All geek questions in one place

What are the ESP and EBP registers?

I found that the ESP register is the current stack pointer, and EBP is the base pointer for the current stack frame. However, I do not understand these definitions (I am just starting to learn how to write assembly code).

I understand that ESP points to the stack itself, and EBP points to what's on top of stack 1 . But these are just my guesses, and they are most likely incorrect. Otherwise, what would the following statement mean?

MOV EBP, ESP

Footnote 1: Editor's Note. Yes, that is not true. In standard terminology, “top of the stack” is what the ESP points to, even if it is the lowest address in the stack frame. Similar to the stack data structure, which grows up, although the x86 callstack (like most ISAs) grows down.

+27
source share
3 answers

esp is the stack pointer, ebp is / was for the stack frame, so when you entered the function, ebp could get a copy of esp at this point, everything on the stack will happen before that, the return address passed by the parameters, etc., and also what is global for this function (local variables) will now be the static distance from the stack frame pointer to the duration of the function. esp now freely wanders at the request of the compiler and can be used when nested in other functions (everyone should save ebp naturally).

This is a lazy way to control the stack. simplifies debugging of the compiler, makes it easier to understand the code generated by the compiler, but writes the registry, which could be a different general purpose method.

+31
source

Usually EBP is used to back up ESP, so if the ESP is changed by code in a function, all that is needed to restore the ESP is mov ESP, EBP. In addition, since EBP usually remains unchanged in code in a function, it can be used to access passed parameters or local variables without the need for offset adjustment.

To use the stack frame, the EBP is pushed onto the stack at the beginning of any function, so the value of the EBP pushed onto the stack is the EBP value from the function called the current function. This allows the code or debugger to “return the trace” through all instances into which the EBP has been pushed onto the stack, and each instance of the EBP value on the stack can be considered as the base pointer of the stack frame.

Note that some compilers have the omit frame pointers option, in which case EBP is not used to save the ESP or stack frame pointer. Instead, the compiler tracks ESPs, and all local offsets are offsets from the current ESP value.

+14
source

EBP and ESP are remnants of an era when compilers did not, for example, have static analysis to determine how many stack bytes are needed to call a function. In addition, the stack had to dynamically increase and decrease during the execution of the function, interrupts would clear the entire stack from 0 to SP, and the spaghetti code was the de facto standard. In fact, interrupts (and passing parameters only through registers) were a developed method for calling kernel functions.

Under these conditions, you need to have a fixed point on the stack where the return address is always found for the caller, local variables and function arguments. Thus, the bp register was justified. In this architecture, bp was allowed to be indexed ([bp - 300h]), but sp not. These opcodes / instructions, which could be interpreted as mov ax, [sp + 1111h] , were reused for other purposes.

In 386+ and thanks to the introduction of 'E', the ESP acquired a bias property. At this time, EBP was freed from its sole purpose, as esp was able to cope with both tasks.

Note that even now, EBP points to memory through the stack segment (SS), as does ESP . Other addressing modes (without ESP / EBP as the base) by default for the DS segment. (absolute, DI, SI and / or BX in 16-bit mode and in 32-bit addressing modes, any register can be a base in addressing mode).

+7
source

Source: https://habr.com/ru/post/985656/

More articles:


All Articles