x86 where stack pointer points?

Question

For example if I pushed ax is [SP] points to my value of ax or the word after ax? Also is it differs from real mode to protected mode? I ask this because the Art of assembly book illustrates and explains as the sp points to last pushed data, and on this page OSDev Wiki - Stack it illustrated as it points to empty word after last pushed data.

Answer 1

Wikipedia says here:

The stack is implemented with an implicitly decrementing (push) and incrementing (pop) stack pointer. In 16-bit mode, this implicit stack pointer is addressed as SS:[SP], in 32-bit mode it is SS:[ESP], and in 64-bit mode it is [RSP]. The stack pointer actually points to the last value that was stored, under the assumption that its size will match the operating mode of the processor (i.e., 16, 32, or 64 bits) to match the default width of the push/pop/call/ret instructions.

This is the way my way-back memory says it works, too.

Answer 2

push eax

Is equivalent to:

sub esp, 4
mov [esp], eax

So after a push, esp will hold the address of the pushed value.

Answer 3

As per Lee Meador's and Cory Nelson's answers, the stack pointer points on the last value that was pushed.

From the Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 2 (2A, 2B & 2C): Instruction Set Reference, A-Z, the first line from the description of the PUSH instruction reads as follow:

Decrements the stack pointer and then stores the source operand on the top of the stack.