I have a piece of code like this:
#include<stdio.h>
main()
{
xxx(1234);
}
int xxx(int b)
{
int c;
c=b;
return c;
}
I use gdb to show what value of ESP register and how it work by make breakpoint at xxx(1234); and c=b; line.
Run program and stop at the first breakpoint, use i r esp and x/x $esp. It show that esp point to eg: 0xbbbbefff and this address contain a miscellaneous value eg: 0xbb33bb33. Continue to the second breakpoint I repeat two command above to examine what value at address 0xbbbbefff, it show 0x000004d2 (1234 in decimal).
I know ESP point to top of stack, then if we push a value into stack, it move to lower address and put the value into memory at that address. For instance, if at the first breakpoint ESP point to address 0xbbbbefff, so in the second breakpoint ESP must point to somewhere like at 0xbbbbefff-4=0xbbbbeffa and contain 0x000004d2 while memory at 0xbbbbefff still contain 0xbb33bb33 . But I saw in gdb that 0x000004d2 value contained in 0xbbbbefff (the previous top stack before calling xxx function).
Do I understand wrong about stack?