1

I don't understand how

pop eax
jmp eax

allow me to quit the function.

Here is the full code :

global _start

_start:
    call func
    mov eax, 1
    int 0x80

func:
    mov ebx, 42
    pop eax
    jmp eax

The global idea of this code is to have the exit code set to 42.

I guess there is something with the stack I don't understand

hacb
  • 175
  • 2
  • 10
  • 2
    `pop eax; jmp eax` does the same thing as `ret` except it also trashes `eax`. – fuz Aug 10 '20 at 16:42
  • is there some benefit about using `pop eax; jmp eax` instead of `ret` ? – hacb Aug 10 '20 at 16:45
  • 4
    No. There are a lot of drawbacks though, the worst one being that not returning with `ret` trashes the return predictor. – fuz Aug 10 '20 at 16:46
  • 1
    I got how it works ! Using `call` push the `eip` onto the stack. So when I pop `eax`, it will contain the instruction pointer, so I'm able to jump back to where I was before entering the function thanks to `jmp eax` – hacb Aug 10 '20 at 17:11
  • 1
    That's correct! And `ret` does pretty much that. It's effectively `pop eip`. – fuz Aug 10 '20 at 17:19

0 Answers0