6

I am trying to disassemble a simple program which contains a simple function. This program is compiled with gcc for a 32 bits x86 target. The function is called via call instruction. At the end of the function, i see a ret instruction, which is normal, but there is also a leave instruction. There is no enter instruction anywhere is the program. I am wondering what does this leave function....

Bob5421
  • 7,757
  • 14
  • 81
  • 175

3 Answers3

5

Leave: Leaving a stack area. Leave this is the reverse to enter. Thus the resevierte by Enter stack area is released.

Ret: Return from procedure. Ret terminates execution a procedure and transfers the flow of control to the calling program. Ret has an optional word operands. This indicates the number of bytes that you want to be deleted on the stack after the return address has been taken out of the stack.

Wiffzack
  • 315
  • 3
  • 10
  • 3
    Thanks, but there is no enter instruction in my function. But I see a the top of the function "push ebp" and "mov %esp,%ebp". Those 2 lines might be the equivalent of enter ? – Bob5421 Jun 25 '16 at 16:22
4

Similar but not equal. Read first Enter vs Push

Enter: , Reserve for a stack area. With "Enter" you reserve a specific memory area of the stack, which is needed for parameter passing. The word operand specifies the number of bytes to allocate on the stack. The Byteoperand represents the current procedure nesting. If the Byteoperand 0, EBP is placed on the stack. Subsequently, the value of ESP is copied to EBP, and ESP is decremented by the word operand.

Community
  • 1
  • 1
Wiffzack
  • 315
  • 3
  • 10
2

enter is a slow synonym for

push ebp
mov  ebp, esp
sub  esp, imm

leave is a reasonably fast synonym for

mov  esp, ebp
pop  ebp

You don't have to have an enter to use leave. It is just a shorthand for the stack-cleanup register dance.

Ofek Shilon
  • 14,734
  • 5
  • 67
  • 101