0

enter image description here

Hi, I'm trying to learn assembly, I have a question. As you can see in the IDA output, we see the assembly code of a function. Why is 16 bytes allocated in this function?

sub esp,10h -> Even if I remove this part, the code is already working?

I have read other forum posts but not detailed enough.Can you tell me what exactly is the use of allocating 16 bytes of space?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
mohix42692
  • 1
  • @500-InternalServerError Didn't help, we don't reuse esp so I don't understand why allocate 16 bytes – mohix42692 Aug 05 '21 at 20:29
  • 2
    @500-InternalServerError This makes no sense in this case: The stack pointer differs by 24 bytes from the stack pointer in the calling function. So if the stack pointer was aligned to 16 bytes before, it is only aligned to 8 bytes right now. Subtracting 8 bytes would have made more sense; and 8 bytes would have been enough. – Martin Rosenau Aug 05 '21 at 20:30
  • [Local Variables on the Stack](https://bob.cs.sonoma.edu/IntroCompOrg-RPi/sec-varstack.html) is a helpful read. It is discussing ARM, but the process is exactly the same in your case (other than the register names and 8 verses 16 bit alignment) – David C. Rankin Aug 05 '21 at 20:41
  • It will work most of the time in this case (because you don't use `call` or `push` or anything else that overwrites the space for your local variables, even if it's below the stack pointer). But it could be stepped on by a debugger: see [Is it valid to write below ESP?](https://stackoverflow.com/q/52258402) – Peter Cordes Aug 05 '21 at 20:49

0 Answers0