Stack frame

Typically, the system stack is used to save return addresses when calling routines, as well as save / restore processor register values.

Passing Arguments

When the procedure is called, the arguments are sent to the stack, and only then is the subroutine called. Thus, the procedure receives a stack, on top of which lies the return address, and below it are the arguments with which it was called.

When returning from the procedure (or after it, see below), the arguments should be cleared from the stack.

Allocating Temporary Memory

If the stack pointer is shifted “higher” (towards the stack increase), then part of the memory in the stack will be idle (including when the third procedure is called) and can be used by the procedure at its discretion, up to the moment of returning to the procedure that called it. Thus, high-level languages ​​organize variables that exist only within the procedure (the C language calls them “automatic”).

Before returning, the procedure must return the stack pointer to its original position (i.e., to the return address).

Different compilers of high-level languages ​​have different approaches to organizing a stack frame, depending on the features of the hardware platform and the standards of a particular language. The main differences relate to the order in which arguments are pushed onto the stack and removed from the stack upon return.

A stack frame is a convenient technology for allocating temporary memory for passing an arbitrary number of arguments or for internal use. However, it has several disadvantages.

Performance

Transferring data through memory unnecessarily slows down program execution (compared to assembly language programs in which most arguments and temporary data are placed in processor registers).

To reduce calls to local variables, the program is optimized during compilation to use registers instead of variables in memory or to store their intermediate values.

Some languages ​​use calling conventions that support the transfer of integer arguments through registers.

Security

A stack frame interleaves application data with critical data — pointers, register values, and return addresses. This, combined with the architectural features of some processors (namely, the direction of stack growth), makes malicious overlapping of critical data as a result of buffer overflows very easily achievable (of course, first of all, the program must contain an error that will allow overflowing).

Such “unsuccessful”, from the point of view of buffer overflow, the direction of growth of the machine stack have hardware platforms: X86 .

A buffer overflow attack on the stack is usually implemented as follows:

• The attacking program sends a data block, obviously larger than the buffer size of the target program, to the network connection (or other means of interprocess communication).
• An incorrectly written (vulnerable) procedure allows excess data to be written beyond the boundaries of the buffer (i.e., allows it to overflow), through the beginning of the stack frame and the return address. The data block is arranged so that the return address in the stack is replaced by the address of the exploit code located in the same loaded data block (the execution of this code with the privileges of the program being executed is the purpose of the attack).
• When returning from a vulnerable procedure, control via the changed return address is transferred to the exploit code.

• Stack
• Buffer overflow
• Call agreement
• Register window