1

I've started learning the Reverse Engineering and when I read the Stack Operations and function invocation, there are an issue that I'm confused. -What is the address of ESP after "pop ebp" and "retn" instruction??

C

int __cdecl addme(short a, short b)
{
     return a+b;
}

Assembly

01: push ebp
02: mov ebp , esp
03:...
04:movsx eax ,word ptr [ebp+8]
05:movsx ecx ,word ptr [ebp+0Ch]
06:add eax ,ecx
07:...
08:mov esp , ebp
09:pop ebp
10:retn

As I though , esp is set to ebp in step 08 so the ESP address is right after the the first address comes inside the stack.But the step 09 makes it wrong. Help me understand this.

Thành Công
  • 35
  • 5
  • 1
    The `pop` just adds `4` to `esp`. What's the problem? – arrowd Oct 10 '19 at 07:30
  • Does this answer your question? [What is the function of the push / pop instructions used on registers in x86 assembly?](https://stackoverflow.com/questions/4584089/what-is-the-function-of-the-push-pop-instructions-used-on-registers-in-x86-ass) – Peter Cordes Dec 12 '21 at 06:30

0 Answers0