蔓生庭院

Where the top of the stack is on x86 - Eli Bendersky's website

种植 修剪历史

Where the top of the stack is on x86 - Eli Bendersky’s website

Created: 2025-08-27

Herein lies the source of the confusion. Intel’s x86 architecture places its stack “head down”. It starts at some address and grows down to a lower address.

See in context at Where the top of the stack is on x86 - Eli Bendersky’s website

Created: 2025-08-27

The x86 architecture reserves a special register for working with the stack - ESP (Extended Stack Pointer). The ESP, by definition, always points to the top of the stack:

See in context at Where the top of the stack is on x86 - Eli Bendersky’s website

Created: 2025-08-27

To push new data onto the stack we use the push instruction [3]. What push does is first decrement esp by 4, and then store its operand in the location esp points to.

See in context at Where the top of the stack is on x86 - Eli Bendersky’s website

Created: 2025-08-27

Similarly, the pop instruction takes a value off the top of stack and places it in its operand, increasing the stack pointer afterwards.

See in context at Where the top of the stack is on x86 - Eli Bendersky’s website

Created: 2025-08-27

Since esp keeps moving as the function executes, ebp (base pointer, also known as frame pointer in other architectures) is used as a convenient anchor relatively to which all function arguments and locals can be found. Arguments are above ebp in the stack (hence the positive offset when accessing them), while locals are below ebp in the stack.

See in context at Where the top of the stack is on x86 - Eli Bendersky’s website

关系图谱