On Fri, 2004-10-15 at 12:51, Gerhard Wiesinger wrote: > On Fri, 15 Oct 2004 bserdar@xxxxxxxxx wrote: > > > > >> 80485b3: e8 00 00 00 00 call 80485b8 <X::f()+0xc> > >> 80485b8: 5b pop %ebx > >> 80485b9: 81 c3 5c 12 00 00 add $0x125c,%ebx > > > > With pop ebx, it pops the eip at that instruction to ebx. I'm guessing it'll use ebx as a base pointer to data (or code?) from this point on. You can verify this guess by accessing some global variables from within X::f() and see whether it uses ebx-relative access. > > > > OK, but why is the function call at 80485b3 to the next address at > 80485b8? Because it allows us to get the current PC's value in a position independent way. ie, the call pushes the return address onto the stack and we pop that value into ebx. jeff
