In the example function, addme, what would happen if the stack pointer were not properly restored before executing RET?
addme:
push ebp
mov ebp, esp
movsx eax, word ptr [ebp+8]
movsx ecx, word ptr [ebp+0Ch]
add eax, ecx
mov esp, ebp
pop ebp
retn
In this case, the ESP register is not modified at all (through mathemetical operations or PUSH/POP), so does not need to be properly restored.
In most cases however, without a MOV ESP, EBP instruction in the function prologue, you would return to an address that is whatever data happens to be in the current stack pointer at the time. This can often mean a crash, or at the very least unexpected behavior.
No comments :
Post a Comment