Registers

Question 1

What is the EAX’s full name?

Answer 1

The Accumulator Register

Question 2

Which common calculations use the EAX as its primary register?

Answer 2

ADD and SUB

Question 3

What does the EAX register do with function calls?

Answer 3

Store the return value

Question 4

What is the full name of EBX?

Answer 4

The base register

Question 5

Does the EBX have a special purpose? If so what is it?

Answer 5

NO.

It’s used as a ‘catch all’ for available storage.

Question 6

What is the full name of the ECX register?

Answer 6

The Counter Register

Question 7

What sort of code does the ECX count?

Answer 7

Loops, repetitive functions etc

Question 8

The ECX can also store any sort of data, true or false?

Answer 8

True. It doesn’t just have to be used as a counter

Question 9

What is the EDX fully know as?

Answer 9

The Data Register

Question 10

Which other register is the EDX a ‘sort of’ partner too?

Answer 10

EAX

Question 11

Why does the EDX register have a ‘partner’?

Answer 11

It is commonly used by multiplication and division instructions.

Question 12

Which register stores the most significant bits for a calculation overflow (multiply or divide)? And which stores the least?

Answer 12

EDX stores the most and EAX stores the least

Question 13

What is the ESI fully known as?

Answer 13

The Source Index

Question 14

What does the ESI specifically hold reference to?

Answer 14

The pointer to a value that is being read. For example a string value in a ‘read string’ function.

Question 15

Which register is known as the Destination Index?

Answer 15

EDI

Question 16

What was the EDI originally designed to store?

Answer 16

The storages pointer of functions, for example the write address or a string operation

Question 17

Which register is known as the Base Pointer?

Answer 17

EBP

Question 18

What is the common purpose of the EBP?

Answer 18

Keeps track of the bottom of the stack.

Question 19

What else can the EBP be commonly known to hold?

Answer 19

References to variables located on the stack by using an offset to the current EBP value

Question 20

What is the ESP?

Answer 20

The Stack Pointer

Question 21

What does the ESP commonly do?

Answer 21

Holds a reference to the address at the top of the stack

Question 22

What happens to the ESP when values are pushed and popped on and off the stack?

Answer 22

The value stored increments and decrements.

Question 23

Which register is extremely important within the execution flow of the program?

Answer 23

EIP

Question 24

What does the EIP register stand for?

Answer 24

The Instruction Pointer

Question 25

What does the EIP hold reference to?

Answer 25

The next instruction for the CPU

Question 26

What happens if the EIP value is overwritten due to an overflow?

Answer 26

Segmentation Fault. The instruction held will likely point at junk until the payload is cleaned up properly.

Question 27

How can registers be broken up further (i.e EAX, EBX, ECX and EDX) and what are their names.

Answer 27

In the case of EAX. The lower 16 bits (0 - 15) are known as AX, the lower 8 bits of AX (0-7) are known as AL and the higher bits (8-15) are known as AH. This is the same across the first 4 registers.

Question 28

Can the following registers be broken down into small registers? ESP, EBP, ESI, EDI

Answer 28

Yes, they break into 16 bit registers with the following name: SP, BP, SI, DI