Thread Stack in Assembly - Push, Pop, EBP & ESP Explained
0π₯ Learn How The Thread Stack Works! Push, Pop, EBP & ESP Explained
π¨ βπ» Buy Our Courses: https://guidedhacking.com/register/
π° Donate on Patreon: https://patreon.com/guidedhacking
β€ οΈ Follow us on Social Mediahttps://linktr.ee/guidedhackingng
Β© GuidedHacking - GuidedHackingβ’
π Article Lihttps://guidedhacking.com/threads/assembly-thread-stack-in-game-hacking.20872/s...
π¨ βπ» GH Content Creator: CodeNullhttps://guidedhacking.com/members/codenulls.272722/d...
π Video Description:
The thread stack, also known as stack, is memory space allocated by the operating system when a program is loaded into memory. Each thread will have its own ESP and EBP registers, which will point to its stack in memory. The PUSH and POP assembly instructions manipulate the thread stack memory by storing and removing arguments. Assembly is used a lot in game hacking.
The thread stack allows storing function local variables and parameters temporarily when the function is being executed. The ESP register will always point to the top of the stack, and if a new value is pushed on the stack, the value of ESP will be updated. Both EBP and ESP registers can be used to access the stack, each has their own benefits. The compiler can use one or both of these registers in a function. The stack is also used a lot in binary exploitation.
Thread Stack - this is the bit of memory (relatively small) that functions use for local variable storage.
The stack is a part of memory that:
expands and shrinks as needed
is accessed in a "last in, first out" manner
represents local storage for functions
stores function arguments
stores return addresses
is used to preserve data in registers for later use
The Stack is actually a collection of stack frames. Each function has it's own stack frame. The stack frames are preserved in memory, but your current stack frame is currently defined by the ESP and EBP registers.
ESP = Extended Stack Pointer
EBP = Extended Base Pointer
When a new function is to be called, the "function prologue" executes which preserves the previous stack frame, and sets up the stack frame for the next function. Depending on the calling convention it can be done by the caller or the callee, meaning before or after the "call" instruction executes.
Before the "function prologue" or "stack setup" occurs, ESP is pointing at the bottom of the current stack frame, when the setup occurs, EBP is made to point at the same location, and then ESP moves to a new position, which now represents the top of the next stack frame. So when a function prologue is completed, ESP points at the top of the current stack, and EBP points at the bottom of the current stack. The stack starts where ESP points and ends where EBP points. As you push and pop things onto the stack, the top of stack which ESP points to, moves. When you push onto the stack, it expands, when you pop, it shrinks.
π Timestamps:
00:00 Intro Push Pop
00:26 Loop Example
01:33 CPU Registers
02:33 ESP & EBP
03:00 Example Function
03:22 Average Call
04:08 Average Calc
07:00 Cleanup & SD
β οΈ Tags:
thread stack tutorial
ESP
threadstack pointer
memory stack
x86 assembly tutorial
threadstack pointers
thread stack
threadstack
x86 stack
EBP
the stack
thread stack pointer
x86 assembly
stack pointer register
thread stack pointers
x86 assembly programming
stack pointer
base pointer and stack pointer