Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: OceanJeff32 on January 31, 2005, 05:54:37 AM

Title: ESP is the stack pointer, right?
Post by: OceanJeff32 on January 31, 2005, 05:54:37 AM
I'm just trying to get this right...

[ESP] means the current stack address, information there, that is.

[ESP+4], [ESP+8] means information pushed on the stack?

[ESP-4], [ESP-8] means information no longer on the stack, or is this the information just pushed on the stack?

I'm just trying to analyze a program that references ALL of these different memory locations, and it's not making much sense, but I can keep track of every calculation.

Any help would be welcomed.

Thanks,

Jeff (you can tell I'm just beginning I guess)
:eek :dazzled: ::) :red

P.S. I'm analyzing code from Fireworks.asm
http://www.ronybc.8k.com
Title: Re: ESP is the stack pointer, right?
Post by: Ratch on January 31, 2005, 06:50:46 AM
OceanJeff32,

Quote
[ESP] means the current stack address, information there, that is.

     No, the base stack segment address does not normally change.  The ESP register contains the current pointer/address within the stack segment.  [ESP] is used by MASM to designate the contents of stack memory pointed to by ESP.  The ESP has to increment/decrement by 4 to reference the contents of the previous/next DWORD on the stack.  This is designated by [ESP+4], [ESP-4].  You can extrapolate from there.  Ratch
Title: Re: ESP is the stack pointer, right?
Post by: Ic3D4ne on January 31, 2005, 12:34:22 PM
Data pushed on the stack is not erased when pop'ed.

The stack pointer just moves down, something like this:

Push 3
push 4
push 5

Stack:
5 <- ESP
4
3

Pop eax

eax now has 5

Stack:

5
4 <- ESP
3

Get it ?



Title: Re: ESP is the stack pointer, right?
Post by: junihausen on January 31, 2005, 02:25:00 PM
Quote from: OceanJeff32 on January 31, 2005, 05:54:37 AM
[ESP] means the current stack address, information there, that is.
[ESP+4], [ESP+8] means information pushed on the stack?
[ESP-4], [ESP-8] means information no longer on the stack, or is this the information just pushed on the stack?

I think you got everything right. The stack grows down in memory and esp points to the memory location of the last value pushed on the stack. Therefore all addresses above the one pointed to by esp are "on" the stack and all below esp are not on the stack.

Greets
Volker
Title: Re: ESP is the stack pointer, right?
Post by: raymond on January 31, 2005, 06:31:21 PM
[ESP-4], [ESP-8], [ESP-?], refer to memory addresses but you cannot generally rely on the current content of that section of memory below the current value of ESP. The stack is in a constant flux. It is therefore rarely used by programmers.

[EBP-4], [EBP-8], etc. is what you will see very often in disassembled code and refers to local variables stored on the stack in a procedure which sets up a "stack frame".

Code Select
push ebp        ;preserve EBP
mov  ebp,esp    ;ebp now points to current stack address
sub  esp,LOCALS ;reserve space for local variables

mov  [ebp-4],500
........        ;don't change EBP throughout proc
mov  eax,[ebp-4]
........

mov  esp,ebp    ;restore previous ESP
pop  ebp        ;restore previous EBP
ret

Raymond


Title: Re: ESP is the stack pointer, right?
Post by: OceanJeff32 on February 01, 2005, 01:08:10 AM
I was wondering if that weren't so!

After I'm finished commenting the code for this program, I'll upload a copy of the code with comments and see if I got everything correct.

Later,

and thanks a mill  :toothy :toothy :red

Jeff  :8)
Text only | Text with Images