Function Call with register EBP and ESP in x86
文章目录
本文主要介绍stack中的EBP、ESP寄存器以及enter、leave、call、和ret这四个指令。
1. 基本概念
1.1 structure
push时,地址减小;pop时,地址增大。
1.2 Stack-Frame
The stack is typically divided into frames. Each stack frame can then contain local variables, parameters to be passed to another procedure, and procedure linking information.
1.3 EBP and ESP
In x86 architecure, register EBP means base pointer which always pointing to the base address of a stack frame. And register ESP means stack pointer which always pointing to the top of the stack frame. EIP as a program counter, storing the address of next instruction should be executed.
ESP has a special function, which is to act as the stack pointer, and it gets implicitly modified by certain instructions (e.g. push, pop, call).
2. example
下面是caller调用函数test(int p1,int p2)的汇编代码
假设caller前堆栈指针ESP为0xAAAAAAA ;EBP为0xAAAAAB0.
1 | push p2 ;参数2入栈,ESP-=4h,ESP=0xAAAAAA6 |
3. enter、leave、call、和ret
In AT&T x86 assembly, there’re four instructions: call, ret, enter and leave participated in function call.
call and ret equal to the following logics respectively:
1 | CALL: push %eip #store the return address on stack frame |
enter and leave equal to the following instructions respectively:
1 | ENTER: push %ebp #store the old EBP |
参考资料:
- sdm vol1 Chapter6
- 对寄存器ESP和EBP的一些理解
- Function Call with register EBP and ESP in x86