Contents of stack after function call

0
votes

I'm reading a book that explains how the ebp and eip registers work when a function is called. The following figure is provided:

enter image description here

here array is a local function variable. The function arguments are a, and b. This is how the actual C code looks like:

#include <stdio.h>

void function(int a, int b)
{
   int array[8];
}

int main()
{
   function(1,2);
   return 0;
}

I compile with gcc -m32 -g function.c and run the program in gdb. The command disas main shows (skipped some lines):

0x08048474 :    push   $0x2
0x08048476 :    push   $0x1
0x08048478 :    call   0x804843b 
0x0804847d :    add    $0x10,%esp

the first and last few instructions of function() are:

0x0804843b :    push   %ebp
0x0804843c :    mov    %esp,%ebp
0x0804843e :    sub    $0x38,%esp
0x08048441 :    mov    %gs:0x14,%eax
0x08048447 :    mov    %eax,-0xc(%ebp)
0x0804844a :    xor    %eax,%eax
0x0804844c :    nop
    ...
0x0804845e :    leave  
0x0804845f :    ret

and when I inspect the contents of ebp:

(gdb) x/4xw $ebp
0xffffcd48:     0xffffcd68      0x0804847d      0x00000001     0x00000002

I understand that in the stack, ebp should be followed by the return location 0x0804847d and the function arguments 0x00000001 and 0x00000002. However I don't know what is 0xffffcd68. Is this the address of ebp?

1
cassemblygdbstackcpu-registers
Does your book describe what the EBP slot in the stack is? - Mark Plotnick
Briefly: There is no stack in C. For your specific implementation, read the ABI, but keep in mind this is typically only for exported functions. - too honest for this site
Can you show the first few instructions of function? - Mark Plotnick
@MarkPlotnick the book has information about delay slots but I haven't read that section yet. I included the instructions of function. - MAGA

1 Answers

1
votes

It is the value of ebp at the beginning of the function.
It's a consequence of push %ebp and the fact that the x86 stack is Full Descending.

It's the caller frame pointer.

Beware that the compilers update the way they handle the stack much more frequently than books authors do with their books.
Particularly: alignment, frame-pointer omission, RVO, implicit parameters and so on may throw you off.