I found this assembly code and while analyzing it, I realized that I see no cleaning or balancing of the stack here. And I thought that maybe accessing the stack like dword ptr [ebp-8] is equivalent to popping the content. Am I correct, if no, then why is it that the code below shows no pop instruction or add esp, whatever ??
_AddMe:
push ebp
mov ebp, esp
sub esp, 0ch
mov eax, dword ptr [ebp+0ch]
mov dword ptr [ebp-4], eax
mov eax, dword ptr [ebp+8]
mov dword ptr [ebp-8], eax
mov eax, dword ptr [ebp-8]
add eax, dword ptr [ebp-4]
mov dword ptr [ebp-0ch], eax
mov eax, dword ptr [ebp-0ch]
jmp AddMeEpilogue
AddMeEpilogue:
mov esp, ebp
pop ebp
ret
You can increment and decrement the stack pointer manually, so adding/subtracting to esp is basically similar to push and pop operation.
Example
mov eax, 2134
push eax
mov ebx, [esp]
add esp, 04 <-- This is the actual pop operation.
mov ecx, [esp-4]
ret
You can see that I don't do a pop after the push, but the code still executes correct and is similar to.
push eax
pop ebx
mov ecx, ebx
Accessing the stack doesn't change the correctness of it. So if you do a mov eax, dword ptr [ebp-0ch] doesn't mean that the stack will be correct or incorrect, because it just fetches some value from memory which happens to be the stack. Only increasing or decreasing the ESP has a meaning that can be considered as push or pop operation.