Definition of the Stack
Required Knowledge
A brief knowledge of registers is required for this definition.The stack.
The stack is a section of memory, it has specific uses when compared with normal memory.These uses include storing local variables and application flow (such as calling procedures and passing variables).
A way of describing the stack is to take the notion of a stack of pancakes.
As we PUSH pancakes on to the stack, the pile of pancakes grows. As we POP pancakes off the stack and into our tummies the size of the stack decreases.
<pic of pancakes>
The memory can be represented as follows:
As we PUSH the DWORD values (each square represents 1 byte) to the stack, from left to right, we are adding to the size of the stack. Thus, the first value to be pushed (the light blue DWORD) ends up at the 'bottom' of the stack and the green DWORD is pushed last, so is at the top of the stack.
Now remember the ESP and EBP registers from this article? Well, these registers are used in tandem with the stack.
ESP, the stack pointer, points to the uppermost value (the last to be PUSHed) of the stack. Thus as values are PUSHed on to the stack, ESP points to smaller addresses.
There are several instructions which alter the value of ESP and are directly related to the stack, here is a small selection of them and a brief explanation of how they work:
- PUSH, this puts a specified value on to the stack, in doing so it decreases the stack pointer by 4 bytes (4 bytes being a DWORD value).
- POP, this pops the uppermost stack value in to a given register or memory location. It is effectively the opposite of PUSH and thus ESP is incremented by 4.
- CALL, is used in the calling of procedures (functions). Firstly a return address is pushed to the stack (A return address is simply the address of the next instruction to be executed after the call has finished) and then the EIP is changed to the address specified in the CALL operation. Thus the flow of the program is altered to run through a specific piece of code. Due to a return address being PUSHed, ESP is decreased by 4.
- RETURN, is the inverse of the CALL operation. The uppermost value of the stack is POPped in to EIP (With any luck the uppermost value will be the return address specified by the equivalent CALL instruction), in doing so ESP increases by 4. Once this value is POPped, if it is a valid address, the next instruction can be executed. In the average program, this RETURN instruction will cause the execution to continue in the function which used the CALL opcode.
There are several other operations, for instance PUSHAD and POPAD respectively PUSH and POP the GPRs (General Purpose Registers) to and from the stack. This is useful for preserving registers after functions. As 8 registers' values are being PUSHed and POPped the value of ESP will change by 32 each time.
At this point is worth noting that although each value on the stack has an absolute address which doesn't really change, each value's position relative to ESP does change as values are PUSHed or POPped.
However, EBP, the base pointer, can be used to avoid this 'relative change' by having EBP as the 'start' of a stack frame. A stack frame is simply an area of the stack which is used to store local variables for a particular function, a compiler will work out how much space is needed in the stack for a given function and allocate this via the use of EBP and ESP.
We start by moving ESP in to EBP, thus making the base pointer and stack pointer equivalent, we then subtract the size of the space needed to store our local variables from ESP.
Now all values moved in to this 'stack frame' have an absolute offset from EBP, the base pointer (as EBP is not changed by PUSH/POP operations). This is a very simplified explanation of the stack frames and EBP's use in them, for more information on stack frames go here.
This explanation encompasses the bare basics of the stack, as you explore further sections of the assembly definitions this knowledge should become more useful and make more sense, you will learn to love it as you get more involved in assembly!
- Stew (AdminStew).
Related links
Stack frames.| Attachment | Size | Date Added | |
| TheStack.PNG | 1.5 KB | 7/18/2005 11:21 am | |
There are no comments on this page. [Add comment]