Function Calling

As we already mentioned, some functions might require. one or more parameters. A parameter s a specific ype of a variabl. It can be signed or unsigned nteger a pointer to an artay, siring, single char, elc.

When the function requires one or more parameters,these parameters are placed on the stack before entering that function.

‘The 2 main instructions used for inserting and extracting Values from the stack are the PUSH and POP instructions. The PUSH intruction places data on top of the stack and the POP instruction removes that value from the top of the stack (TOS). Due to the way the stack operaes, i is considered a LIFO (Last In - First Out) Data Structure What actually happens is that when an item is pushed on the stack, the ESP register, which always points 1o the TOS, is decremented i order to point to the new item placed on the TOS.

During this course, we will assume that the width of the stack s 32bits.

Example

[y e ¢ books, cneon top of the other and each book occupies 32 bits of data. The book at the Bottom (where E6 The base pointe) ponts) occupies {he ighest posiion (adgress). assurning hat we start counting from the top of the pile.

The ESP always pointsto the st book placed on tha pile, 50t wil always point to the book that is on top of therest.

Now. you wantto add (push) ancther book to thepile and since the ESPregister mus aays pont o the top of the pile, It should be decremented by 32-bits (4 bytes) 7 order t point o the las book aaded

On the other hand, if we want to remove a book from the 10p of that pi, the ESP pointer mus! be incremented by the same value in order (0 point (0 the next book after the one we just removed.

I reality, the stack during execution of the program i& divided in several stack-frames, which we il explainin detail in the next chapter of this module.

S0,0nce the parameters - f requird by the function -are pushed on the stack,the program needs toreditec the EIP tothe entry point of that function and at the same time, it needs to keep track of the address of the nextnstruction to execute on retuming from that function. o “The instruction responsibl for this is the CALL instriion. When a CALL instruction is executed, what happens is that the processor pushes the retur address (called the “return-instruction pointer) onto the stack and then loads the address of the entry point of that function in the EIP register i order o start the execution of that function.

“The corresponding instruction for exiting from a function is the RET instruction. 4 When a RET instruction s executed, the processor pops the address from TOS to the EIP register and resumes. ‘execution from the next nstruction located after the CALL that brought us inside the function i the first place.

In some cases the RET instruction can be used with an argument,for example RET 4.

In this case the ESP pointer will not just be incrementéd by 32bits (4 bytes) during the popping of the value in TOS, but als0 adds the value of the argument (1 bytes).

Thisis used in _stdeall and _fasteall calling conventions in order to clean up the stack from the parameters pushed for that function (see 2.6 Calling Conventions):