flat assembler
Message board for the users of flat assembler.

Index > Main > Purpose of ebp/rbp

Author
Thread Post new topic Reply to topic
Fred



Joined: 22 Oct 2010
Posts: 39
Fred 06 Oct 2011, 18:12
I still don't get this entirely. :(
I have seen the classic
Code:
push ebp
mov ebp, esp
sub esp, 4 (or some other number)    

, but I'm not sure what the point is. I haven't made any big or advanced asm programs myself, so all I've been doing with ebp is using it as a general purpose register... can someone explain what ebp/rbp usually is used for?
Post 06 Oct 2011, 18:12
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 06 Oct 2011, 18:53
It used for local variables.
'4' in this case is a size of a local variable(s) - which can be accessed with [ebp+ofs] - in our case 'ofs' = 0.

To access locals ESP also can be used, but then any PUSH/POP will be affecting the 'ofs'. In that case EBP is not used and procedure looks like this:
Code:
PROC1:
sub esp, 20h  ; <-- allocate room for locals
...
mov [esp+8h], ecx  ; <-- store ECX into local variable
...
;
; Return from procedure
;
add esp, 20h
ret
    
Post 06 Oct 2011, 18:53
View user's profile Send private message Send e-mail Reply with quote
idle



Joined: 06 Jan 2011
Posts: 440
Location: Ukraine
idle 06 Oct 2011, 19:37
Code:
proc One p1,p2,p3
  [stack] =                                  return point | p1 | p2 | p3

        push    ebp
  [stack] =                            ebp | return point | p1 | p2 | p3

        mov     ebp,esp
  ebp = stack

        stdcall Two,p1,p2,p3
  [stack] = ebp+08 | ebp+12 | ebp+16 | ebp | return point | p1 | p2 | p3
          = p1     | p2     | p3     | ebp | return point | p1 | p2 | p3
    

equals
Code:
One:
  [stack] =                                  return point | p1 | p2 | p3
        push    dword[esp+3*4]
  [stack] =                             p3 | return point | p1 | p2 | p3
        push    dword[esp+3*4]
  [stack] =                        p2 | p3 | return point | p1 | p2 | p3
        push    dword[esp+3*4]
  [stack] =                   p1 | p2 | p3 | return point | p1 | p2 | p3
    

rather the style a one writes in
you will understand with time
Post 06 Oct 2011, 19:37
View user's profile Send private message Reply with quote
idle



Joined: 06 Jan 2011
Posts: 440
Location: Ukraine
idle 06 Oct 2011, 19:41
AsmGuru62 wrote:

It used for local variables.
'4' in this case is a size of a local variable(s) - which can be accessed with [ebp+ofs]....
[/code]

[ebp-4]
Post 06 Oct 2011, 19:41
View user's profile Send private message Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho 06 Oct 2011, 20:00
btw, if you asking yourself why is there sub at the start of the procedure,well
the stack stores various data from high memory , and esp register serves as indirect memory operand of the top stack,

so when you add data the stack grows down from high to low memory,
and when you remove data from the stack it shrinks from low to high,

and thats why we have add instruction at the procedure end,
program need to restore ( balance ) stack pointer for the same data we take it at the start...

and ( as your example shows ) the ebp register ( base pointer ) is usually used as pointer to the stack memory area...
Post 06 Oct 2011, 20:00
View user's profile Send private message Reply with quote
Goplat



Joined: 15 Sep 2006
Posts: 181
Goplat 06 Oct 2011, 21:22
Fred wrote:
I still don't get this entirely. Sad
I have seen the classic
Code:
push ebp
mov ebp, esp
sub esp, 4 (or some other number)    

, but I'm not sure what the point is. I haven't made any big or advanced asm programs myself, so all I've been doing with ebp is using it as a general purpose register... can someone explain what ebp/rbp usually is used for?

If every procedure starts with "push ebp/mov ebp,esp" and ends with "pop ebp", then a debugger can follow the chain of pushed EBPs to give you a stack trace.

Apart from debugging, addressing local variables relative to EBP takes one fewer byte in the instruction encoding than relative to ESP, so if you have more than four such references it'll make the code smaller (unless you could do better by using EBP for other purposes).

In 16-bit code you couldn't do memory access relative to SP at all, so using BP was a necessity.
Post 06 Oct 2011, 21:22
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 06 Oct 2011, 21:35
Smile Smile
In my code the lines reversed, like so:
Code:
PUSH EBP
SUB  ESP, <local size>
MOV  EBP,ESP
    

That is why I used +4 and not -4.
It was done because I generate locals as structures:
Code:
virtual at 0
loc32:
.VAR1  INT32   ?
.VAR2  INT32   ?
.VAR3  INT32   ?
end virtual

...

MOV EAX, [EBP + loc32.VAR2]
    
Post 06 Oct 2011, 21:35
View user's profile Send private message Send e-mail Reply with quote
Fred



Joined: 22 Oct 2010
Posts: 39
Fred 07 Oct 2011, 13:36
AsmGuru62 wrote:
It used for local variables.
'4' in this case is a size of a local variable(s) - which can be accessed with [ebp+ofs] - in our case 'ofs' = 0.

To access locals ESP also can be used, but then any PUSH/POP will be affecting the 'ofs'.

Hmm, yeah, changes to esp would require a different offset. I haven't ran into this myself, but I guess changes to esp might happen.

Goplat wrote:
If every procedure starts with "push ebp/mov ebp,esp" and ends with "pop ebp", then a debugger can follow the chain of pushed EBPs to give you a stack trace.

Ah, ok.

Quote:
Apart from debugging, addressing local variables relative to EBP takes one fewer byte in the instruction encoding than relative to ESP, so if you have more than four such references it'll make the code smaller (unless you could do better by using EBP for other purposes).

In 16-bit code you couldn't do memory access relative to SP at all, so using BP was a necessity.

Aha, interesting. =)

So... ebp is (mostly) used as an offset to local vars in function calls since esp might change? And making stack traces possible.
Post 07 Oct 2011, 13:36
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 07 Oct 2011, 17:37
I've also seen codes where [esp-x] was just filled with a number like so

Code:
push ebp
mov ebp,esp
mov dword[esp-4],100h
...
    
Post 07 Oct 2011, 17:37
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.