I understand the classic function prologue, push ebp mov ebp esp But it seems new compilers have a more complicated prologue that adds 3 instructions and uses ecx.
My question : It seems the purpose of this prologue is to save ESP on the stack as well. But why ? In the "classic" epilogue, ESP is always resored when doing mov esp ebp pop EBP (because the ESP of the calling function is always right after EBP of the called function).
So it seems an uncessary step is added, furthermore we are adding 4 to esp then substracting it anyways later. And why are we using ECX anyways instead of just pushing ESP to the stack in the prologue ?
0x0000054d <+0>: lea ecx,[esp+0x4] ; ecx = address of [esp+0x4]
0x00000551 <+4>: and esp,0xfffffff0 ; and operation on esp.
0x00000554 <+7>: push DWORD PTR [ecx-0x4] ; push value at [ecx-0x4] i.e. esp on stack
0x00000557 <+10>: push ebp ; push ebp on stack
0x00000558 <+11>: mov ebp,esp
