- Prison Code Breaker Diary -

A note on x86 Registers

Intel x86's registers can be divided into several categories:

• General-purpose registers
• Segment registers
• Program flow control registers
• Other registers.

General-purpose registers include EAX, EBX, ECX, EDX, ESP EBP, ESI, and EDI. They are not all equal in their usage, and some instructions assign them special functionality. Segment registers are used to point to different seg-ments of process address space.Their functions are as follows: CS points to the beginning of a code segment; SS is a stack segment; DS, ES, FS, GS, and various other data segments, for example, the segment where static data is kept. Many processor instructions implicitly use one of these segment registers, so usually we will not need to mention them in our code. If you want to be more precise, instead of an address in memory these registers contain references to internal processor tables that are used to support virtual memory.

EIP: Extended Instruction Pointer. When you call a function, this pointer is saved on the stack for later use. When the function returns, this saved address is used to determine the location of the next executed instruction.

ESP: Extended Stack Pointer. This points to the current position on the stack and allows things to be added to and removed from the stack using push and pop operations or direct stack pointer manipulations.

EBP: Extended Base Pointer. This register usually stays the same throughout the execution of a function. It serves as a static point for referencing stack-based information such as variables and data in a function using offsets.This pointer usually points to the top of the stack for a function.

Reference from:

• Buffer Overflow Attacks: Detect, Exploit, Prevent (by James C. Foster, Vitaly Osipov, Nish Bhalla, Niels Heinen)