这个问题在这里已有答案:

UPDATE

我已经检查了以下链接,但是,没有一个解释为什么 esp 地址减少了(4个字节?)

This is my updated question

这是我的汇编代码

(gdb) disas main
Dump of assembler code for function main:
   0x00401340 <+0>:     push   ebp
   0x00401341 <+1>:     mov    ebp,esp
   0x00401343 <+3>:     and    esp,0xfffffff0
   0x00401346 <+6>:     sub    esp,0x10
   0x00401349 <+9>:     call   0x401910 <__main>
   0x0040134e <+14>:    mov    DWORD PTR [esp+0xc],0x9
   0x00401356 <+22>:    mov    eax,0x0
   0x0040135b <+27>:    leave
   0x0040135c <+28>:    ret
End of assembler dump.
(gdb) r

让我们关注汇编代码的前3行

1. eip = 0x00401340

=> 0x00401340 <+0>:     push   ebp
   0x00401341 <+1>:     mov    ebp,esp
   0x00401343 <+3>:     and    esp,0xfffffff0

(gdb) i r eip esp ebp
eip            0x401340 0x401340 <main>
esp            0x22ff5c 0x22ff5c
ebp            0x22fff0 0x22fff0

push ebp 指令将当前EBP值保存到堆栈中 .

此时, ebp = 0x22fff0esp = 0x22ff5c

2. eip = 0x00401341

0x00401340 <+0>:     push   ebp
=> 0x00401341 <+1>:     mov    ebp,esp
   0x00401343 <+3>:     and    esp,0xfffffff0

(gdb) i r eip esp ebp
eip            0x401341 0x401341 <main+1>
esp            0x22ff58 0x22ff58
ebp            0x22fff0 0x22fff0

mov ebp,esp 指令通过将ESP复制到EBP来创建新的EBP值 .

此时, ebp 仍然是 0x22fff0 ,而 esp0x22ff5c 减少了4个字节到 0x22ff58 .

The question is why 4 bytes ,而不是1,2,3,100或其他数字?

如果要重现和调试此汇编代码,这是程序集的原始C代码 .

C:\>gdb var.exe -q
Reading symbols from C:\var.exe...done.
(gdb) list
1       #include<stdio.h>
2
3       int main()
4       {
5           int a = 9;
6           return 0;
7       }
(gdb)
c assembly x86