, , ,

64-Bit Stack CheatSheet

x64 Register

The x64 register is structured as follows 1) 2)

8 bytes (64 bits) 4 bytes (32 bits) 2 bytes (16 bits) 1 byte (8 bits) Designation Application
RAX EAX AX AL Temporary register First return register
RBX EBX BX BL Callee-secured register
RCX ECX CX CL Argument register fourth integer argument
RDX EDX DX DL Argument register third integer argument, second return register
RSI ESI SI SIL Argument register second integer argument
RDI EDI DI DIL Argument register first argument
RBP EBP BP BPL Callee-saved register Frame Pointer
RSP ESP SP SPL Stack Pointer
RIP EIP - - Instruction Pointer Address of the next machine instruction to be executed, read-only
R8 R8D R8W R8B Argument register fifth argument
R9 R9D R9W R9B Argument register sixth argument
R10 R10D R10W R10B Temporary register
R11 R11D R11W R11B Temporary register
R12 R12D R12W R12B Callee-secured register
R15 R15D R15W R12B Callee-safe register

Calling conventions

A function (caller) calls a sub-function (callee). The registers RBP, RBX, R12 to R15 belong to the caller. If the callee wants to change them, it must save them on the stack with

push

to save them on the stack. Before returning to the function, these registers must then be restored using

pop

to restore these registers.

More on this can be found in the Cheat-Sheet3)