Stack Frames and Advanced Procedures Stack Frames Stack

  • Slides: 31
Download presentation
Stack Frames and Advanced Procedures

Stack Frames and Advanced Procedures

Stack Frames • • • Stack Parameters Local Variables ENTER and LEAVE Instructions LOCAL

Stack Frames • • • Stack Parameters Local Variables ENTER and LEAVE Instructions LOCAL Directive Write. Stack. Frame Procedure Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 2

Stack Frame • Also known as an activation record • Area of the stack

Stack Frame • Also known as an activation record • Area of the stack set aside for a procedure's return address, passed parameters, saved registers, and local variables • Managed using register EBP (frame “base pointer”) • Created by the following steps: • Calling program pushes arguments on the stack and calls the procedure. • The called procedure pushes EBP on the stack, and sets EBP to ESP. • If local variables are needed, a constant is subtracted from ESP to make room on the stack. Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 3

Stack Parameters • More convenient than register parameters • Two possible ways of calling

Stack Parameters • More convenient than register parameters • Two possible ways of calling Dump. Mem. Which is easier? pushad mov esi, OFFSET array mov ecx, LENGTHOF array mov ebx, TYPE array call Dump. Mem popad push call TYPE array LENGTHOF array OFFSET array Dump. Mem * Dump. Mem is an Irvine library routine for printing out data stored in memory Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 4

Passing Arguments by Value • Push argument values on stack • (Use only 32

Passing Arguments by Value • Push argument values on stack • (Use only 32 -bit values in protected mode to keep the stack aligned) • Call the called-procedure • Accept a return value in EAX, if any • Remove arguments from the stack if the calledprocedure did not remove them Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 5

Example . data val 1 DWORD 5 val 2 DWORD 6. code push val

Example . data val 1 DWORD 5 val 2 DWORD 6. code push val 2 push val 1 (val 2) (val 1) 6 5 ESP Stack prior to CALL call My. Proc Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 6

Passing by Reference • Push the offsets of arguments on the stack • Call

Passing by Reference • Push the offsets of arguments on the stack • Call the procedure • Accept a return value in EAX, if any • Remove arguments from the stack if the called procedure did not remove them Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 7

Example. data val 1 DWORD 5 val 2 DWORD 6 (offset val 2) (offset

Example. data val 1 DWORD 5 val 2 DWORD 6 (offset val 2) (offset val 1) . code push OFFSET val 2 push OFFSET val 1 00000004 0000 ESP Stack prior to CALL call My. Proc Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 8

Stack after the CALL value or addr of val 2 value or addr of

Stack after the CALL value or addr of val 2 value or addr of val 1 return address ESP Recall that upon entering the procedure, the return address gets pushed onto the stack! Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 9

Accessing Stack Parameters (C/C++) • C and C++ functions access stack parameters using constant

Accessing Stack Parameters (C/C++) • C and C++ functions access stack parameters using constant offsets from EBP. • Example: [ebp + 8] • EBP is called the base pointer or frame pointer because it holds the base address of the stack frame. • EBP does not change value during the function. • ESP might change if anything is pushed to the stack while inside the function, EBP stays fixed • EBP must be restored to its original value when a function returns. Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 10

RET Instruction • Return from subroutine • Pops stack into the instruction pointer (EIP).

RET Instruction • Return from subroutine • Pops stack into the instruction pointer (EIP). Control transfers to the target address. • Syntax: • RET n • Optional operand n causes n bytes to be added to the stack pointer after EIP (or IP) is assigned a value. Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 11

Who removes parameters from the stack? Caller (C) push val 2 push val 1

Who removes parameters from the stack? Caller (C) push val 2 push val 1 call Add. Two add esp, 8 . . . or. . . Called-procedure (STDCALL): Add. Two PROC push ebp mov ebp, esp mov eax, [ebp+12] add eax, [ebp+8] pop ret ebp 8 (The MODEL directive specifies calling conventions ) Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 12

Example • Create a procedure named Difference that subtracts the first argument from the

Example • Create a procedure named Difference that subtracts the first argument from the second one. Following is a sample call: push 14 push 30 call Difference PROC push ebp mov ebp, esp mov eax, [ebp + sub eax, [ebp + pop ebp ret 8 ; add Difference ENDP ; first argument ; second argument ; EAX = 16 8] 12] ; second argument ; first argument 8 to esp ; (remove 2 parameters) Example: Simple. Frame Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 13

Passing 8 -bit and 16 -bit Arguments • Cannot push 8 -bit values on

Passing 8 -bit and 16 -bit Arguments • Cannot push 8 -bit values on stack • Pushing 16 -bit operand may cause page fault or ESP alignment problem • incompatible with Windows API functions • Expand smaller arguments into 32 -bit values, using MOVZX or MOVSX: . data char. Val BYTE 'x'. code movzx eax, char. Val push eax call Uppercase Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 14

Saving and Restoring Registers • Push registers that need saving onto the stack just

Saving and Restoring Registers • Push registers that need saving onto the stack just after assigning ESP to EBP My. Sub PROC push ebp mov ebp, esp push ecx push edx • ; save local registers Otherwise, there will be an additional offset from EBP to access parameters passed in Note: issue with USES directive (next slide) Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 15

Stack Affected by USES Operator My. Sub 1 PROC USES ecx edx ret My.

Stack Affected by USES Operator My. Sub 1 PROC USES ecx edx ret My. Sub 1 ENDP • USES operator generates code to save and restore registers: My. Sub 1 PROC push ecx push edx pop ecx Ret Example: Array. Frame Note: this will affect the offset of passed values since it is done before the base pointer is set!!! • Need to take additional offset into account if it is used Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 16

Local Variables • Only statements within subroutine can view or modify local variables •

Local Variables • Only statements within subroutine can view or modify local variables • Storage used by local variables is released when subroutine ends • local variable name can have the same name as a local variable in another function without creating a name clash • Essential when writing recursive procedures, as well as procedures executed by multiple execution threads Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 17

Creating LOCAL Variables Example - create two DWORD local variables: Say: int x=10, y=20;

Creating LOCAL Variables Example - create two DWORD local variables: Say: int x=10, y=20; ret address saved ebp EBP 10 (x) [ebp-4] My. Sub PROC 20 (y) [ebp-8] push mov sub ebp, esp, 8 mov DWORD PTR [ebp-4], 10 ; initialize x=10 DWORD PTR [ebp-8], 20 ; initialize y=20 ; create 2 DWORD variables Note: PTR is necessary because the assembler doesn’t know the size of the literals 10 and 20 Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 18

Freeing Local Variables Restore esp to ebp to free space reserved for local variables:

Freeing Local Variables Restore esp to ebp to free space reserved for local variables: mov esp, ebp ret address saved ebp EBP 10 (x) [ebp-4] My. Sub PROC 20 (y) [ebp-8] push ebp mov ebp, esp sub esp, 8. . . mov pop ret esp, ebp Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. ; create 2 DWORD variables ; free local space 19

ENTER Instruction • ENTER instruction creates stack frame for a called procedure • •

ENTER Instruction • ENTER instruction creates stack frame for a called procedure • • pushes EBP on the stack sets EBP to the base of the stack frame reserves space for local variables Example: My. Sub PROC enter 8, 0 • Equivalent to: My. Sub PROC push ebp mov ebp, esp sub esp, 8 The second argument to “enter” is the nesting level (always “ 0” in our examples) Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 20

LEAVE Instruction Terminates the stack frame for a procedure. Equivalent operations My. Sub PROC

LEAVE Instruction Terminates the stack frame for a procedure. Equivalent operations My. Sub PROC enter 8, 0. . leave ret My. Sub ENDP push ebp mov ebp, esp sub esp, 8 ; 2 local DWORDs mov pop Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. esp, ebp ; free local space ebp 21

LOCAL Directive • The LOCAL directive declares a list of local variables • immediately

LOCAL Directive • The LOCAL directive declares a list of local variables • immediately follows the PROC directive • each variable is assigned a type • Syntax: LOCAL varlist Example: My. Sub PROC LOCAL var 1: BYTE, var 2: WORD, var 3: SDWORD Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 22

Using LOCAL Examples: LOCAL flag. Vals[20]: BYTE ; array of bytes LOCAL p. Array:

Using LOCAL Examples: LOCAL flag. Vals[20]: BYTE ; array of bytes LOCAL p. Array: PTR WORD ; pointer to an array my. Proc PROC, ; procedure LOCAL t 1: BYTE, ; local variables Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 23

Non-Doubleword Local Variables • Local variables can be different sizes • How created in

Non-Doubleword Local Variables • Local variables can be different sizes • How created in the stack by LOCAL directive: • 8 -bit: assigned to next available byte • 16 -bit: assigned to next even (word) boundary • 32 -bit: assigned to next doubleword boundary Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 24

Local Byte Variable Example 1 PROC LOCAL var 1: BYTE mov al, var 1

Local Byte Variable Example 1 PROC LOCAL var 1: BYTE mov al, var 1 ret Example 1 ENDP Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. ; [EBP - 1] 25

LOCAL Usage Some. Proc PROC LOCAL temp: DWORD, Swap. Flag: BYTE. . . ret

LOCAL Usage Some. Proc PROC LOCAL temp: DWORD, Swap. Flag: BYTE. . . ret Some. Proc ENDP MASM generates the following code: Some. Proc PROC push ebp mov ebp, esp add esp, 0 FFFFFFF 8 h ; add -8 to ESP. . . mov esp, ebp ; does the cleanup too! pop ebp ret Example: Swap. Local Some. Proc ENDP Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 26

LEA Instruction • LEA returns offsets of direct and indirect operands • OFFSET operator

LEA Instruction • LEA returns offsets of direct and indirect operands • OFFSET operator only returns constant offsets • i. e. those known at compile time • LEA (load effective address) required when obtaining offsets of stack parameters & local variables Example: Copy. String PROC, count: DWORD LOCAL temp[20]: BYTE mov lea edi, OFFSET esi, OFFSET edi, count ; esi, temp ; count ; invalid operand temp ; invalid operand ok ok Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 27

LEA Example Suppose you have a Local variable at [ebp-8] And you need the

LEA Example Suppose you have a Local variable at [ebp-8] And you need the address of that local variable in ESI You cannot use this: mov esi, OFFSET [ebp-8] ; error Use this instead: lea esi, [ebp-8] …example can be found in : lea. Example Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 28

Parameters in a PROC • PROC directive allows for a list of parameters Example:

Parameters in a PROC • PROC directive allows for a list of parameters Example: My. Sub PROC, var 1: BYTE, var 2: DWORD, var 3: PTR DWORD • This automatically generates entry and exit code: push ebp mov ebp, esp. . . leave ret (n*4) ; where n is number of params* *no need to add an argument to ret Example: Array. Param Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 29

Write. Stack. Frame Procedure • Displays contents of current stack frame • Prototype: Write.

Write. Stack. Frame Procedure • Displays contents of current stack frame • Prototype: Write. Stack. Frame PROTO, num. Param: DWORD, ; number of passed parameters num. Local. Val: DWORD, ; number of DWord. Local variables num. Saved. Reg: DWORD ; number of saved registers Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 30

Write. Stack. Frame Example main PROC mov eax, 0 EAEAh mov ebx, 0 EBEBh

Write. Stack. Frame Example main PROC mov eax, 0 EAEAh mov ebx, 0 EBEBh INVOKE a. Proc, 1111 h, 2222 h exit main ENDP a. Proc PROC USES eax ebx, x: DWORD, y: DWORD LOCAL a: DWORD, b: DWORD PARAMS = 2 LOCALS = 2 SAVED_REGS = 2 mov a, 0 AAAAh mov b, 0 BBBBh INVOKE Write. Stack. Frame, PARAMS, LOCALS, SAVED_REGS Irvine, Kip R. Assembly Language for x 86 Processors 7/e, 2015. 31