LEAVE

Table of Contents

1. LEAVE (leave)
   1. Basic purpose
   2. Instruction execution process
   3. Instruction format
   4. Behavioral characteristics
   5. Common uses

LEAVE (leave)

Basic purpose

LEAVE is used to restore the stack frame from before a function call, equivalent to cleaning up local variables and restoring the old RBP. Equivalent behavior:

1
mov rsp, rbp
2
pop rbp

Instruction execution process

1. Write the value of RBP into RSP (discard the local variable area)
2. Pop the old RBP from the stack

Instruction format

1
leave

Behavioral characteristics

• Single-byte instruction
• A common epilogue before a function returns
• Shorter and faster than writing the two instructions manually when cleaning up a stack frame
• In overflows: when the saved RBP has been overwritten, leave assigns that “fake RBP” to RSP

Common uses

• Standard function tail: push rbp → … → leave
• Very clear for debugging stack frames
• In PWN, RBP can be forged to hijack the destination of the subsequent RET