x86 Call Return
1
1. Save "caller-save" registers (%eax, %ecx, %edx) onto stack (opt) 2. Push arguments onto stack, in reverse order (argN,…, arg1) 3. Call function (which pushes return address onto stack) 4. Establish new base pointer (saving old one) 5. Save "callee-save" registers (%ebx, %esi, %edi) onto stack 6. Allocation: Make room for local variables on stack 7. Execute body of routine (use base pointer to access arguments) 8. Deallocation: Free local stack space 9. Restore "callee-save" registers 10. Restore old base pointer 11. Return from function (popping return address off of stack) 12. Restore "caller-save" registers push %ecx push 0x10 // argument 2 push 0x20 // argument 1 call 0x80400000 push %ebp movl %esp, %ebp push %ebx sub 0x08, %esp movl 0x8(%ebp), %ecx // argument 1 movl 0xc(%ebp), %edx // argument 2 add 0x08, %esp movl %ebp, %esp pop %ebp ret x86 Call/Return Protocol ebp,esp ebp ecx esp after 1 ebp ecx esp after 2 0x10 0x20 ebp ecx esp after 3 0x10 0x20 retaddr ecx ebp,esp after 4 0x10 0x20 retaddr old ebp ecx ebp after 5 0x10 0x20 retaddr old ebp esp ebx ecx ebp after 6 0x10 0x20 retaddr old ebp esp ebx local var local var ecx ebp after 7 0x10 0x20 retaddr old ebp esp ebx local var local var arg1 arg2 pop %ebx pop %ecx before 1 ecx ebp after 8 0x10 0x20 retaddr old ebp esp ebx local var local var arg1 arg2 ecx after 9 0x10 0x20 retaddr old ebp ebx local var local var arg1 arg2 ebp,esp ecx after 10 0x10 0x20 retaddr old ebp ebx local var local var arg1 arg2 esp ebp ecx after 12 0x10 0x20 retaddr old ebp ebx local var local var ebp,esp (note that stuff is still on stack; it's just not live)
-
Upload
anonymous-ihf491d -
Category
Documents
-
view
219 -
download
3
description
description of x86 call returns in the stack.
Transcript of x86 Call Return
1. Save "caller-save" registers (%eax, %ecx, %edx) onto stack (opt)
2. Push arguments onto stack, in reverse order (argN,…, arg1)
3. Call function (which pushes return address onto stack)
4. Establish new base pointer (saving old one)
5. Save "callee-save" registers (%ebx, %esi, %edi) onto stack
6. Allocation: Make room for local variables on stack
7. Execute body of routine (use base pointer to access arguments)
8. Deallocation: Free local stack space
9. Restore "callee-save" registers
10. Restore old base pointer
11. Return from function (popping return address off of stack)
12. Restore "caller-save" registers
push %ecx
push 0x10 // argument 2push 0x20 // argument 1
call 0x80400000
push %ebpmovl %esp, %ebp
push %ebx
sub 0x08, %esp
movl 0x8(%ebp), %ecx // argument 1movl 0xc(%ebp), %edx // argument 2
add 0x08, %esp
movl %ebp, %esppop %ebp
ret
x86 Call/Return Protocol
ebp,esp
ebp ecxesp
after 1
ebp ecx
esp
after 2
0x100x20
ebp ecx
esp
after 3
0x100x20
retaddr
ecx
ebp,esp
after 4
0x100x20
retaddrold ebp
ecx
ebp
after 5
0x100x20
retaddrold ebp
esp ebx
ecx
ebp
after 6
0x100x20
retaddrold ebp
esp
ebxlocal varlocal var
ecx
ebp
after 7
0x100x20
retaddrold ebp
esp
ebxlocal varlocal var
arg1arg2
pop %ebx
pop %ecx
before 1
ecx
ebp
after 8
0x100x20
retaddrold ebp
esp ebxlocal varlocal var
arg1arg2
ecx
after 9
0x100x20
retaddrold ebp
ebxlocal varlocal var
arg1arg2
ebp,esp
ecx
after 10
0x100x20
retaddrold ebp
ebxlocal varlocal var
arg1arg2
esp
ebp
ecx
after 12
0x100x20
retaddrold ebp
ebxlocal varlocal var
ebp,esp
(note that stuffis still on stack;it's just not live)
