What does ebp and esp in a disassembly code mean? - McMap

About

What does ebp and esp in a disassembly code mean?

Asked 31/10, 2014 at 22:48 Answered 31/10, 2014 at 22:57

Solved assembly malware ida

S

1

1

Below posted is my code. Help me out in understanding what the below code means:

   push    ebp
   mov     ebp, esp
   sub     esp, 230h

Serology answered 31/10, 2014 at 22:48 Comment(3)

Related: #20695703 – Martinamartindale 31/10, 2014 at 22:53

Possible duplicate of why to use ebp in function prologue/epilogue? – Jejunum 23/6, 2016 at 12:24

Related: #21718897 – Kaufman 3/4, 2023 at 10:20

D

3

It is a function prologue.

Pushes the old base pointer onto the stack, so it can be restored later:

   push    ebp

Assigns the value of stack pointer into base pointer, then a new stack frame will be created on top of the old stack frame:

   mov     ebp, esp

Moves the stack pointer further by decreasing or increasing its value (depending on whether the stack grows down or up):

   sub     esp, 230h

Here, the230h immediate value is the number of bytes reserved on the stack for local use in the function.

In a similar way, the function epilogue reverses the actions of the prologue and returns control to the calling function.

Check this related SO question: Function Prologue and Epilogue in C

Dyspnea answered 31/10, 2014 at 22:57 Comment(1)

Some compilers offer the option of not using frame pointers, which frees up ebp to be used as a generic register (it would still need to be saved). – Spohr 1/11, 2014 at 2:17

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.