What should the value of %esp be at this point in the code?

Question

I've been having trouble getting this code to work.

test    $0x10000000, %esp
jz      .ERROR
ret

If it jumps to .ERROR, the code just exits. Otherwise the output prints as normal.

When I use test $0x0000000, %esp it quits as I would expect.

These are my sections:

Sections:
Idx Name          Size      VMA       LMA       File off  Algn
  0 .interp       00000013  08048114  08048114  00000114  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  08048128  08048128  00000128  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .hash         00000038  08048148  08048148  00000148  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .dynsym       00000090  08048180  08048180  00000180  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynstr       00000064  08048210  08048210  00000210  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .gnu.version  00000012  08048274  08048274  00000274  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version_r 00000020  08048288  08048288  00000288  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .rel.dyn      00000010  080482a8  080482a8  000002a8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rel.plt      00000030  080482b8  080482b8  000002b8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .init         00000024  080482e8  080482e8  000002e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 10 .plt          00000070  08048310  08048310  00000310  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .text         00000188  08048380  08048380  00000380  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .springboard  00000023  08048508  08048508  00000508  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         00000015  0804852c  0804852c  0000052c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .rodata       00000024  08048544  08048544  00000544  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 15 .eh_frame     000000e0  08048568  08048568  00000568  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .dynamic      000000c8  08049648  08049648  00000648  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 17 .got          00000004  08049710  08049710  00000710  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 18 .got.plt      00000024  08049714  08049714  00000714  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 19 .data         00000004  08049738  08049738  00000738  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 20 .bss          00000004  0804973c  0804973c  0000073c  2**2
                  ALLOC
 21 .comment      0000002a  00000000  00000000  0000073c  2**0
                  CONTENTS, READONLY

Maybe I don't understand this yet, but should %esp be equal to addresses in that range?

I can move the .springboard section to 0x10000000 if I link it with my linker script. The return goes to the springboard section. So my thought was that it shouldn't work here, but if I link it with my script and the springboard section is moved, then it will work. Why is it working in both cases?

I'm guessing the test is returning a non-zero value but I don't understand why.

Answer 1

No, esp is a stack pointer, so it should point to some address inside stack. Your program doesn't seem to provide any stack section, so I guess the OS allocates the stack.

Well, if you are about to return from a function, dword ptr [esp] (but not esp) should indeed contain an address from the sections above, as this should be an address of the next instruction to be executed after the function call.