| Copyright © Microsoft Corporation. This document is an archived reproduction of a version originally published by Microsoft. It may have slight formatting modifications for consistency and to improve readability. |
1285EC4: INT 3 1285EC5: INT 3 1285EC6: INT 3 1285EC7: INT 3 1285EC8: INT 3 1285EC9: INT 3 1285ECA: INT 3 1285ECB: INT 3 1285ECC: INT 3 1285ECD: INT 3 1285ECE: INT 3 1285ECF: INT 3 1285ED0: CMP DWORD PTR [0128F4E8],01 1285ED7: JNE 01285EDE 1285ED9: CALL 012875B0 1285EDE: MOV EAX,DWORD PTR [ESP+04] 1285EE2: PUSH EAX 1285EE3: CALL 012875F0 1285EE8: ADD ESP,04 1285EEB: PUSH 000000FF 1285EF0: CALL DWORD PTR [0128F4E4] 1285EF6: ADD ESP,04 1285EF9: RET 1285EFA: INT 3 1285EFB: INT 3 1285EFC: INT 3 1285EFD: INT 3 1285EFE: INT 3 1285EFF: INT 3 1285F00: MOV EAX,DWORD PTR [ESP+04] 1285F04: MOV [0128F4F0],EAX 1285F09: RET
Figure 3 HoseStack.cpp
#include <string.h>
#include <stdio.h>
int main()
{
char szBuffer[4];
strcpy( szBuffer, "Hello World!\n" );
printf( szBuffer );
return 0;
}
Figure 4 String Instructions and Registers
| MOVSB, MOVSW, MOVSD | Writes to ESI, reads from EDI |
| SCASB, SCASW, SCASD | Reads from EDI |
| STOSB, STOSW, STOSD | Writes to EDI |
| LODSB, LODSW, LODSD | Reads from ESI |
Figure 5 RecursionOverflow.cpp
int foo( int i )
{
return foo( i );
}
int main()
{
return foo( 2 );
}