1  Operation of the stack
     2
     3  [root@localhost ~]# cat -n rvals2.c
     4       1  #include <stdio.h>
     5       2  main () {
     6       3    printf("now we are in main\n");
     7       4    fn1();
     8       5    printf("now we are back in main. goodbye.\n");
     9       6  }
    10       7     fn1() {
    11       8       printf("now we are in fn1\n");
    12       9       fn2();
    13      10     }
    14      11        fn2() {
    15      12          printf("now we are in fn2\n");
    16      13        }
    17  [root@localhost ~]#
    18  [root@localhost ~]# gcc rvals2.c -o rvals2 -ggdb
    19  [root@localhost ~]#
    20  [root@localhost ~]# gdb rvals2
    21  GNU gdb Red Hat Linux (6.6-8.fc7rh)
    22  Copyright (C) 2006 Free Software Foundation, Inc.
    23  GDB is free software, covered by the GNU General Public License, and you are
    24  welcome to change it and/or distribute copies of it under certain conditions.
    25  Type "show copying" to see the conditions.
    26  There is absolutely no warranty for GDB.  Type "show warranty" for details.
    27  This GDB was configured as "i386-redhat-linux-gnu"...
    28  Using host libthread_db library "/lib/libthread_db.so.1".
    29  (gdb)
    30  (gdb) break 4
    31  Breakpoint 1 at 0x80483c1: file rvals2.c, line 4.
    32  (gdb) break 9
    33  Breakpoint 2 at 0x80483ed: file rvals2.c, line 9.
    34  (gdb) break 12
    35  Breakpoint 3 at 0x80483fa: file rvals2.c, line 12.
    36  (gdb) run
    37  Starting program: /root/rvals2
    38  now we are in main
    39
    40  Breakpoint 1, main () at rvals2.c:4
    41  4         fn1();
    42  (gdb) print $esp
    43  $1 = (void *) 0xbfee1910
    44  (gdb) print $ebp
    45  $2 = (void *) 0xbfee1918
    46  (gdb) x/2 $esp
    47  0xbfee1910:     0x080484e0      0xbfee1930
    48  (gdb) next
    49  now we are in fn1
    50
    51  Breakpoint 2, fn1 () at rvals2.c:9
    52  9            fn2();
    53  (gdb) print $esp
    54  $3 = (void *) 0xbfee1900
    55  (gdb) print $ebp
    56  $4 = (void *) 0xbfee1908
    57  (gdb) x/6 $esp
    58  0xbfee1900:     0x08048516      0x00000000      0xbfee1918      0x080483c6
    59  0xbfee1910:     0x080484e0      0xbfee1930
    60  (gdb) next
    61
    62  Breakpoint 3, fn2 () at rvals2.c:12
    63  12              printf("now we are in fn2\n");
    64  (gdb) print $esp
    65  $5 = (void *) 0xbfee18f0
    66  (gdb) print $ebp
    67  $6 = (void *) 0xbfee18f8
    68  (gdb) x/10 $esp
    69  0xbfee18f0:     0x004baca0      0x00000000      0xbfee1908      0x080483f2
    70  0xbfee1900:     0x08048516      0x00000000      0xbfee1918      0x080483c6
    71  0xbfee1910:     0x080484e0      0xbfee1930
    72  (gdb) disas main
    73  Dump of assembler code for function main:
    74  0x080483a4 <main+0>:    lea    0x4(%esp),%ecx
    75  0x080483a8 <main+4>:    and    $0xfffffff0,%esp
    76  0x080483ab <main+7>:    pushl  0xfffffffc(%ecx)
    77  0x080483ae <main+10>:   push   %ebp
    78  0x080483af <main+11>:   mov    %esp,%ebp
    79  0x080483b1 <main+13>:   push   %ecx
    80  0x080483b2 <main+14>:   sub    $0x4,%esp
    81  0x080483b5 <main+17>:   movl   $0x80484e0,(%esp)
    82  0x080483bc <main+24>:   call   0x80482b4 <puts@plt>
    83  0x080483c1 <main+29>:   call   0x80483db <fn1>
    84  0x080483c6 <main+34>:   movl   $0x80484f4,(%esp)
    85  0x080483cd <main+41>:   call   0x80482b4 <puts@plt>
    86  0x080483d2 <main+46>:   add    $0x4,%esp
    87  0x080483d5 <main+49>:   pop    %ecx
    88  0x080483d6 <main+50>:   pop    %ebp
    89  0x080483d7 <main+51>:   lea    0xfffffffc(%ecx),%esp
    90  0x080483da <main+54>:   ret
    91  End of assembler dump.
    92  (gdb) disas fn
    93  No symbol "fn" in current context.
    94  (gdb) disas fn1
    95  Dump of assembler code for function fn1:
    96  0x080483db <fn1+0>:     push   %ebp
    97  0x080483dc <fn1+1>:     mov    %esp,%ebp
    98  0x080483de <fn1+3>:     sub    $0x8,%esp
    99  0x080483e1 <fn1+6>:     movl   $0x8048516,(%esp)
   100  0x080483e8 <fn1+13>:    call   0x80482b4 <puts@plt>
   101  0x080483ed <fn1+18>:    call   0x80483f4 <fn2>
   102  0x080483f2 <fn1+23>:    leave
   103  0x080483f3 <fn1+24>:    ret
   104  End of assembler dump.
   105  (gdb) disas fn2
   106  Dump of assembler code for function fn2:
   107  0x080483f4 <fn2+0>:     push   %ebp
   108  0x080483f5 <fn2+1>:     mov    %esp,%ebp
   109  0x080483f7 <fn2+3>:     sub    $0x8,%esp
   110  0x080483fa <fn2+6>:     movl   $0x8048528,(%esp)
   111  0x08048401 <fn2+13>:    call   0x80482b4 <puts@plt>
   112  0x08048406 <fn2+18>:    leave
   113  0x08048407 <fn2+19>:    ret
   114  End of assembler dump.
   115  (gdb)