CHAPTER 5. STACK CHAPTER 5. STACK
movl -4(%ebp), %ebx
leave
retThe code is the same as in the previous listing.
By the way,movl $3, 20(%esp)corresponds tomov DWORD PTR [esp+20], 3in Intel-syntax. In the AT&T syntax,
the register+offset format of addressing memory looks likeoffset(%register).
5.2.5 (Windows) SEH
SEH^16 records are also stored on the stack (if they are present).
Read more about it: (68.3 on page 677).
5.2.6 Buffer overflow protection.
More about it here (18.2 on page 260).
5.2.7 Automatic deallocation of data in stack
Perhaps, the reason for storing local variables and SEH records in the stack is that they are freed automatically upon function
exit, using just one instruction to correct the stack pointer (it is oftenADD). Function arguments, as we could say, are also
deallocated automatically at the end of function. In contrast, everything stored in theheapmust be deallocated explicitly.
5.3 A typical stack layout.
A typical stack layout in a 32-bit environment at the start of a function, before the first instruction execution looks like this:
ESP-0xC local variable #2, marked inIDAasvar_8
ESP-8 local variable #1, marked inIDAasvar_4
ESP-4 saved value ofEBP
ESP return address
ESP+4 argument#1, marked inIDAasarg_0
ESP+8 argument#2, marked inIDAasarg_4
ESP+0xC argument#3, marked inIDAasarg_85.4 Noise in stack.
Often in this book “noise” or “garbage” values in the stack or memory are mentioned. Where do they come from? These are
what was left in there after other functions’ executions. Short example:
#include <stdio.h>
void f1()
{
int a=1, b=2, c=3;
};
void f2()
{
int a, b, c;
printf ("%d, %d, %d\n", a, b, c);
};
int main()
{
f1();
(^16) Structured Exception Handling :68.3 on page 677