Basic usage stack
I'm currently learning about the stack (x86). I know it's a pile of data which operates according the LIFO principle. I know the basic operations in regards to the stack are push (to add a value on the top of the stack) and pop (to remove a value). ESP is the reference to where we are now on the stack. Now, for what I don't understand:
Example:
Push 4
Push ebx
Push eax
The instructions above will generate a stack as followed:
8 eax <-- ESP
4 ebx
0 4
With the ESP pointing towards the last added value eax.
Now when we expand these instructions with the pop operation we would get something as:
Push 4
Push ebx
Pop ebx
Push eax
The instructions above should result (if I'm correct) in following stack (for first three instructions):
4 (ebx)
0 4 <-- ESP
Ebx is removed from the stack and the ESP has moved downwards for 4 bits. Now the stack after executing all the instructions:
4 eax <-- ESP
0 4
I hope everything up to here is correct, if not comments are more than welcome ;-) Now for the instruction mov edx, [ebx,+04], starting from the first stack in this post. Is the result of this following:
16 eax
8 edx <-- ESP
4 ebx
0 4
It will start at ebx + 4 bits en write edx there moving the previous value (eax) to the top, or will it replace eax with edx?
A second questions is (more in general) how to initiate, address, and remove arrays on the stack.
My apologies for this long question, but I want to understand the (basics of the) stack. Thanks.
You examples and assumptions are nearly accurate. The problem is the stack grows down. so where you have address 0 and 4 and 8 make those instead 0xF8, 0xF4, 0xF0, etc. If you at the descriptions for the instructions in a reference manual you will see something like this:
PUSH: Decrements SP by the size of the operand (two or four, byte values are sign extended) and transfers one word from source to the stack top (SS:SP).
so if the sp (esp) is pointing at 0xFC when you start, and you
push 4 push ebx push eax
Then the stack will look like:
0xFC 4 0xF8 (ebx) 0xF4 (eax) <-- esp
So accessing [esp+4] might make more sense now as it retrieves the (ebx) value, and [esp+8] is the immediate 4 that was pushed.
So if you disassemble or compile to assembler some C programs with local variables or arrays you will see that on entry of the function they will subtract some number to the stack pointer, enough to cover all of the local variables, then [esp+something] is how they access that memory, so initializing or zeroing or whatever is a simple matter of esp based addressing into the stack.
I hope everything up to here is correct, if not comments are more than welcome ;-) Now for the instruction mov edx, [ebx,+04], starting from the first stack in this post. Is the result of this following:
16 eax
8 edx <-- ESP
4 ebx
0 4
It will start at ebx + 4 bits en write edx there moving the previous value (eax) to the top, or will it replace eax with edx?
mov edx, [ebx + 4]
will move the value at [ebx + 4]
(this is a pointer deference, and will have nothing to do with your current stack unless ebx
points to the stack (advanced: It probably will point to the stack, but referencing it will not change the stack in any way)) into edx
. This appears different than your understanding in more than one way.
First, remember that the mov
instruction's parameters are used as mov DEST, SRC
, and not the other way around.
Second, this mov
operation only moves the value at [ebx + 4]
into edx
, and as such does not alter the stack pointer ( ESP
here) in any way. The stack will remain unchanged from the first stack that are you are referencing here. For clarity, the stack will remain as:
8 eax <-- ESP
4 ebx
0 4
And none of the values on the stack will have been changed in any way.
Also, I assume you are on a 32 bit architecture. In this case, registers like eax
and the like will be 32 bits (4 bytes). Please keep in mind these are 4 BYTES and not BITS.
Your "second question" belongs in its own separate question here, with more information. Good luck!
mov edx, [ebx+04]
gets the data at address es:ebx+04 and puts it into edx. Perhaps did you mean mov [ebx+04], edx
? In this case it will overwrite everything at address es :ebx+4
. Assuming es points to the stack segment, and ebx is equal to esp then the stack will look something like:
12 edx <-- [ebx+4]
8 edx <-- esp = ebx
4 ebx
0 4
链接地址: http://www.djcxy.com/p/84352.html
上一篇: 为什么ebx保存在一个简单函数的栈帧中,调用get?
下一篇: 基本使用堆栈