栈
Tutorial: 汇编基础
Category: C语言
Published: 2026-04-07 13:58:26
Views: 20
Likes: 0
Comments: 0
- 栈机制 用一段内存空间当作栈 SS:SP
SS 段寄存器
SP 偏移地址寄存器, SP 始终指向栈顶
push = 入栈 => SP = SP - 2 先修改栈顶地址
pop = 出栈 => SP = SP + 2 先修改栈顶地址
- 栈段
用一组长度为N(N<=64KB) 连续、起始地址为16的倍数的内存单元,
当作栈空间, 我们认为这段空间为 栈段
- 自己定义栈段练习
Z:\>DEBUG
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-r ss
SS 0DAB :2000
-r sp # 指定了sp, 就指定了栈大小, SP始终指向栈顶
SP FFFE :10
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-e 2000:0
2000:0000 12.0 34.0 99.0 88.0 FF.0 EE.0 B2.0 10.0
2000:0008 EF.0 FE.0 0F.0 0E.0 00.0 00.0 00.0 00.0
2000:0010 00.
-d 2000:0 F
2000:0000 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-a 0DAB:0100
0DAB:0100 mov ax,2233
0DAB:0103 push ax
0DAB:0104
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 B83322 mov AX,2233
-t
AX=2233 BX=0000 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0103 NV UP EI NG NZ NA PO NC
0DAB:0103 50 push AX
-t
AX=2233 BX=0000 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0104 NV UP EI NG NZ NA PO NC
0DAB:0104 DBB80000 FSTP TBYTE PTR [BX+SI+0000]
-d 2000:0 F
2000:0000 00 00 00 00 03 01 00 00-04 01 AB 0D 82 73 33 22 .............s3
-d 2000:000E F
2000:0000 - 33 22 3
# 继续 push
-a
0DAB:0104 mov bx,3344
0DAB:0107 push bx
0DAB:0108
-r
AX=2233 BX=0000 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0104 NV UP EI NG NZ NA PO NC
0DAB:0104 BB4433 mov BX,3344
-t
AX=2233 BX=3344 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0107 NV UP EI NG NZ NA PO NC
0DAB:0107 53 push BX
-t
AX=2233 BX=3344 CX=0000 DX=0000 SP=000C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 03060000 add AX,[0000] DS:0000=20CD
-d 2000:0 F
2000:0000 00 00 07 01 00 00 08 01-AB 0D 82 73 44 33 33 22 ...........sD33
-d 2000:000C F
2000:0000 - 44 33 33 22 D33
# pop
-a
0DAB:0108 pop cx
0DAB:0109
-r
AX=2233 BX=3344 CX=0000 DX=0000 SP=000C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 59 pop CX
-t
AX=2233 BX=3344 CX=3344 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0109 NV UP EI NG NZ NA PO NC
0DAB:0109 06 push ES
-d 2000:000E F
2000:0000 - 33 22 3
-d 2000:0 F
2000:0000 08 01 00 00 AB 0D 00 00-09 01 AB 0D 82 73 33 22 .............s3
- 栈越界
定义栈段 20010H = 20020H
-d 2000:0 2F
2000:0000 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
2000:0010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-r ss
SS 0DAB :2000
-r sp
SP 0020 :20
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=0020 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0018 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0107 NV UP EI NG NZ NA PO NC
0DAB:0107 50 push AX
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0016 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 50 push AX
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0014 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0109 NV UP EI NG NZ NA PO NC
0DAB:0109 50 push AX
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0012 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=010A NV UP EI NG NZ NA PO NC
0DAB:010A 50 push AX
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=010B NV UP EI NG NZ NA PO NC
0DAB:010B 50 push AX
-t # 这个-t, 已经越界, 2000:0000段中了
AX=4455 BX=0000 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=010C NV UP EI NG NZ NA PO NC
0DAB:010C 03060200 add AX,[0002] DS:0002=9FFF
-d 2000:0 2F
2000:0000 00 00 00 00 0B 01 00 00-0C 01 AB 0D 82 73 55 44 .............sUD
2000:0010 55 44 55 44 55 44 55 44-55 44 55 44 55 44 55 44 UDUDUDUDUDUDUDUD
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
# pop越界
-d 2000:0 2F
2000:0000 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
2000:0010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-r
AX=0DAB BX=0000 CX=0000 DX=0000 SP=0020 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0116 NV UP EI NG NZ NA PO NC
0DAB:0116 58 pop AX
-a
0DAB:0111 mov ax,4455
0DAB:0114 push ax
0DAB:0115 push ax
...
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=001C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0116 NV UP EI NG NZ NA PO NC
0DAB:0116 58 pop AX
-d 2000:0 2F
2000:0000 2F 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 /...............
2000:0010 00 00 15 01 00 00 16 01-AB 0D 82 73 55 44 55 44 ...........sUDUD
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-a
0DAB:0116 pop ax
0DAB:0117 pop ax
0DAB:0118 pop ax
0DAB:0119
-r
AX=4455 BX=0000 CX=0000 DX=0000 SP=001C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0116 NV UP EI NG NZ NA PO NC
0DAB:0116 58 pop AX
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=001E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0117 NV UP EI NG NZ NA PO NC
0DAB:0117 58 pop AX
-d 2000:0 2F
2000:0000 2F 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 /...............
2000:0010 16 01 00 00 AB 0D 00 00-17 01 AB 0D 82 73 55 44 .............sUD
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-t
AX=4455 BX=0000 CX=0000 DX=0000 SP=0020 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0118 NV UP EI NG NZ NA PO NC
0DAB:0118 58 pop AX
-d 2000:0 2F
2000:0000 2F 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 /...............
2000:0010 16 01 17 01 00 00 AB 0D-00 00 18 01 AB 0D 82 73 ...............s
2000:0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0022 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0119 NV UP EI NG NZ NA PO NC
0DAB:0119 0000 add [BX+SI],AL DS:0000=CD
-d 2000:0 2F
2000:0000 2F 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 /...............
2000:0010 16 01 17 01 18 01 00 00-AB 0D 00 00 19 01 AB 0D ................
2000:0020 82 73 00 00 00 00 00 00-00 00 00 00 00 00 00 00 .s..............
- 利用栈交换 AX 和 BX 的数据, 可以用栈临时性保存数据
-r
AX=1122 BX=2233 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0106 NV UP EI NG NZ NA PO NC
0DAB:0106 50 push AX
-a
0DAB:0106 push ax
0DAB:0107 push bx
0DAB:0108
-r
AX=1122 BX=2233 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0106 NV UP EI NG NZ NA PO NC
0DAB:0106 50 push AX
-t
AX=1122 BX=2233 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0107 NV UP EI NG NZ NA PO NC
0DAB:0107 53 push BX
-t
AX=1122 BX=2233 CX=0000 DX=0000 SP=000C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 50 push AX
-d 2000:0 F
2000:0000 2F 00 07 01 00 00 08 01-AB 0D 82 73 33 22 22 11 /..........s3"".
-a
0DAB:0108 pop ax
0DAB:0109 pop bx
0DAB:010A
-r
AX=1122 BX=2233 CX=0000 DX=0000 SP=000C BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 58 pop AX
-t
AX=2233 BX=2233 CX=0000 DX=0000 SP=000E BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=0109 NV UP EI NG NZ NA PO NC
0DAB:0109 5B pop BX
-t
AX=2233 BX=1122 CX=0000 DX=0000 SP=0010 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=2000 CS=0DAB IP=010A NV UP EI NG NZ NA PO NC
0DAB:010A 50 push AX
-d 2000:0 F
2000:0000 08 01 09 01 00 00 AB 0D-00 00 0A 01 AB 0D 82 73 ...............s
- 栈的极限
SP 的大小: 0H ~ FFFFH = 1 + 65535 = 65536 Byte = 64KB = 32768 word
每次push/pop都是一个word型数据, pop/push 32768次越界
sp = 0H, sp - 1H = FFFEH
-r ss
SS 2000 :0
-r sp
SP 0010 :0
-r
AX=2233 BX=1122 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0000 CS=0DAB IP=010A NV UP EI NG NZ NA PO NC
0DAB:010A 50 push AX
-d ss:sp F
2000:0000 08 01 09 01 00 00 AB 0D-00 00 0A 01 AB 0D 82 73 ...............
-r
AX=0108 BX=1122 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0000 CS=0DAB IP=010B NV UP EI NG NZ NA PO NC
0DAB:010B B85544 mov AX,4455
-a
0DAB:010B push ax
0DAB:010C
-r
AX=0108 BX=1122 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0000 CS=0DAB IP=010B NV UP EI NG NZ NA PO NC
0DAB:010B 50 push AX
-t
AX=0108 BX=1122 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0000 CS=0DAB IP=010C NV UP EI NG NZ NA PO NC
0DAB:010C 55 push BP
# push 32768 次才会越界