Tutorial - The Stack
So what is the stack?
Well I hate to use the word in the definition, but it's just a metaphorical stack of bytes; or an abstract data type that serves as a collection of elements, with two principal operations.
- PUSH
- Adds an element to the collection.
- POP
- Removes the most recently added element that was not yet removed.
It uses a LIFO (last in, first out) behavior. So if we push value A onto the stack and then push value B, when we pop it will be value B first then value A with the second pop.[1]
Contents
Working with the Stack
So let's just dig in, if we have some code like this.
push 123ABC push 00DEAD push 00BEEF pop dword ptr [TestVals] pop dword ptr [TestVals+4] pop dword ptr [TestVals+8]
And if we assemble this in some memory.
So let's set a breakpoint and watch the stack as we step though the opcode.
- Note: to view the stack you may need to select it for viewing.
Code step 1
Code step 2
So it's here that we start to see the values on the stack.
Code step 3
Code step 4
Code step 5
And here we can start to see the values being popped in the reverse order that they were pushed.
Code step 6
Code step 7
And that's really all there is to the basics of the stack.
The thing to remember is that if you push in some injected code then you will need to pop in order to clean (or sanitize) the stack.
See Also
- Auto Assembler Basics
- Auto Assembler Templates
- Code Injection - Basic injection
- Code Injection - Full injection
- Code Injection - Adding Editable Values
- Code Injection - Working with Integers
- Code Injection - Working with Floats