If I am using the Win32 entry point, should I increase the esp value to remove the variables from the stack?

Question

If I am using the Win32 entry point and I have the following code (in NASM):

extern _ExitProcess@4

global _start

section .text
_start:
    mov ebp, esp

    ; Reserve space onto the stack for two 4 bytes variables
    sub esp, 4
    sub esp, 4

    ; ExitProcess(0)
    push 0
    call _ExitProcess@4

Now before exiting the process, should I increase the esp value to remove the two variables from the stack like I do with any "normal" function?

Answer 1

ExitProcess api can be called from any place. in any function and sub-function. and stack pointer of course can be any. you not need set any registers (include stack pointer) to some (and which ?) values. so answer - you not need increase the esp

---

as noted @HarryJohnston of course stack must be valid and aligned. as and before any api call. ExiProcess is usual api. and can be call as any another api. and like any another api it require only valid stack but not concrete stack pointer value. non-volatile registers need restore only we return to caller. but ExiProcess not return to caller. it at all never return

so rule is very simply - if you return from any function (entry point or absolute any - does not matter) - we need restore non volatile registers (stack pointer esp or rsp based on calling conventions) and return. if we not return to caller - we and not need restore/preserve any registers. if we return from thread or process entry point, despite good practice also restore all registers as well - in current windows implementations - even if we not do this, any way all will be work, because kernel32 shell caller simply just call ExitThread after we return. it not use any non volatile registers or local variables here. so code will be worked even without restore this from entry point, but much better restore it anyway