Text only | Text with Images

The MASM Forum

General => The Campus => Topic started by: Pokerice on May 12, 2014, 10:18:47 PM

Title: pop instruction
Post by: Pokerice on May 12, 2014, 10:18:47 PM
It stated pop removes the value on top of the stack and stores it in register or memory AND THEN it increments the stack pointer. But when I experiment with it with Ollydbg, it seemed like it incremented first and then store the value.

.386
.model flat, STDCALL
.code
include \masm32\include\masm32rt.inc
start:
        mov [esp + 4], 9000
        pop [esp]
        call ExitProcess
end start
END

Basically I think I am popping the top of stack and storing it back onto the top of the stack, but instead the address esp+4's value changed. Am I doing something wrong? Also it seemed the value on the stack does not get removed when popping. (All it does is increment the counter to give the feeling it does not exist anymore?)
Title: Re: pop instruction
Post by: dedndave on May 12, 2014, 10:48:20 PM
Code Select
start:
        mov [esp + 4], 9000
        pop [esp]
        call ExitProcess
end start

i wouldn't be surprised if that generated an exception
when the OS loads an EXE, it assigns memory for stack space
the "bottom" of the stack (higher address) is loaded into the ESP register
you seem to be violating that space, because the valid stack is below that address

Code Select
pop [esp]
that one is a little crazy
it takes the current contents of the top-of-stack and places it at [ESP] (same address)
then adds 4 to ESP

finally, when you get to ExitProcess, it expects an argument on the stack

if you access memory that isn't "allowed" you will get error 0xC0000005 - access violation
Title: Re: pop instruction
Post by: dedndave on May 12, 2014, 10:51:18 PM
try this one...
Code Select
start:
    sub     esp,4
    mov     [esp],9000h
    pop     eax

    push    0
    call    ExitProcess

    end      start
Title: Re: pop instruction
Post by: Pokerice on May 12, 2014, 11:07:28 PM
Thanks, it seems to work fine and as intended with every pop except popping with esp, pop [esp/esp-4..]. If I move the value from esp to say eax and then pop using eax, pop [eax], I get the intended results.
*EFDIT: seems to me when you pop, it gets the value at top of stack, increment the esp then it stores that value to register/memory. That's why pop [esp] stores the value at the new esp address(incremented) and pop [esp -4] stores it at the previous esp address (before increment).
Title: Re: pop instruction
Post by: dedndave on May 12, 2014, 11:14:47 PM
reminds me of a bug that some early 8088's had   :P
Title: Re: pop instruction
Post by: FORTRANS on May 12, 2014, 11:42:43 PM
Quote from: dedndave on May 12, 2014, 11:14:47 PM
reminds me of a bug that some early 8088's had   :P

Hi Dave,

   You mean POP CS?  More of a short cut than a bug.  Or the
different ordering of the incrementing of SP?

Cheers,

Steve N.
Title: Re: pop instruction
Post by: dedndave on May 12, 2014, 11:56:00 PM
i don't recall the exact details, Steve - that was 30 years ago
it had to do with whether the SP was incremented before or after the PUSH or POP

seems to me that this would cause problems
Code Select
    push    sp
    pop     sp
Text only | Text with Images