EIP, EBP, and ESP are system registers, and some addresses are stored in them.
The reason is that the three pointers are inseparable from the stack implementation in our system. We talked about the data structure of the stack on DC, which has the following features. (This emphasizes too much) In fact, it has the following two functions: 1. the stack is used to store temporary variables and intermediate results transmitted by functions. 2. Operating System maintenance is transparent to programmers. We may only emphasize the features of the stack, such as its implementation principles? The following is a small example of how Stack works. First write a small program: void fun (void) {printf ("Hello World");} void main (void) {fun () printf ("function call ends ");} this is an example of a simple function call. When a program calls a function, we often say that the function is first pushed to the stack. When the function call is completed, the stack is released. All these tasks are automatically completed by the system. However, in the process of completion, the system will use the following three registers: 1. eip2.esp3. The role of EBP when the fun function is called. 1. The EIP register stores the address of the instruction that the CPU will execute next time. That is, after calling the fun function, let the CPU know that the printf ("function call ends") Statement in the main function should be executed. 2. The EBP register stores the stack bottom pointer, usually called the stack base address, which is passed to EBP by ESP before the fun () function is called. (You can understand this before calling a function: ESP stores the stack top address and the stack bottom address .) 3. The ESP register stores the top stack of the stack after calling the function fun. And always points to the top of the stack. After the fun function is called, the three functions are as follows: 1. based on the address stored in the EIP register, the CPU can know what to do after the function is called, that is, to execute printf ("function call ends") in the main function "). 2. The EBP register stores the stack base address, which is passed to EBP by ESP before function call. After the call is complete, EBP returns its address to ESP again. So ESP points again to the address at the top of the stack after the function call is completed. In fact, we only need to know what the three pointers are. It may be helpful for us to learn about Stack Overflow and read books on stack. When someone tells you about EIP, ESP, and EBP, you can't get confused, so your level will look too low. We can still program without knowing it, because we are C-level programmers rather than ASM-level programmers.