Before I begin, we need to clarify what a stack is first. For once, it’s a structure that represent data.
The Stack of a computer can be understood in different matters. Mostly as a way to represent current working chunks of memory a program needs to store it’s local context.
That’s a very strange to write…. Let’s try it again: When a program is executing, it needs to store some of it’s memory somewhere. Memory is allocated in chunks. This chunks of memory will be ‘stacked’.
The importance of this ‘stacking’ is, that once it’s layered down on the stack, it will be buried by the next item. Unless the next item is processed, it remains buried. You need to process the top of the stack, before the next time can be access.
Once you executes a programs, you will get a ESP. However during debugging with gdb, i notice something odd: the BSP keyword. Some search later, I figured out that this was point to the top of the stack. Just like ESP. Now: What’s the different between BSP and ESP?
So when you look at the assembler you will see thing like this:
0x080483c4 <main+0>: push ebp 0x080483c5 <main+1>: mov ebp,esp 0x080483c7 <main+3>: and esp,0xfffffff0 0x080483ca <main+6>: sub esp,0x50 0x080483cd <main+9>: lea eax,[esp+0x10] 0x080483d1 <main+13>: mov DWORD PTR [esp],eax 0x080483d4 <main+16>: call 0x80482e8 <gets@plt> 0x080483d9 <main+21>: leave 0x080483da <main+22>: ret
Andrew Honig did a blog post about this topic. I quote:
At ebp is a pointer to ebp for the previous frame (this is why push ebp; mov ebp, esp is such a common way to start a function). This effectively creates a linked list of base pointers. This linked list makes it very easy to trace backwards up the stack. For example if foo() calls bar() and bar() calls baz() and you’re debugging baz() you can easily find the parameters and local variables for foo() and bar().
best regards, akendo