'Push' instruction decrements ESP register value (stack pointer) by a number of bytes equal to the size of the argument that comes with 'push' and then writes the argument to memory address pointed by ESP (so called 'Stack'). So the last 'push'-ed value may always be referred to as [esp]. Since the processor decrements the stack pointer, values that were push-ed before can be accessed as [esp+2] or whatever number, according to the size of previously pushed arguments.
Of course you can use any other register as a stack base index instead of ESP (mov ebp,esp; mov eax,[ebp+2])
your ECX is saved AFTER the stack pointer was put to EBP so [ebp-4] will exactly address your ECX value pushed in the stack.
Your proc sums three doubleword arguments passed to the proc (pushed to the stack before the proc was called) and puts the result to eax on return.
May be called like:
; At this point eax value will be 600
So, yours really looks like a disassembled C procedure, something like:
The only case when that fuss with storing result in memory makes sense is for more complicated things that return more than one result (e.g. actual result + error code). In such cases, it is convenient to use stack pointer as a frame pointer to address the results after the proc exits. Otherwise, simply putting the result to EAX and utilizing it on exit will suffice.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum