4

I am new to assembly and then I came across this article

it says that this code 

void MyFunction()
{
  int a, b, c;
  a = 10;
  b = 5;
  c = 2;

is equivalent to this

push ebp     ; save the value of ebp
mov ebp, esp ; ebp now points to the top of the stack
sub esp, 12  ; space allocated on the stack for the local variables
mov [ebp -  4], 10  ; location of variable a
mov [ebp -  8], 5   ; location of b
mov [ebp - 12], 2   ; location of c

According to this video, to access the value of the stack above the base pointer, we should add. If it is below the pointer, we should subtract. Given that example above, they subtracted something from the base pointer to move the location of variables needed, which is contrary to what is stated in the video.

What did I miss? I know that sub esp, 12 is allocating a space for the local variables, so what I have in mind is that EBP is below that allocation, so I am thinking that it should be [ebp + something] not minus.

So when he did this sub esp, 12, this is how the Stack looks like.

            ESP is here
|     2    | Ebp + 12
|     5    | Ebp + 8
|     4    | Ebp + 4
|          | Old EBP value

Was the article wrong, or I misinterpet it?

srh snl
  • 797
  • 1
  • 19
  • 42

2 Answers2

6

The reason to use ebp is that esp will change, e.g. passing arguments to a subroutine. So your ebp will make you able to access the same variable using the same offset, no matter where esp is pointing in that moment.

When you push values on stack, its value is decremented; incremented when you pop.

The code subtracts 12 (4*3) to make room for 3 32 bit (4 byte) integers. Ebp points on the "bottom", where esp was before. So you access variable using negative offset, e.g. ebp-4. So your picture is wrong: ebp+Whatever points to something that your code should not play with.

     BEFORE

     lower address
     |
     |<--------------  esp (=ebp after mov ebp, esp)
     |
     | 
     higher address


     AFTER mov ebp, esp; sub esp, 12

     lower address
     |<--------------  esp
     |
     |
     |<--------------  ebp
     |
     | 
     higher address


     AFTER mov [ebp-4], 10 ecc.

     lower address
     | 2  <--------------  esp
     | 5
     | 10
     |<--------------  ebp
     |
     | 
     higher address

At this moment [esp] would retrieve [ebp-12] i.e. 2.

ShinTakezou
  • 9,432
  • 1
  • 29
  • 39
  • So it's safe to say that what was mentioned in the video is wrong? I'm already getting a grasp of the concept of Stack but when I watched the video, I was confused. According to the video, to access the value or anything above the Base pointer, you should add something to EBP. to access anything from below the base pointer, we should subtract from EBP. ?? – srh snl May 22 '13 at 09:05
  • I can't see the video now; supposing that "above" means "decrementing address", the answer is obvious: to access something that comes "before" (it's "above") where a pointer points, you have to decrement the pointer. Viceversa you must increment it. (It's not clear the sense of "from" in your **to access anything from below...**) – ShinTakezou May 22 '13 at 09:13
  • It's fine. Besides, all of the article that I have read except that video says that I need to do this [EBP - whatever] to get the value above the EBP. Thank you. It's clear now. :D – srh snl May 22 '13 at 09:27
2

The stack-pointer (base-pointer)-address is "growing" down, towards lower address in the address space.
Your stack starts at for example 0x70000000 and when you push something on it, esp (ebp) will be lowered by a dword -> 0x6ffffffc (if I am correct).

See here, here, and here.

Community
  • 1
  • 1
bash.d
  • 13,029
  • 3
  • 29
  • 42