.1. X86
RSP/ESP/SP/SPL
Byte number:
7th 6th 5th 4th 3rd 2nd 1st 0th
RSP
ESP
SP
SPLAKAstack pointer. Usually points to the current stack except in those cases when it is not yet initialized.
RBP/EBP/BP/BPL
Byte number:
7th 6th 5th 4th 3rd 2nd 1st 0th
RBP
EBP
BP
BPLAKAframe pointer. Usually used for local variables and accessing the arguments of the function. More
about it: (1.9.1 on page 67).
RIP/EIP/IP
Byte number:
7th 6th 5th 4th 3rd 2nd 1st 0th
RIPx64
EIP
IPAKA“instruction pointer”^3. Usually always points to the instruction to be executed right now. Cannot be
modified, however, it is possible to do this (which is equivalent):
MOV EAX, ...
JMP EAX
Or:
PUSH value
RET
CS/DS/ES/SS/FS/GS
16-bit registers containing code selector (CS), data selector (DS), stack selector (SS).
FS in win32 points toTLS, GS took this role in Linux. It is made so for faster access to theTLSand
other structures like theTIB.
In the past, these registers were used as segment registers (11.6 on page 1003).
Flags register
AKAEFLAGS.
(^3) Sometimes also called “program counter”