Menu
I disassembled an .exe file and got this as its first line.
push ebp
ebp?pop command? even though I don't see it in the disassembly!
242
push ebp preserves ESP, the previous stack frame pointer, this is so it can be returned to at the end of the function. A stack frame is used to store local variables and each function will have its own stack frame in memory. mov ebp, esp moves the current stack position into EBP which is the base of the stack.
Normally EBP is used to backup ESP, so if ESP is changed by the code in a function, all it takes to restore ESP is mov ESP, EBP. Also since EBP is normally left unchanged by the code in a function, it can be used to access passed parameters or local variables without having to adjust the offsets.
push rbp instruction pushes the value of the register rbp onto the stack. Because it “pushes” onto the stack, now the value of rsp is the memory address of the new top of the stack.
A frame pointer (the ebp register on intel x86 architectures, rbp on 64-bit architectures) contains the base address of the function's frame. The code to access local variables within a function is generated in terms of offsets to the frame pointer.
push ebp just means pushing whatever is in register ebp onto the stack. ebp stores the stack pointer by convention.
This is generally used to establish a stack frame, followed by
mov ebp, esp
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
