|Stack architecture demystified|
|Monday, 28 February 2011|
Page 2 of 2
Popping data with the stack pointer
Similarly, the pop instruction takes a value off the top of stack and places it in its operand, increasing the stack pointer afterwards. In other words, this:
is equivalent to this:
mov eax, [esp]
So, again, taking the previous diagram (after the push) as a starting point, pop eax will do the following:
and the value 0xDEADBEEF will be written into eax. Note that 0xDEADBEEF also stays at address 0x9080ABC8, since we did nothing to overwrite it yet.
Stack frames and calling conventions
When looking at assembly code generated from C, you will find a lot of interesting patterns. Perhaps the most recognizable pattern is the way parameters are passed into functions using the stack, and the way local variables are allocated on the stack. Note that this only applies to some calling conventions and architectures, of course. In others, some parameters are passed in registers.
I’ll demonstrate this with a simple C program:
int foobar(int a, int b, int c)
Both the arguments passed into foobar and the local variables of that function, along with some other data, are going to be stored on the stack when foobar is called. This set of data on the stack is called a frame for this function. Right before the return statement, the stack frame for foobar looks like this:
The green data were pushed onto the stack by the calling function, and the blue ones by foobar itself.
Compiled with gcc into assembly as follows:
gcc -masm=intel -S z.c -o z.s
The following assembly listing is generated for foobar.
Since esp keeps moving as the function executes, ebp (base pointer, also known as frame pointer in other architectures) is used as a convenient anchor relatively to which all function arguments and locals can be found. Arguments are above ebp in the stack (hence the positive offset when accessing them), while locals are below ebp in the stack.
This article was originally published as Where the top of the stack is on x86on Eli Bendersky's website and has been used here with kind permission of the author.
|Last Updated ( Monday, 28 February 2011 )|