Approved 2024/08/26 23:09 by psycore (version: 2) | Approver: psycore
64-Bit Stack CheatSheet
Dieser Artikel ist Teil der Buffer Overflow Reihe. Hier gibt es mehr zu diesem Thema:
x64 Register
The x64 register is structured as follows 1) 2)
| 8 bytes (64 bits) | 4 bytes (32 bits) | 2 bytes (16 bits) | 1 byte (8 bits) | Designation | Application |
|---|---|---|---|---|---|
| RAX | EAX | AX | AL | Temporary register | First return register |
| RBX | EBX | BX | BL | Callee-secured register | |
| RCX | ECX | CX | CL | Argument register | fourth integer argument |
| RDX | EDX | DX | DL | Argument register | third integer argument, second return register |
| RSI | ESI | SI | SIL | Argument register | second integer argument |
| RDI | EDI | DI | DIL | Argument register | first argument |
| RBP | EBP | BP | BPL | Callee-saved register | Frame Pointer |
| RSP | ESP | SP | SPL | Stack Pointer | |
| RIP | EIP | - | - | Instruction Pointer | Address of the next machine instruction to be executed, read-only |
| R8 | R8D | R8W | R8B | Argument register | fifth argument |
| R9 | R9D | R9W | R9B | Argument register | sixth argument |
| R10 | R10D | R10W | R10B | Temporary register | |
| R11 | R11D | R11W | R11B | Temporary register | |
| R12 | R12D | R12W | R12B | Callee-secured register | |
| … | … | … | … | ||
| R15 | R15D | R15W | R12B | Callee-safe register |
Calling conventions
A function (caller) calls a sub-function (callee). The registers RBP, RBX, R12 to R15 belong to the caller. If the callee wants to change them, it must save them on the stack with
push
to save them on the stack. Before returning to the function, these registers must then be restored using
pop
to restore these registers.
More on this can be found in the Cheat-Sheet3)