{{tag>deutsch it-security cheatsheet basics}}

====== 64-Bit Stack CheatSheet ======

{{page>vorlagen:64_bit_stack_nav}}

==== x64 Register ====

The x64 register is structured as follows ((https://learn.microsoft.com/de-de/windows-hardware/drivers/debugger/x64-architecture)) ((https://www.complang.tuwien.ac.at/ubvl/amd64/amd64h.html))

^ 8 bytes (64 bits) ^ 4 bytes (32 bits) ^ 2 bytes (16 bits) ^ 1 byte (8 bits) ^ Designation ^ Application ^
| @lightgreen:**RAX** | @orange:EAX | @lightgrey:AX | @lightblue:AL | Temporary register | First return register |
| @lightgreen:**RBX** | @orange:EBX | @lightgrey:BX | @lightblue:BL | Callee-secured register |  |
| @lightgreen:**RCX** | @orange:ECX | @lightgrey:CX | @lightblue:CL | Argument register | fourth integer argument |
| @lightgreen:**RDX** | @orange:EDX | @lightgrey:DX | @lightblue:DL | Argument register | third integer argument, second return register |
| @lightgreen:**RSI** | @orange:ESI | @lightgrey:SI | @lightblue:SIL | Argument register | second integer argument  |
| @lightgreen:**RDI** | @orange:EDI | @lightgrey:DI | @lightblue:DIL | Argument register | first argument |
| @lightgreen:**RBP** | @orange:EBP | @lightgrey:BP | @lightblue:BPL | @red:Callee-saved register | @red:**Frame Pointer** |
| @lightgreen:**RSP** | @orange:ESP | @lightgrey:SP | @lightblue:SPL | @red: | @red:**Stack Pointer** |
| @lightgreen:**RIP** | @orange:EIP | @lightgrey:- | @lightblue:- | @red:Instruction Pointer | @red:**Address of the next machine instruction to be executed, read-only** |
| @lightgreen:**R8** | @orange:R8D | @lightgrey:R8W | @lightblue:R8B | Argument register | fifth argument  |
| @lightgreen:**R9** | @orange:R9D | @lightgrey:R9W | @lightblue:R9B | Argument register | sixth argument |
| @lightgreen:**R10** | @orange:R10D | @lightgrey:R10W | @lightblue:R10B | Temporary register  |  |
| @lightgreen:**R11** | @orange:R11D | @lightgrey:R11W | @lightblue:R11B | Temporary register  |  |
| @lightgreen:**R12** | @orange:R12D | @lightgrey:R12W | @lightblue:R12B | Callee-secured register |  |
|... | ... | ... |  |  |... |
| @lightgreen:**R15** | @orange:R15D | @lightgrey:R15W | @lightblue:R12B | Callee-safe register |  |

=== Calling conventions ===

A function (caller) calls a sub-function (callee). The registers RBP, RBX, R12 to R15 belong to the caller. If the callee wants to change them, it must save them on the stack with <code asm>push</code> to save them on the stack. Before returning to the function, these registers must then be restored using <code asm>pop</code> to restore these registers.

More on this can be found in the Cheat-Sheet((https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf))