So I have been learning a little about smashing the stack, CPU registers, etc. Can’t say I’m even close to becoming an expert, but thought I would put up some notes anyways. There are a number of general purpose registers, and the first four we are starting with are EAX, ECX, EDX and EBX. The names of each of these registers are as follows:
EAX = Accumulator
ECX = Counter
EDX = Data
EBX = Base
These have a variety of purposes but are mainly used to act as temporary variables for the CPU when it is executing machine instructions. The second four general purpose registers are ESP, EBP, ESI and EDI(these are sometimes known as pointers and indexes).
ESP = Stack Pointer
EBP = Base Pointer
ESI = Source Index
EDI = Destination Index
The first two(ESP, EBP) are called pointers because they store 32-bit addresses which essentially point to a location in memory. The last two registers(ESI, EDI) are technically pointers too. Commonly used to point to the source and destination when data needs to be read from or written to. There are some Load and Store Instructions that use these registers.
EIP = Instruction Pointer
The EIP points to the current instruction the processor is reading, or put more technically, it contains a memory address that points to the current instruction(in the main() in a C app for example) I get the feeling from my limited reading so far that the EIP is very important when looking into exploitation, and will be looked at a lot when debugging.
The EFLAGS register consists of several bit flags that are used for comparisons and memory segmentation.
The smallest amount that can be stored in memory is 1 bit, which can be represented as either a 1 or a 0. When you put 4 bits together, it is called a nibble, and this can represent values from 0000 to 1111. When you put two nibbles or 8 bits together you get a byte, which can represent values from 0 to (2^8 -1) which is 0 – 255 in decimal.
When you put two bytes together you get a WORD, which can represent values from 0 to (2^16 -1) or 0 – 65,535 in decimal. If you put two WORDs together you get a Double WORD or DWORD, which can represent values from 0 to (2^32 -1) or in decimal 0 – 4,294,967,297.