ESP points to the top of the stack. EBP is usually not change during the call to provide a reference point to access local variable using offset.
(1) arguments was pushed onto the stack first
(2) Next is the return address is pushed automatically because of the CALL instruction
(3) The old EBP is pushed next
(4) Lastly the local variable is allocated
pusha and pushad push a set of 16- and 32-bit registers onto the stack - EAX, EBX, ECX, EDX, EBP, ESP, ESI and EDI.
ESP always points to the top element in the stack.
No comments:
Post a Comment