How to understand the assembly below?

     __asm__ __volatile__ (

            "movl 0x4(%ebp), %eax \n"

            "addl $15, %eax \n"

            "movl %eax, 开发者_高级运维0x4(%ebp)"

     );

I know %eax stores the return value,but what's %ebp here for?

Assuming your function's prolog looks like this:

pushl %ebp
movl %esp, %ebp
...

%ebp would be the register storing the base pointer (also called a frame pointer). The base pointer is where the current stack frame starts in the stack. As in x86 the stack grows downwards, locals are referenced as a negative offset from %ebp. Parameters and the return address are referenced by positive offsets from %ebp. The value in %ebp points at the caller's %ebp value on the stack (which was pushed by the prolog). This effectively forms a linked list of base pointers that can be used to "walk" the stack. Note: this assumes each stack frame has a base pointer; there is an optimization called Frame Pointer Omission (FPO) that frees up %ebp for other uses.

So given a function with that prolog and if it was called with a call instruction (i.e. the caller's return address was pushed onto the stack), then 0x4(%ebp) would store the return address because it was the last thing pushed onto the stack before the callee's prolog executes. Therefore, your code snippet would cause the next instruction to execute after the callee returns to be 15 bytes from the end of the caller's call instruction, instead of the next instruction after the call.

Edit: my numerous edits thus far have been to better explain my answer.

ebp is frame pointer. ebp along with esp marks the stack frame of current process.

0x4(%ebp) is actually is return address, the address to which function to return after this call gets over.

Check the stack frame in this picture.

The %ebp register points to the current stack frame where the function parameters and local variables are stored. That code is accessing a value at offset 0x4 from %ebp (what that value represents is not shown).

ebp is a base pointer. Function params stored in stack, first in stack lies return address, so (if we using 32 bit machine) 0x4(%ebp) points to first param of function.