Tutorial - The Stack

From Cheat Engine
Jump to navigation Jump to search



So what is the stack?

Well I hate to use the word in the definition, but it's just a metaphorical stack of bytes; or an abstract data type that serves as a collection of elements, with two principal operations.

PUSH
Adds an element to the collection.
POP
Removes the most recently added element that was not yet removed.

It uses a LIFO (last in, first out) behavior. So if we push value A onto the stack and then push value B, when we pop it will be value B first then value A with the second pop.[1]

LIFO


Working with the Stack

So let's just dig in, if we have some code like this.

push 123ABC
push 00DEAD
push 00BEEF
pop dword ptr [TestVals]
pop dword ptr [TestVals+4]
pop dword ptr [TestVals+8]

And if we assemble this in some memory.
Assembled opcode

So let's set a breakpoint and watch the stack as we step though the opcode.

Note: to view the stack you may need to select it for viewing.

stack view


Code step 1

step 1

Code step 2

So it's here that we start to see the values on the stack. step 2

Code step 3

step 3

Code step 4

step 4

Code step 5

And here we can start to see the values being popped in the reverse order that they were pushed. step 5

Code step 6

step 6

Code step 7

step 7


And that's really all there is to the basics of the stack.

The thing to remember is that if you push in some injected code then you will need to pop in order to clean (or sanitize) the stack.



See Also


Sources

  1. wikipedia.org/wiki/Stack_(abstract_data_type)