On Fri, 15 Oct 2004, Jeffrey A Law wrote:
On Fri, 2004-10-15 at 12:51, Gerhard Wiesinger wrote:
On Fri, 15 Oct 2004 bserdar@xxxxxxxxx wrote:
80485b3: e8 00 00 00 00 call 80485b8 <X::f()+0xc>
80485b8: 5b pop %ebx
80485b9: 81 c3 5c 12 00 00 add $0x125c,%ebx
With pop ebx, it pops the eip at that instruction to ebx. I'm guessing it'll use ebx as a base pointer to data (or code?) from this point on. You can verify this guess by accessing some global variables from within X::f() and see whether it uses ebx-relative access.
OK, but why is the function call at 80485b3 to the next address at
80485b8?
Because it allows us to get the current PC's value in a position
independent way.
ie, the call pushes the return address onto the stack and we pop
that value into ebx.
OK, I got it now.
Thank you.
Ciao,
Gerhard
