x86 architecture

x86 Assembly and Call StackComputer Security

1. Little Endian

2. Stack grows downwards to lower memory addresses

3. Registers

Special registers

a. EIP: Extended Instruction Pointer

• Stores the address of the current machine instruction

b. EBP: Extended Base Pointer

• Stores the address of the top of the current stack frame

• Used to create a stable reference point

  • used as an offset to reference local variables

c. ESP: Extended Stack Pointer

• Stores the address of the bottom of the current stack frame

General-purpose registers

EAX, EBX, ECX, EDX, ESI and EDI

Note: the e prefix for the register naming stands for "extended". This indicates a 32-bit system (extended from the original 16-bit).

Write/read operations on the stack

Since we are working with a 32-bit architecture, the increment/decrement value will be 4 bytes (32 bits). Additionally, remember that the x86 architecture grows the stack downwards to lower memory addresses.

Pushing to stack (WRITE)

When data is pushed to the stack (push command), the ESP is decremented by 4, before the CPU appends the data to the memory location found in the ESP .

Reading (pop) from stack (READ)

To retrieve data from the stack, the memory location value stored in the EIP will be retrieved, before being incremented by 4.

Note that the data stored in the memory location of the old EIP value (before increment) will still be present. However, due to the change of the EIP value, the data will be treated as if it has been removed, and subsequent writes will overwrite this value

Memory layout