News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

ESP is the stack pointer, right?

Started by OceanJeff32, January 31, 2005, 05:54:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

OceanJeff32

January 31, 2005, 05:54:37 AM
I'm just trying to get this right...

[ESP] means the current stack address, information there, that is.

[ESP+4], [ESP+8] means information pushed on the stack?

[ESP-4], [ESP-8] means information no longer on the stack, or is this the information just pushed on the stack?

I'm just trying to analyze a program that references ALL of these different memory locations, and it's not making much sense, but I can keep track of every calculation.

Any help would be welcomed.

Thanks,

Jeff (you can tell I'm just beginning I guess)
:eek :dazzled: ::) :red

P.S. I'm analyzing code from Fireworks.asm
http://www.ronybc.8k.com
Any good programmer knows, every large and/or small job, is equally large, to the programmer!

Ratch

#1
January 31, 2005, 06:50:46 AM
OceanJeff32,

Quote
[ESP] means the current stack address, information there, that is.

     No, the base stack segment address does not normally change.  The ESP register contains the current pointer/address within the stack segment.  [ESP] is used by MASM to designate the contents of stack memory pointed to by ESP.  The ESP has to increment/decrement by 4 to reference the contents of the previous/next DWORD on the stack.  This is designated by [ESP+4], [ESP-4].  You can extrapolate from there.  Ratch

Ic3D4ne

#2
January 31, 2005, 12:34:22 PM
Data pushed on the stack is not erased when pop'ed.

The stack pointer just moves down, something like this:

Push 3
push 4
push 5

Stack:
5 <- ESP
4
3

Pop eax

eax now has 5

Stack:

5
4 <- ESP
3

Get it ?



junihausen

#3
January 31, 2005, 02:25:00 PM
Quote from: OceanJeff32 on January 31, 2005, 05:54:37 AM
[ESP] means the current stack address, information there, that is.
[ESP+4], [ESP+8] means information pushed on the stack?
[ESP-4], [ESP-8] means information no longer on the stack, or is this the information just pushed on the stack?

I think you got everything right. The stack grows down in memory and esp points to the memory location of the last value pushed on the stack. Therefore all addresses above the one pointed to by esp are "on" the stack and all below esp are not on the stack.

Greets
Volker

raymond

#4
January 31, 2005, 06:31:21 PM
[ESP-4], [ESP-8], [ESP-?], refer to memory addresses but you cannot generally rely on the current content of that section of memory below the current value of ESP. The stack is in a constant flux. It is therefore rarely used by programmers.

[EBP-4], [EBP-8], etc. is what you will see very often in disassembled code and refers to local variables stored on the stack in a procedure which sets up a "stack frame".

Code Select
push ebp        ;preserve EBP
mov  ebp,esp    ;ebp now points to current stack address
sub  esp,LOCALS ;reserve space for local variables

mov  [ebp-4],500
........        ;don't change EBP throughout proc
mov  eax,[ebp-4]
........

mov  esp,ebp    ;restore previous ESP
pop  ebp        ;restore previous EBP
ret

Raymond


When you assume something, you risk being wrong half the time
http://www.ray.masmcode.com

OceanJeff32

#5
February 01, 2005, 01:08:10 AM
I was wondering if that weren't so!

After I'm finished commenting the code for this program, I'll upload a copy of the code with comments and see if I got everything correct.

Later,

and thanks a mill  :toothy :toothy :red

Jeff  :8)
Any good programmer knows, every large and/or small job, is equally large, to the programmer!
Print
Go Up Pages1
User actions