Some notes about the Stack

Before I begin, we need to clarify what a stack is first. For once, it’s a structure that represent data.

The Stack of a computer can be understood in different matters. Mostly as a way to represent current working chunks of memory a program needs to store it’s local context.

That’s a very strange to write…. Let’s try it again: When a program is executing, it needs to store some of it’s memory somewhere. Memory is allocated in chunks. This chunks of memory will be ‘stacked’.

The importance of this ‘stacking’ is, that once it’s layered down on the stack, it will be buried by the next item. Unless the next item is processed, it remains buried. You need to process the top of the stack, before the next time can be access.

Once you executes a programs, you will get a ESP. However during debugging with gdb, i notice something odd: the BSP keyword. Some search later, I figured out that this was point to the top of the stack. Just like ESP. Now: What’s the different between BSP and ESP?

So when you look at the assembler you will see thing like this:

0x080483c4 <main+0>:	push   ebp
0x080483c5 <main+1>:	mov    ebp,esp
0x080483c7 <main+3>:	and    esp,0xfffffff0
0x080483ca <main+6>:	sub    esp,0x50
0x080483cd <main+9>:	lea    eax,[esp+0x10]
0x080483d1 <main+13>:	mov    DWORD PTR [esp],eax
0x080483d4 <main+16>:	call   0x80482e8 <gets@plt>
0x080483d9 <main+21>:	leave  
0x080483da <main+22>:	ret 

Andrew Honig did a blog post about this topic. I quote:

At ebp is a pointer to ebp for the previous frame (this is why push ebp; mov ebp, esp is such a common way to start a function). This effectively creates a linked list of base pointers. This linked list makes it very easy to trace backwards up the stack. For example if foo() calls bar() and bar() calls baz() and you’re debugging baz() you can easily find the parameters and local variables for foo() and bar().

best regards, akendo