When I debug my own prog,I found that ebp contains something always like BFFF****,who knows what's structure it points to?Or something special to the content of ebp,how can we make use of it?
Thx in advance.



I am curious about it....
Posted on 2002-04-17 04:01:38 by Hume
forget to say that the value of ebp is at the time before the first instruction execute.
Posted on 2002-04-17 04:04:13 by Hume
EBP is used to mark the back of the current stack frame.

Each function will do something like this to the stack:
1) Passed in variables (if any) to the function - several DWORDs
2) Return Address for current address
; EBP points to 3
3) Locals if any
4) Any values pushed on the stack by the current process

1 and 4 merge on function calls as you push arguments to a function on the stack, so in a function with 3 arguments, the last 3 DWORDs on the stack will be taken as those arguments (whether you pushed them or not, which is why you should push them :tongue: ).

There is no vital need to use EBP for this, and if you want to you could use it as another general use register. It would mean you couldn't reference any of the local variables or function parameters through MASMs helpful names (you could reference from ESP, but this changes with each push, so you need to keep track of it).

Mirno
Posted on 2002-04-17 05:47:01 by Mirno
Hume, you cannot depend on register values at program entry.
All registers are *undefined*. They may or may not point to interesting
stuff, but depending on this makes your program *very* likely to
break on the next OS or service pack.
Posted on 2002-04-17 07:07:39 by f0dder
I see,thx
Posted on 2002-04-18 05:11:49 by Hume