News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

pop instruction

Started by Pokerice, May 12, 2014, 10:18:47 PM

Previous topic - Next topic

Pokerice

It stated pop removes the value on top of the stack and stores it in register or memory AND THEN it increments the stack pointer. But when I experiment with it with Ollydbg, it seemed like it incremented first and then store the value.

.386
.model flat, STDCALL
.code
include \masm32\include\masm32rt.inc
start:
        mov [esp + 4], 9000
        pop [esp]
        call ExitProcess
end start
END

Basically I think I am popping the top of stack and storing it back onto the top of the stack, but instead the address esp+4's value changed. Am I doing something wrong? Also it seemed the value on the stack does not get removed when popping. (All it does is increment the counter to give the feeling it does not exist anymore?)

dedndave

start:
        mov [esp + 4], 9000
        pop [esp]
        call ExitProcess
end start


i wouldn't be surprised if that generated an exception
when the OS loads an EXE, it assigns memory for stack space
the "bottom" of the stack (higher address) is loaded into the ESP register
you seem to be violating that space, because the valid stack is below that address

pop [esp]
that one is a little crazy
it takes the current contents of the top-of-stack and places it at [ESP] (same address)
then adds 4 to ESP

finally, when you get to ExitProcess, it expects an argument on the stack

if you access memory that isn't "allowed" you will get error 0xC0000005 - access violation

dedndave

try this one...
start:
    sub     esp,4
    mov     [esp],9000h
    pop     eax

    push    0
    call    ExitProcess

    end      start

Pokerice

Thanks, it seems to work fine and as intended with every pop except popping with esp, pop [esp/esp-4..]. If I move the value from esp to say eax and then pop using eax, pop [eax], I get the intended results.
*EFDIT: seems to me when you pop, it gets the value at top of stack, increment the esp then it stores that value to register/memory. That's why pop [esp] stores the value at the new esp address(incremented) and pop [esp -4] stores it at the previous esp address (before increment).

dedndave

reminds me of a bug that some early 8088's had   :P

FORTRANS

Quote from: dedndave on May 12, 2014, 11:14:47 PM
reminds me of a bug that some early 8088's had   :P

Hi Dave,

   You mean POP CS?  More of a short cut than a bug.  Or the
different ordering of the incrementing of SP?

Cheers,

Steve N.

dedndave

i don't recall the exact details, Steve - that was 30 years ago
it had to do with whether the SP was incremented before or after the PUSH or POP

seems to me that this would cause problems
    push    sp
    pop     sp