Stack in Memory and Registers

Explore the role of stack and registers in memory with a focus on the %RIP and %RSP registers during function calls and jumps. Understand call stacks, stack overflow causes, and how GDB uses this information for debugging and control flow analysis in x64 programs.

We'll cover the following...

Register review
Application memory simplified
Stack overflow
Jumps
Calls
Call stack

Register review

We know the following general-purpose CPU registers:

%RAX (among its specific uses is to contain function return values)
%RBX
%RCX
%RDX

We also have special purpose registers:

%RIP (Instruction Pointer)
%RSP (Stack Pointer)

AMD64 and Intel EM64T architectures introduced additional general-purpose registers—%R8, %R9, %R10, %R11, %R12, %R13, %R14, %R15.

These additional registers are used a lot in x $64$ code. More general-purpose registers allow faster code execution because temporary computation results can be stored there instead of in-memory locations. Here is a disassembly of the read function:

(gdb) disass read

The dump of the read function is given below:

1.Introduction to the Course

2.Memory, Registers, and Simple Arithmetic

3.Code Optimization

4.Number Representations

5.Pointers

6.Bytes, Words, Double, and Quad Words

7.Pointers to Memory

8.Logical Instructions and RIP

9.Reconstructing a Program with Pointers

10.Memory and Stacks

11.Frame Pointer and Local Variables

12.Function Parameters

13.More Instructions

14.Function Pointer Parameters

15.Summary of Code Disassembly Patterns

Assessment

Stack in Memory and Registers

Register review

Application memory simplified