The Stack

Question 1

What does the PUSH instruction do?

Answer 1

PUSHes a value onto the top of the stack.

Question 2

What does the POP instruction do?

Answer 2

POPs a value off the top of the stack.

Question 3

What happens to the ESP when you PUSH a value on to the stack?

Answer 3

The memory address decreases as the stack grows.

Question 4

What happens to the ESP when you POP a value off of the stack?

Answer 4

The memory address increases as the stack shrinks.

Question 5

Which register is pushed onto the stack at the beginning of a new function?

Answer 5

EBP (base pointer of the previous stack frame)

Question 6

How would you reserve space on the stack for a local variable?

Answer 6

“SUB ESP, 10” would reserve 10 (hex) bytes of data on the stack

Question 7

After pushing the previous functions EBP to the stack, what do we do with the EBP?

Answer 7

“MOV EBP, ESP”. We set the value of EBP to the current ESP to create the new stack frame for the current scope of the function

Question 8

When returning out of a function back to the original, how do we obtain the previously used stack frame?

Answer 8

“MOV ESP, EBP; POP EBP;” sets the ESP to the original EBP, removing the previous stack frame data, and POPs the value off of the top into EBP. This is the original EBP which recreates the stack frame.

Question 9

Which three instructions are likely to be seen at the end of a function that returns to main() ?

Answer 9

“MOV ESP, EBP” -> clear the stack back to main() stack frame
“POP EBP” -> restore the base pointer of main()
“RETN” -> return to main()

Question 10

If the ESP is “0x0012E650” and 2 registers are PUSH’d, what is the new value of the ESP?

Answer 10

0x0012E648 or “ESP - 8”

Question 11

If the ESP is “0x0012E650” and 2 registers are POP’d, what is the new value of the ESP?

Answer 11

0x0012E658 or “ESP + 8”