PUSH

Table of Contents

1. PUSH (push)
   1. Basic purpose
   2. Instruction execution process
   3. Instruction format
   4. Behavioral characteristics
   5. Equivalent expansion example
   6. ASCII stack change illustration
   7. Common uses

PUSH (push)

Basic purpose

The PUSH instruction pushes an operand onto the stack and updates the stack pointer.
In x86/x64, the stack grows toward lower addresses, so PUSH decreases the value of ESP/RSP first, then writes the data to the new top of the stack.

Instruction execution process

Using 64-bit as an example:

1
rsp = rsp - 8
2
[rsp] = 操作数

For 32-bit:

1
esp = esp - 4
2
[esp] = 操作数

Instruction format

The following operands are allowed:

• push r/m16
• push r/m32
• push r/m64
• push imm8 / imm16 / imm32 (in x64, it is sign-extended to 64 bits)

The sign extension of immediate pushes is a unique behavior of PUSH.

Behavioral characteristics

• The stack pointer moves downward
• Writing a value does not clear old memory; it only overwrites it
• Immediate values are sign-extended (push imm32 → 64bit)
• Operands cannot be two memory addresses
• The stack layout changes, affecting function call offset calculations

Equivalent expansion example

1
push rax
2
; 等价于
3
sub rsp, 8
4
mov [rsp], rax

1
push 0x1234
2
sub rsp, 8
3
mov qword ptr [rsp], 0x0000000000001234

ASCII stack change illustration

Before execution:

1
rsp → +------------------+
2
      |   （旧栈数据）    |
3
      +------------------+

After executing push rax:

1
      +------------------+
2
rsp → |     rax 的值      |
3
      +------------------+
4
      |   （旧栈数据）    |

Common uses

• Save register contents
• Push arguments during function calls
• Align stack space
• Temporarily save data
• In PWN, used to control stack layout and overwrite return addresses