Windows下return,exit和ExitProcess的区别和分析



测试环境为Windows XP HOME SP2,编译器为Visual 2003


#includeclass Test
 Test (int i) {m_i=i; printf ('construct %dn', m_i);};
 ~Test () {printf ('destruct %dn', m_i);};
 int m_i;
};Test t_1 (1);
int main(int argc, char* argv[])
 Test t_2 (2);
 printf('Hello World!n');
// return 0;
// exit (0);
// ExitProcess (0);



使用return 0结束时:

construct 1
construct 2
Hello World!
destruct 2
destruct 1

使用exit (0)结束时:

construct 1
construct 2
Hello World!
destruct 1

使用ExitProcess (0)结束时:

construct 1
construct 2
Hello World!



return 0实际上执行了以下操作:

return 0;
00401035  mov         dword ptr [ebp-0D4h],0 
0040103F  lea         ecx,[t_2] 
00401042  call        Test::~Test (4010F0h) 
00401047  mov         eax,dword ptr [ebp-0D4h] 
0040104D  push        edx  
0040104E  mov         ecx,ebp 
00401050  push        eax  
00401051  lea         edx,ds:[401072h] 
00401057  call        _RTC_CheckStackVars (4011E0h) 
0040105C  pop         eax  
0040105D  pop         edx  
0040105E  pop         edi  
0040105F  pop         esi  
00401060  pop         ebx  
00401061  add         esp,0D8h 
00401067  cmp         ebp,esp 
00401069  call        _RTC_CheckEsp (4011B0h) 
0040106E  mov         esp,ebp 
00401070  pop         ebp  
00401071  ret


if ( !managedapp )

可见return 0上调用了局部对象t_2的析构函数。

void __cdecl exit (
        int code
        doexit(code, 0, 0); /* full term, kill process */
void __cdecl _cexit (
        doexit(0, 0, 1);    /* full term, return to caller */


static void __cdecl doexit (
        int code,
        int quick,
        int retcaller
#ifdef _DEBUG
        static int fExit = 0;
#endif  /* _DEBUG */#ifdef _MT
        _lockexit();        /* assure only 1 thread in exit path */
#endif  /* _MT */            if (_C_Exit_Done == TRUE)                               /* if doexit() is being called recursively */
                    TerminateProcess(GetCurrentProcess(),code);     /* terminate with extreme prejudice */
            _C_Termination_Done = TRUE;            /* save callable exit flag (for use by terminators) */
            _exitflag = (char) retcaller;  /* 0 = term, !0 = callable exit */            if (!quick) {
                 * do _onexit/atexit() terminators
                 * (if there are any)
                 * These terminators MUST be executed in reverse order (LIFO)!
                 * NOTE:
                 *  This code assumes that __onexitbegin points
                 *  to the first valid onexit() entry and that
                 *  __onexitend points past the last valid entry.
                 *  If __onexitbegin == __onexitend, the table
                 *  is empty and there are no routines to call.
                 */                if (__onexitbegin) {
                    while ( --__onexitend >= __onexitbegin )
                     * if current table entry is non-NULL,
                     * call thru it.
                    if ( *__onexitend != NULL )
                }                /*
                 * do pre-terminators
                _initterm(__xp_a, __xp_z);
            }            /*
             * do terminators
            _initterm(__xt_a, __xt_z);#ifndef CRTDLL
#ifdef _DEBUG
            /* Dump all memory leaks */
            if (!fExit && _CrtSetDbgFlag(_CRTDBG_REPORT_FLAG) & _CRTDBG_LEAK_CHECK_DF)
                fExit = 1;
#endif  /* _DEBUG */
#endif  /* CRTDLL */            /* return to OS or to caller */
#ifdef _MT
            if (retcaller)
                _unlockexit();      /* unlock the exit code path */
#endif  /* _MT */
        if (retcaller)
            return;        _C_Exit_Done = TRUE;
                if (__onexitbegin) {
00406056  cmp         dword ptr [___onexitbegin (412DA8h)],0 
0040605D  je          doexit+70h (406090h) 
                    while ( --__onexitend >= __onexitbegin )
0040605F  mov         edx,dword ptr [___onexitend (412DA4h)] 
00406065  sub         edx,4 
00406068  mov         dword ptr [___onexitend (412DA4h)],edx 
0040606E  mov         eax,dword ptr [___onexitend (412DA4h)] 
00406073  cmp         eax,dword ptr [___onexitbegin (412DA8h)] 
00406079  jb          doexit+70h (406090h) 
                     * if current table entry is non-NULL,
                     * call thru it.
                    if ( *__onexitend != NULL )
0040607B  mov         ecx,dword ptr [___onexitend (412DA4h)] 
00406081  cmp         dword ptr [ecx],0 
00406084  je          doexit+6Eh (40608Eh) 
00406086  mov         edx,dword ptr [___onexitend (412DA4h)] 
0040608C  call        dword ptr [edx] 
0040608E  jmp         doexit+3Fh (40605Fh)


0040EC10  push        ebp  
0040EC11  mov         ebp,esp 
0040EC13  sub         esp,0C0h 
0040EC19  push        ebx  
0040EC1A  push        esi  
0040EC1B  push        edi  
0040EC1C  lea         edi,[ebp-0C0h] 
0040EC22  mov         ecx,30h 
0040EC27  mov         eax,0CCCCCCCCh 
0040EC2C  rep stos    dword ptr [edi] 
0040EC2E  mov         ecx,offset t_1 (412760h) 
0040EC33  call        Test::~Test (4010F0h) 
0040EC38  pop         edi  
0040EC39  pop         esi  
0040EC3A  pop         ebx  
0040EC3B  add         esp,0C0h 
0040EC41  cmp         ebp,esp 
0040EC43  call        _RTC_CheckEsp (4011B0h) 
0040EC48  mov         esp,ebp 
0040EC4A  pop         ebp  
0040EC4B  ret


void __cdecl __crtExitProcess (
        int status
        HMODULE hmod;
        PFN_EXIT_PROCESS pfn;        hmod = GetModuleHandle('mscoree.dll');
        if (hmod != NULL) {
            pfn = (PFN_EXIT_PROCESS)GetProcAddress(hmod, 'CorExitProcess');
            if (pfn != NULL) {
        }        /*
         * Either mscoree.dll isn't loaded,
         * or CorExitProcess isn't exported from mscoree.dll,
         * or CorExitProcess returned (should never happen).
         * Just call ExitProcess.
         */        ExitProcess(status);


在Windows下,return 0 的实际执行过程是:

  • 先析构main函数内的局部对象。
  • 返回至调用main的函数。
  • 调用exit函数,由exit函数调用doexit函数,在doexit函数中完成对全局对象的析构。
  • 最后调用ExitProcess结束进程。

所以,ExitProcess不负责任何对象的析构,exit只负责析构全局对象,return 0可以析构局部对象并调用exit,因此能析构全部对象。