flat assembler
Message board for the users of flat assembler.
Index
> Main > Difference EBP and ESP |
Author |
|
shoorick 20 Feb 2006, 12:43
esp automatically increased/decreased while pop/push operations, ebp is just pointer register with default base on ss. btw, in 16-bit mode you can not use sp as pointer register, only bp. thus, esp is used as stack pointer, and ebp is used to create stack frames for procedures (pointing to local vars in stack and to procedure parameters in stack)
|
|||
20 Feb 2006, 12:43 |
|
Reverend 20 Feb 2006, 12:52
ESP points always to the stack. It changes on every call, push and pop.
When you call some proc it usually creates the stack-frame. It means that some place on the stack is reserved for your variables, and so no pushes will change them. So it look like this. Say you want to reserve 8 bytes on stack. Code: -16 -12 -08 After initalization of procedure, both ESP and EBP point here -04 0 Original ESP pointed here +04 +08 +12 +16 |
|||
20 Feb 2006, 12:52 |
|
Hicel 25 Feb 2006, 11:27
orry for the late reply! Thanks to you both now I get it more
but what I don't get is if ebp always points to the same isn't it possible that you do pushes and come to the point where ebp is pointed and then you overwrite locals (when using ebp for them) like Code: mov[ebp+8],20 push 20 push 20 push 20 push 20 push 20 mov eax,[ebp+8] ? |
|||
25 Feb 2006, 11:27 |
|
Madis731 25 Feb 2006, 13:09
I think the best way to explain this to yourself is put some C++ code in the OllyDBG and find out how EBPs are set and how ESP reacts. The thumbrule is that when your pushes and pops are equal then nothing can go wrong when calling/returning, although exception is when you modify either EBP or ESP yourself.
And what it comes to your example code: push 20 ONLY modifies ESP and EBP still points to the same location and push will hardly ever mess anything up because every push writes to a new memory location. POP on the other hand may delete something from your stack. When you learn more about stacks you'll see that it's the opposite way but I don't want to confuse you now so think like I explained before. |
|||
25 Feb 2006, 13:09 |
|
vbVeryBeginner 25 Feb 2006, 15:31
hi hicel, check some of the examples i made below:
Code: include '%fasminc%\win32ax.inc' .code t1 db "text 1",0 t2 db "title",0 start: push [MessageBox] push t2 push t1 push @f jmp jhere mov eax,0 mov ebx,0 @@: invoke ExitProcess,0 jhere: mov ebp,esp push MB_OK push dword [ebp+8] push dword [ebp+4] push NULL call dword [ebp+12] jmp dword [ebp] .end start Code: jhere: push MB_OK ; esp - 4 push dword [esp+12] ; esp - 4 push dword [esp+12] ; esp - 4 push NULL ; esp - 4 call dword [esp+28] ; esp +16 jmp dword [esp] they are basically the same, one made use of the ebp, and another one use esp. one way to learn about this is, try could a function and pass your parameters using "esp". you would see it is more easier to use stack by using the ebx than the esp. |
|||
25 Feb 2006, 15:31 |
|
RedGhost 26 Feb 2006, 05:01
Code: mov dword[esp], 0 sub esp, 4 mov dword[esp], _text sub esp, 4 mov dword[esp], _title sub esp, 4 mov dword[esp], 0 sub esp, 4 mov dword[esp], done_call sub esp, 4 mov eax, [MessageBoxA] mov dword[esp], eax ret done_call: a call to messagebox without using push and using 'ret' instead of call the stack is fun:p _________________ redghost.ca |
|||
26 Feb 2006, 05:01 |
|
Madis731 26 Feb 2006, 17:52
There's a fine line between ingenuity and insanity, said a wise person one day
There are no lines AT ALL in assembly - add self-modifying code and there you have it complete disaster |
|||
26 Feb 2006, 17:52 |
|
vid 26 Feb 2006, 20:28
instead of
Code: mov eax, [MessageBoxA] mov dword[esp], eax ret use Code: jmp [MessageBoxA] |
|||
26 Feb 2006, 20:28 |
|
RedGhost 27 Feb 2006, 00:16
vid wrote: instead of yes, i know, but i was just showing that you can do silly things like call a function with ret _________________ redghost.ca |
|||
27 Feb 2006, 00:16 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.