why ebp is empty while gcc compiled with -ggdb arg(without optimization)

发布于 2021-10-08  25 次阅读

The answer basically is "why IT'S called calling-convention rather than requirement"

for _cdecl ,it suggest fn set-up its env and tear-up by itself

so a fn is actually can run without save ebp,since it's a special fn

while there is still a safty reason that to prevant from shellcode 'leave' get control of stack frame of _libc_start_main fn