1.7. STACK
ret
The code is the same as in the previous listing.
By the way,movl $3, 20(%esp)corresponds tomov DWORD PTR [esp+20], 3in Intel-syntax. In the
AT&T syntax, the register+offset format of addressing memory looks likeoffset(%register).
(Windows) SEH
SEH^67 records are also stored on the stack (if they are present). Read more about it: (6.5.3 on page 764).
Buffer overflow protection
More about it here (1.20.2 on page 275).
Automatic deallocation of data in stack
Perhaps the reason for storing local variables and SEH records in the stack is that they are freed automat-
ically upon function exit, using just one instruction to correct the stack pointer (it is oftenADD). Function
arguments, as we could say, are also deallocated automatically at the end of function. In contrast, every-
thing stored in theheapmust be deallocated explicitly.
1.7.3 A typical stack layout.
Atypicalstacklayoutina32-bitenvironmentatthestartofafunction,beforethefirstinstructionexecution
looks like this:
ESP-0xC local variable#2, marked inIDAasvar_8
ESP-8 local variable#1, marked inIDAasvar_4
ESP-4 saved value ofEBP
ESP Return Address
ESP+4 argument#1, marked inIDAasarg_0
ESP+8 argument#2, marked inIDAasarg_4
ESP+0xC argument#3, marked inIDAasarg_8
1.7.4 Noise in stack.
When one says that something seems
random, what one usually means in practice
is that one cannot see any regularities in it.
Stephen Wolfram, A New Kind of Science.
Often in this book “noise” or “garbage” values in the stack or memory are mentioned. Where do they
come from? These are what has been left there after other functions’ executions. Short example:
#include <stdio.h>
void f1()
{
int a=1, b=2, c=3;
};
void f2()
{
int a, b, c;
printf ("%d, %d, %d\n", a, b, c);
(^67) Structured Exception Handling