In today tutorial I'll discuss about registers in CPU. It's an important topic in computer science. First we have to know what is a register and for what we use them. You may heard that there are some common architectures like 32 bit , 64 bit or x64 , x86 etc. Do you know what they mean? In my previous examples I used a Intel 32bit processor. The size of a register in 32 bit architecture is 4 bytes (32 bits) . When we talk about 64 bit architecture their register size is 8 byte (64 bits). In computer science we call this as the word-size of architecture. Let's see a graphical look of a CPU register. So there are two main types of registers.

General purpose registers

Hear we learn four general purpose registers and we use them for various tasks. EAX EAX stands for extended accumulator register. When we use a syscall we put syscall number in this register. Also we use EAX for input and output some data. I'll explain more about this in our assembly tutorials. EBX EBX register can be used in indexed addressing mode. ECX ECX stands for extended counter register. Actually we use this register for some counting tasks. If we take an example when we use a loop the ECX register is used. EDX EDX also used for input/output data.  

Special purpose registers

ESP I think the esp register is not a new thing to you. Because I have explained it in many places. When we talk about Linux exploit writing and stack tutorial we saw how ESP is working. Simply it points to the top of stack. If we push something on to stack ESP will get reduced. Because stack is growing to low memory address copied ebp In above image we can see we pushed EBP into top of the stack so ESP got changed.(Actually decreased) . copied Ebp . As well as if we pop off something from stack ESP will be increased. EBP EBP is used as a reference for function arguments. We call memory space between EBP and ESP as a stack frame. In functions & stack frames tutorial we saw that we can access arguments like EBP+0x4 , EBP+0x8 etc. EIP This is an awesome register. Yes it's really important to learn about it. There are hundred of exploit writing tutorials explaining how to abuse EIP for doing what attacker want. Actually EIP points to the address of next instruction that waiting for execute by CPU. ESI It's Source Index register. EDI This id Destination Index register. Actually we rarely use last two registers in our assembly and exploit development tutorials. Also there are some other registers called eflags.  They are used for comparing purposes and various other things. At this time we don't want to bother about these eflag registers.

Examine registers

In Immunity debugger there is a special panel for view registers. But in GDB we use either info registers or I r commands like following. To use these GDB commands binary file must be in running or paused state. The ideal way to do this is set a break point at the step you need and run the program. When it hits on the break point you may use or or info register to examine registers. If you only want to examine a single register or some set of registers , there is a handy way for that. You can use i r esp , i r esp esp etc custom commands.
(gdb) i r
eax            0xb7f9fdc8	-1208353336
ecx            0xbffff2c0	-1073745216
edx            0xbffff2e4	-1073745180
ebx            0x0	0
esp            0xbffff2a0	0xbffff2a0
ebp            0xbffff2a8	0xbffff2a8
esi            0xb7f9e000	-1208360960
edi            0xb7f9e000	-1208360960
eip            0x4011a8	0x4011a8 <main+15>
eflags         0x282	[ SF IF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51

(gdb)  i r esp
esp            0xbffff2a0	0xbffff2a0

(gdb)  i r esp ebp
esp            0xbffff2a0	0xbffff2a0
ebp            0xbffff2a8	0xbffff2a8

(gdb)  i r esp ebp eip
esp            0xbffff2a0	0xbffff2a0
ebp            0xbffff2a8	0xbffff2a8
eip            0x4011a8	0x4011a8 <main+15>
(gdb)
OK guys it's all for this tutorial. see you soon on next post.