Stack of the function call process in the X86 architecture

Source: Internet
Author: User

The two most important points of understanding the call Stack are the stack structure and the role of the EBP register.
First, we need to recognize the following two facts:
1. A function call can be divided into zero to multiple push commands (used for parameter loading) and one call command. The Call Command actually implies an action to press the stack of the returned address (that is, the address of the next command of the Call command.
2. Almost all local compilers insert commands similar to the following before each function body: Push EBP; MoV ebp esp; that is, when the program runs into the real function body of a function, the following data has been imported to the stack in sequence: parameter, return address, and EBP. The stack structure is similar to the following (the order of parameter stack entry is related to the call method. Here, the default cdecl of C language is used as an example ):

+ | (Stack bottom direction, high address) |
| ...... |
| ...... |
| Parameter 3 |
| Parameter 2 |
| Parameter 1 |
| Return address |
-| Previous layer [EBP] | <-------- [EBP] (stack frame)


"Push EBP" "mov EBP esp"These two commands have a deep idea: first, import EBP into the stack, and then assign the top pointer ESP to EBP. On the surface, the "mov EBP esp" command overwrites the original EBP value with ESP. In fact, it is not because before assigning values to EBP, the original EBP value has been pushed to the stack (located at the top of the stack), and the new EBP just points to the top of the stack.
At this time, the EBP register is already in a very important position. This register stores an address in the stack (the top of the stack after the original EBP enters the stack). From this address as the benchmark, the returned address and parameter value can be obtained up (at the bottom of the stack), and the local variable value can be obtained down (at the top of the stack, this address stores the EBP value of the previous function call!
Generally, the value of SS: [EBP + 4] is the return address, and the value of SS: [EBP + 8] is the first parameter value (the parameter value of the last input stack, assuming that it occupies 4 bytes of memory), the SS: [ebp-4] is the first local variable, and the SS: [EBP] is the EBP value of the previous layer.
Because the EBP address is always "the EBP value for the previous function call", and in each function call, the EBP value at the time can be used to "Up (at the bottom of the stack) returns the address and parameter value, and obtains the local variable value of the function down (in the top direction of the stack ".
This forms recursion until it reaches the bottom of the stack. This is the function call stack.
The use of EBP by the compiler is too subtle. Starting from the current EBP, it is very easy to find all EBP layers up:


Unsigned int _ EBP;
While (not stack bottom)
_ EBP = * (unsigned int *) _ EBP;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.