Stack and Call Class

Table of Contents

1. Stack and Call Class
2. Overview
3. Subclass Description
4. Instruction List
   1. Stack Operations
   2. Calls and Returns
   3. Stack Frame Construction and Destruction

Stack and Call Class

Overview

This class of instructions governs the structure of a program’s call chain and is central to function execution and return. In PWN, they are the most sensitive and critical instructions: all stack overflows, return address control, ROP, and call-chain hijacking revolve around these instructions.

Understanding these instructions means mastering the skeleton of program execution.

Subclass Description

Stack frame construction
Stack frame destruction
Function calls and returns
Control changes to the stack pointer (RSP) and base pointer (RBP)
Various attack techniques (ROP / ret2…) all depend on a precise understanding of the behavior of these instructions

Instruction List

Stack Operations

• PUSH
  Pushes data onto the top of the stack and automatically adjusts the stack pointer (esp/rsp) according to the architecture.

• POP
  Pops data from the top of the stack into the target register or memory and increments the stack pointer.

Calls and Returns

• CALL
  Calls a function, automatically pushes the return address onto the stack, and transfers control flow to the target function.

• RET
  Pops the return address from the stack and jumps to it; this is the basic mechanism of function return.

Stack Frame Construction and Destruction

• LEAVE
  Used for stack frame cleanup before a function returns: equivalent to the combination of mov rsp, rbp and pop rbp.