the Stack

sample code#include <stdio.h>

void foo(int w, int x, int y) {

int z = 0;

z = x + y ;

}

int main () {

foo(12,15,18) ;

}

Stack

ESP:top of the stack

EBP:base pointerEIP: next instruction

before calling foo

• push EAX, ECX and EDX

• push arguments of foo(12, 15, 18) in to stack

• 18 -> 15 -> 12

• call function -> push return address ( EIP )

something

EBP

ESP

cont.

• push EAX, ECX and EDX

• push arguments of foo(12, 15, 18) in to stack

• 18 -> 15 -> 12

• call function -> push return address ( EIP )

something

EAX, ECX & EDX

EBP

ESP

cont.

• push EAX, ECX and EDX

• push arguments of foo(12, 15, 18) in to stack

• 18 -> 15 -> 12

• call function -> push return address ( EIP )

something

EAX, ECX & EDX

args 3 =18

args 2 =15

args 1 =12

EBP

ESP

cont.

• push EAX, ECX and EDX

• push arguments of foo(12, 15, 18) in to stack

• 18 -> 15 -> 12

• call function -> push return address ( EIP )

something

EAX, ECX & EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP

ESP

After calling foo• push ebp

• mov ebp, esp

• allocate space for local variables and buffer

• sub esp, 4 ; 4 bytes for int

• push EBX, ESI and EDI

• loading local variables

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP

ESP

cont.• push ebp

• mov ebp, esp

• allocate space for local variables and buffer

• sub esp, 4 ; 4 bytes for int

• push EBX, ESI and EDI

• loading local variables

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

EBP

ESP

cont.• push ebp

• mov ebp, esp

• allocate space for local variables and buffer

• sub esp, 4 ; 4 bytes for int

• push EBX, ESI and EDI

• loading local variables

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)EBP,ESP

cont.• push ebp

• mov ebp, esp

• allocate space for local variables and buffer

• sub esp, 4 ; 4 bytes for int

• push EBX, ESI and EDI

• loading local variables

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

XESP

EBP

cont.• push ebp

• mov ebp, esp

• allocate space for local variables and buffer

• sub esp, 4 ; 4 bytes for int

• push EBX, ESI and EDI

• loading local variables

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

X

EBX, ESI and EDIESP

EBP

loading local variables

int z = 0;

mov dword ptr [ebp-4], 0

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

local variable z = 0

EBX, ESI and EDIESP

EBP

preform function task

before returning

• pop edi esi ebx

• mov esp, ebp

• pop ebp

• ret

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

local variable z

EBX, ESI and EDI

EBP

ESP

cont.

• pop edi esi ebx

• mov esp, ebp

• pop ebp

• ret

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

local variable z

EBP

ESP

cont.

• pop edi esi ebx

• mov esp, ebp

• pop ebp

• ret

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)

EBP(main)

local variable z

EBPESP

cont.

• pop edi esi ebx

• mov esp, ebp

• pop ebp

• ret

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

return address (foo)ESP

EBP

cont.

• pop edi esi ebx

• mov esp, ebp

• pop ebp

• ret

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

EBP

ESP

after returning

• add esp, 12

• pop EAX, ECX and EDX

something

EAX, ECX and EDX

args 3 =18

args 2 =15

args 1 =12

EBP

ESP

after returning

• add esp, 12

• pop EAX, ECX and EDX

something

EAX, ECX and EDX

EBP

ESP

cont.

• add esp, 12

• pop EAX, ECX and EDXsomething

EBP

ESP