•General registers – 4 32-bit (EAX, EBX, ECX, EDX), 4 16-bit (AX, BX, CX, DX), 8 8-bit (AH,
BH, CH, DH, AL, BL, CL, DL)
•Segment registers – CS, SS, DS, ES, FS, GS
•Offset registers – EBP (extended base pointer), ESI (extended source index), EDI
(extended destination index), ESP (extended stack pointer)
•Special registers – EFLAGS, EIP (extended instruction pointer)
•As exploiters of buffer overflows, we
care most about EIP and ESP
•If we can overwrite EIP, we control the pointer to the next instruction for the processor, i.e.
program flow
•If we know the value of ESP, we know where the stack is in memory, and have a reference on
where to point EIP
•If we place our shellcode on the stack, we can point EIP to it using our knowledge of ESP
•We can even cheat, and simply get close to our shellcode via a NOP sled