Accessing stack frames in assembly language

Question

I am new to assembly and then I came across this article

it says that this code

void MyFunction()
{
  int a, b, c;
  a = 10;
  b = 5;
  c = 2;

is equivalent to this

push ebp     ; save the value of ebp
mov ebp, esp ; ebp now points to the top of the stack
sub esp, 12  ; space allocated on the stack for the local variables
mov [ebp -  4], 10  ; location of variable a
mov [ebp -  8], 5   ; location of b
mov [ebp - 12], 2   ; location of c

According to this video, to access the value of the stack above the base pointer, we should add. If it is below the pointer, we should subtract. Given that example above, they subtracted something from the base pointer to move the location of variables needed, which is contrary to what is stated in the video.

What did I miss? I know that sub esp, 12 is allocating a space for the local variables, so what I have in mind is that EBP is below that allocation, so I am thinking that it should be [ebp + something] not minus.

So when he did this sub esp, 12, this is how the Stack looks like.

            ESP is here
|     2    | Ebp + 12
|     5    | Ebp + 8
|     4    | Ebp + 4
|          | Old EBP value

Was the article wrong, or I misinterpet it?

Answer 1

The reason to use ebp is that esp will change, e.g. passing arguments to a subroutine. So your ebp will make you able to access the same variable using the same offset, no matter where esp is pointing in that moment.

When you push values on stack, its value is decremented; incremented when you pop.

The code subtracts 12 (4*3) to make room for 3 32 bit (4 byte) integers. Ebp points on the "bottom", where esp was before. So you access variable using negative offset, e.g. ebp-4. So your picture is wrong: ebp+Whatever points to something that your code should not play with.

     BEFORE

     lower address
     |
     |<--------------  esp (=ebp after mov ebp, esp)
     |
     | 
     higher address


     AFTER mov ebp, esp; sub esp, 12

     lower address
     |<--------------  esp
     |
     |
     |<--------------  ebp
     |
     | 
     higher address


     AFTER mov [ebp-4], 10 ecc.

     lower address
     | 2  <--------------  esp
     | 5
     | 10
     |<--------------  ebp
     |
     | 
     higher address

At this moment [esp] would retrieve [ebp-12] i.e. 2.

Answer 2

The stack-pointer (base-pointer)-address is "growing" down, towards lower address in the address space.
Your stack starts at for example 0x70000000 and when you push something on it, esp (ebp) will be lowered by a dword -> 0x6ffffffc (if I am correct).

See here, here, and here.