Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Assembly Does the ret instruction add 4 to esp register?

Thread Rating:
  • 373 Vote(s) - 3.53 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Does the ret instruction add 4 to esp register?

Offline isahellam


Member
*
Member
Posts: 0
Threads: 0
Joined: Jul 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-24-2023, 11:46 AM
Does the [`ret` instruction][1] cause "esp" register to be increased by 4?


[1]:

[To see links please register here]

Reply

Offline obtusifolious781703


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Apr 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-24-2023, 12:13 PM
Yes, it performs

pop eip

You can use

mov eax, [esp]
jmp eax

to avoid it.

EDIT: It's exactly what `ret` does. For example, `jmp rel_offet` is nothing than a hidden `add eip, offset`, or `jmp absolute_offset` is `mov eip, absolute_offset`. Sure there are differences in the way the processor treats them, but from programmer's point of view it's all that happens.

Also, there is a special form of `ret` : `ret imm8` that also adds this imm8 value to `esp` : for example a `__stdcall` function uses it to discard its parameters from the stack. Not to mention `retf` version, used in 16bit mode, that also pops the `cs` from the stack.

EDIT2:

pop register

means:

mov register, [esp]
add esp, 4
Reply

Offline thermochrosy502508


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Sep 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-24-2023, 12:18 PM
yes, because on the stack there is (well, there should be, see buffer overflow) the address to where resume the execution of the program. So ret means
<pre><code>pop ret_addr ; pop deletes ret_addr from stack by adding 4 to esp
mov eip, ret_addr
</pre></code>

which is

pop eip

just as ruslik said
Reply

Offline debbimg


Member
*
Member
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-24-2023, 12:32 PM
Yes, when the processor is running in 32-bit protected mode. In Real mode or 16-bit protected mode RET does a POP IP, which will cause an ADD ESP, 2 (instead of 4).
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through