Does ret instruction cause esp register added by 4?

Question

Does "ret" instruction cause "esp" register added by 4?

Answer 1

Yes, it performs

pop eip

You can use

mov eax, [esp]
jmp eax

to avoid it.

EDIT: It's exactly what ret does. For example, jmp rel_offet is nothing than a hidden add eip, offset, or jmp absolute_offset is mov eip, absolute_offset. Sure there are differences in the way the processor treats them, but from programmer's point of view it's all that happens.

Also, there is a special form of ret : ret imm8 that also adds this imm8 value to esp : for example a __stdcall function uses it to discard its parameters from the stack. Not to mention retf version, used in 16bit mode, that also pops the cs from the stack.

EDIT2:

pop register

means:

mov register, [esp]
add esp, 4

Answer 2

yes, because on the stack there is (well, there should be, see buffer overflow) the address to where resume the execution of the program. So ret means

pop ret_addr           ; pop deletes ret_addr from stack by adding 4 to esp
mov eip, ret_addr

which is

pop eip

just as ruslik said

Answer 3

Yes, when the processor is running in 32-bit protected mode. In Real mode or 16-bit protected mode RET does a POP IP, which will cause an ADD ESP, 2 (instead of 4).