Hi Everyone,
Today I am going to explain about function call in assembly. We should understand it because function call is part of the essential things to understand because it has alot of next sub material such as memory stack, return value and also the application flow.
To make it easier, let start our assembly tutorial by coding an application in C as follow
in the above code that the application will call a function called check where the function does nothing but return 5 to the main function. Let see how it is in the assembly after it is compiled into binary
we can see that in the above picture that the main fucntion will call _check. A function will always be initilized by at least 2 instructions
.text:00401350 push ebp
.text:00401351 mov ebp, esp
the above 2 instructions are called function prologue where it will save the value of old ebp from the previous frame and following instruction is to make the ebp to become equal to esp. why this operation is crucial because ebp will become the base pointer for the stack and as the reference to access local variable and passed variable where esp will always change because it will mark as the top of stack
the first push ebp is intended to save the main function ebp pointer or caller ebp address.
the second instruction is mov ebp, esp means it is to initiate the stack frame base address where ebp usually never change after it is initiated and esp will wander as the compiler want it to go
So the next is when the function finish its execution, the function shall return to the caller. it is called as function epilog
.text:00401358 pop ebp
.text:00401359 retn
functon epilog is the sequence to return to the previous execution in the caller function that stored in retn. the sequece is pop ebp and next to return to address in retn
we will later talk about the stack in detail in the next post because it is very interesting and crucial to undertand it correctly
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 