I recently studied assembly and decided to parse some of my own executables for study. I noticed that online resources often reference esp and ebp, the stack and the base pointer. I wrote this program:
int comp(int a, int b) {
return a == b;
}
int main() {
int a = 1;
int b = 2;
comp(a, b);
}
And in Radare 2, this understands:
0x0040050e 55 push rbp
| 0x0040050f 4889e5 mov rbp, rsp
| 0x00400512 4883ec10 sub rsp, 0x10
| 0x00400516 c745f801000. mov dword [rbp-0x8], 0x1
| 0x0040051d c745fc02000. mov dword [rbp-0x4], 0x2
| 0x00400524 8b55fc mov edx, [rbp-0x4]
| 0x00400527 8b45f8 mov eax, [rbp-0x8]
| 0x0040052a 89d6 mov esi, edx
| 0x0040052c 89c7 mov edi, eax
| 0x0040052e e8c3ffffff call sym.comp
| sym.comp(unk)
| 0x00400533 b800000000 mov eax, 0x0
| 0x00400538 c9 leave
\ 0x00400539 c3 ret
Why does he use rbp and rsp? Is this the way my compiler loves to do something? Also, why does this rbp-value create space on the stack, shouldn't it be rbp + value to allocate more space?
source
share