Confused about stack

[Joseph]

I am confused with stack. ESP and EBP. esp points to top of the stack which grows downwards to lower memory address.
what is ebp contains?

Code: [Select]

push ebp // saving the value of ebp; Can ebp contains value like other general purpose registers ? I think ebp only holds the address of base registers as esp?

Code: [Select]

mov  ebp,esp // is this moving the memory address of esp to ebp?

what is base pointer and how it works in general?
What is stack frame?

Thanks

[Flo]

EBP should be used as the framepointer. However not every compiler out there is so nice that it plays with such rules. MSVC for example understands how to use ebp as a general purpose register. In whatever optimization option it can omit stack-frames. Also gcc has options to omit the framepointer.
Stackframes are needed to do a "backtrace". On program crash you can do usually a backtrace to find the function call chain. Once you omit stackframes you can't however do a backtrace without much trouble.

When stackframes are present:
EBP contains the address of esp on function entry.
[ebp+4] contains the return address
[ebp+8+4*arg] contains all arguments your function got passed to.
When you have also an instruction "sub esp, x" local variable space is reserved and you can access this space usually with
"[ebp-4-4*locvar]".

When stackframes are not present:
The compiler usually knows what offset esp will have compared to the function start at the current instruction. So it can do calculations based on the current esp-offset to access function arguments or local variables. Such programs are much harder to read and decompilers/debuggers have more problems with such code.