He calls it a C trick but the actual trick is implemented in asm. It would be a cool trick if he did it purely in C. Especially today, "all the world's not x86".
(And I used to be a gcc maintainer for m68k and i860. I'm quite familiar with frame pointers and their non-use.)
Btw: you can do this trick without resorting to assembly - start by taking the address of a local variable.
That depends entirely on the calling convention - potentially you can take two words down from the first argument, but that is no guarantee, and would not suffice for the didactic goals this article attempts to accomplish.
Worth knowing that this also describes some of the mechanics of a relatively common C vulnerability, and a tactic used by some content protection schemes.
Neat trick, but still an example of Greenspan's 10th ("Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp.").
The Common Lisp condition system (http://www.gigamonkeys.com/book/beyond-exception-handling-co...) is worth understanding, even if you're developing in other languages. It's an elegant example of how to manipulate the call stack. Unfortunately, it's hard to implement in most other languages.
There is no special call stack manipulation in the CL condition system. It's built on top of dynamic scoping and normal catch/throw unwinds; see http://www.pipeline.com/~hbaker1/MetaCircular.html for block/return-from on top of catch/throw.
valid (but nonsensical) C. Chances are that the standard contains special wording that prohibits the latter two, though. If not, this is useful to know for the obfuscated C contest (more so if you can jump to that label)
(And I used to be a gcc maintainer for m68k and i860. I'm quite familiar with frame pointers and their non-use.)
Btw: you can do this trick without resorting to assembly - start by taking the address of a local variable.