In assembly languages, eax, EBX, ECx, EDX, ESI, EDI, EBP, and ESP

From: http://hi.baidu.com/helloembed/blog/item/2fd65453843120511038c21a.html

 

Eax, EBX, ECx, EDX, ESI, EDI, EBP, ESP, etc. are the names of General registers on the CPU in x86 assembly language, and are 32-bit registers. These registers can be viewed as variables in C language.

For example: Add eax,-2; // it can be considered to be a value such as-2 added to the variable eax.

These 32-bit registers have multiple purposes, but each of them has "expertise" and has its own special features.

Eax is the accumulator, which is the default register of many addition multiplication commands.

EBX is a base register that stores the base address in memory addressing.

ECX is the counter and the internal counter of the repeated (REP) prefix command and loop command.

EdX is always used to place the remainder produced by integer division.

ESI/EDI are called "source/destination Index" (source/destination index), because in many string operation commands, DS: ESI refers to the source string, While ES: EDI points to the target string.

EBP is a base pointer, which is most often used as a frame pointer for calling high-level language functions ). when cracking, you can often see the starting code of a standard function:

Push EBP; Save the current EBP
MoV EBP, esp; EBP is set as the current stack pointer
Sub ESP, xxx; reserve XXX bytes for function temporary variables.
...

In this way, EBP forms a framework of this function. The above EBP is the original EBP, return address, and parameters respectively. under EBP is a temporary variable. moV ESP, EBP/pop EBP/RET when the function returns.

ESP is specially used as a stack pointer. It is visually called a stack top pointer. The top of the stack is a region with a small address. The more data pushed into the stack, the smaller the ESP. On a 32-bit platform, ESP is reduced by 4 bytes each time.

ESP: registers store the top pointer of the stack of the current thread
EBP: registers store the bottom pointer of the current thread.
EIP: registers store the memory address of the next CPU instruction. After the CPU executes the current instruction, it reads the memory address of the next instruction from the EIP register and continues executing the instruction.

General registers: ax, BX, CX, DX
Ax: Tired Memory, Bx: Base memory, CX: data storage, DX: Data Storage

Index Memory: Si, Di
Si: source index memory, DI: Destination index memory

Heap memory and base Memory: SP and BP
SP: heap refer refers to the standard memory, BP: Base refer to the standard memory

Eax, ECx, EDX, and EBX: extensions of ax, BX, CX, and DX, each of which is 32 bits
ESI, EDI, ESP, and EBP: extension of Si, Di, SP, and BP, 32-bit RMB

Basic stack Model

Parameter n	↓ High address
Parameters...	The order of function parameters in the stack is related to the specific call method.
Parameter 3
Parameter 2
Parameter 1
EIP	Returns the address of the next command after this call.
EBP	Save the caller's EBP and point it to the top of the stack.
Temporary Variable 1
Temporary Variable 2
Temporary Variable 3
Temporary variables...
Temporary Variable 5	↓ Low address