EBP points to higher memory address at the bottom of the stack, ESP points to the top of the stack at lower memory location. EIP holds the address of next instruction to be executed.
address of the top of the stack. base pointer (EBP): register containing the. address of the bottom of the stack frame. instruction pointer (EIP): register containing. the address of the instruction to be executed.
%EBP - Base Pointer. This 32-bit register is used to reference all the function parameters and local variables in the current stack frame. Unlike the %esp register, the base pointer is manipulated only explicitly. This is sometimes called the "Frame Pointer".
The ESP register is the stack pointer for the system stack. It is rarely changed directly by a program but is changed when data is pushed onto the stack or popped from the stack. One use for the stack is in procedure calls. the address of the instructions following the procedure call instruction is stored on the stack.
ESP is the current stack pointer. EBP is the base pointer for the current stack frame.
When you call a function, typically space is reserved on the stack for local variables. This space is usually referenced via EBP (all local variables and function parameters are a known constant offset from this register for the duration of the function call.) ESP, on the other hand, will change during the function call as other functions are called, or as temporary stack space is used for partial operation results.
Note that most compilers these days have an option to reference all local variables through ESP. This frees up EBP for use as a general purpose register.
In general, when you look at the disassembly code at the top of a function you'll see something like this:
push EBP
mov  EBP, ESP
sub  ESP, <some_number>
So EBP will point to the top of your stack for this frame, and ESP will point to the next available byte on the stack. (Stacks usually - but don't have to - grow down in memory.)
Usually, this space is reserved for local variables that end up stored on the stack. At the start of the function, ESP is decremented by the appropriate value.
In your case, there are 104 bytes worth of locals in the function.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With