View Single Post
  #2 (permalink)  
Old April 30th, 2007, 11:21 PM
steven_wort steven_wort is offline
Wrox Author
 
Join Date: Dec 2006
Location: kirkland, wa, USA.
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

#1 EBP is also commonly refered to as the Frame Pointer.

ESP is the only one that gets automatically incremented / decremented by the CPU when you call, ret, or push and pop stuff.

EBP is usually only used by a compiler to keep track of the current frame its working with. EBP or the Frame Pointer then becomes a usefull shortcut for all kinds of things.

#2 adding 8 to esp is a simple way to remove the two values pushed onto the stack before calling printf.

With a compiler in the mix, then you could see several variations of this calling convention based on the calling convention for the function being called. In this case printf isnt doing any stack cleanup, so the caller has to do it after printf returns.

Steve Wort
Co Author "Professional SQL Server 2005 Administration"