I am just starting assembly, and I found these instructions and similar ones all over pieces of code:
sub esp , something
mov esp, dword ptr [esp + something]
Why would one do this? I heard it's about initialisation of the stack frame. Could you explain that or point out keywords for me to look for?
Looks Intel x86 at first sight. 'Something' usually be the total length of all local (stack allocated) variables if this appears in the beginning of an assembly subroutine. Since the stack grows downwards ie towards lower addresses, this reserves space for them. Are you sure the second line is exactly what you wrote? esp is already pointing to free area so before your routine calls itself recursively or calls another function the parameters can be pushed on the stack below your locals. I don't see the point of loading something to esp right after it was adjusted to accommodate the local vars unless it is used to allow the (next) callee to access the caller's stack frame, like in Pascal when you have nested functions.
Every C (except some inline functions, and not only C functions) function has it's beginning and ending. The beginning usually looks like this:
push ebp
mov ebp, esp
sub esp, x
The first line pushes old stack frames. As there are many functions called during program´s run, functions can save their stack frame on stack when calling another function. Stack frame (usually stored in EBP register) is something that is base of every local variable addressing. Let's say you have this code:
int main() {
__volatile int localVariable = 0x10;
printf("%d");
}
Variable localVariable can be stored somewhere statically (for example on address 0x410000), but if there was main called again, the value on that address would be overwirtten. Therefore there is need for something like dynamic allocation. That's what stack frame is used for; saves previous stack frame and 'allocates' place for local variables relatively to actual position of stack pointer. In this case, localVariable should be always on position EBP-sizeof(int).
The second and third line are actually that piece of code that allocates 'new' memory. Third line substracts some value from ESP (stack grows down) -> and that's why functions don't overwrite their variables; every function has it´s own place for them. Second line saves old stack pointer, so when called function returns from it's stack frame, it stack pointer of previous function.
Standard ending of function is
mov esp, ebp
pop ebp
ret
or
leave
ret
leave in second example is alternative to first two lines in first example, as functions return to execution of previous function very often.
Addressing EBP - something usually means accessing local variables of called (current) function.
Addressing EBP + someting usually means accessing arguments passed to function.
I have to notice that address stored in EBP actually doesn't point to argument, but to return address of function, which was pushed by call instruction when calling function. Value stored on EBP + 4 can be first (old practice, used for example for functions with variable number of arguments, like printf) as same as the last variable (typical for Java, which handles variable count arguments - Object... values - by creating new array and passing only reference to it).
