i've been learning x86 assembly for reverse engineering recently and in my tutorial there is sentence that says Ebp points to the old Ebp, however i don't understand this, its confusing.
I looked up on other posts about it but no one did answer my question.
The point of one frame pointer referring to another is that this creates a linked list of stack frames, each stack frame can be used to identify the prior (invoking, calling) stack frame — this means that (A) a debugger can trace the call stack, (B) we can unwind the stack for exception handling (catch/throw).
(Note that some additional behaviors/information is required for completeness of these jobs, and, also that the frame pointer mechanism is only one of several ways to accomplish stack tracing.)
The current ebp refers to the location that the current frame has stored the prior ebp value.
This creates a classic singly linked list. So, dereference current ebp and get the value of prior ebp, do so with prior and get the prior's prior ebp.
Because the prior ebp is pushed as the first push of the newly called function, which was called using some call instruction, we know that there is a return address on the stack immediately above each old ebp value.
Since the return address is always right next to the ebp and we can follow each ebp to its caller (the caller's frame), we can find the code that did the call — that requires using the return address and some checking of ranges to identify the calling function. Thus, a key element of the linked list created by ebp values pointing to the prior frame is access to the return addresses in the stack frames that can be used to identify the function (and even which location in the function) that did the calling.