned long) f2;
        printf("f1 after called\n");
}

void
f2(){
        char c;
        printf("f2 before called\n");

        *(unsigned long *)(&c+1+4) = f1_ret;
        printf("f2 after called\n");
}

int
main(){
        char c;
        int i;

        printf("&c=0x%x,&i=0x%x\n",(unsigned int) &c,(unsigned int)&i);
        printf("main before called\n");
        f1();

        printf("main after called\n");

        exit(1);//這里使用exit,還暫時不能使用return ，因為main堆棧沒有完全建立好，待完善

}

程序運行結果:
&c=0xbff87f83,&i=0xbff87f7c
main before called
0xbff87f57,0xbff87f50
f1 before called
f1 after called
f2 before called
f2 after called
main after called

通過這個實驗分析linux堆棧結構

通過堆棧結構可以看出linux C語言幾個重要的特性：
1 參數自右壓棧
2 棧是有低地址向高地址增加

f1的堆棧示意如下：