All geek questions in one place

Why are cpu registers in OllyDbg not sorted alphabetically?

In OllyDbg, in the register window, among other things, the standard cpu registers are listed:

EAX ECX EDX EBX

Is there a specific reason why EBX is displayed last?

+4
source share
4 answers

I assume that this is because EAX, ECX, and EDX are used as function scratch registers in both cdecl, stdcall, and other calling conventions , that is, they are not saved after function calls. Among other registers, special uses are pointers, which are described in the Intel Developer Manual (2.36MB PDF) . These are just my two cents.

+2
source

This is probably the same reason that they are ordered in this way in processor instructions. When specifying a 32-bit register, eax is 0, ecx is 1, edx is 2, ebx is 3, esp is 4, ebp is 5, esi is 6, and edi is 7. Intel used this order since they started the X86 architecture .

+7
source

Since I have been developing feedback from ollydbg for many years, I can tell you that this is an order of importance when debugging. Eax is used everywhere by virtue of its nature. He gets return values, he used a lot. Then, ecx and edx are of equal origin, I would say. Instructions like loop, repsb and like use ecx, and divs, muls and more use edx. Moreover, when we program in assembly, we usually use eax, edx and ecx. Esi and edi are also sometimes used, mainly in repeating string functions or as secondary registers in some cases.

I believe the reason for the order is how Intel uses this order, but it would be strange to have esi on top of my ollydebug registers, since eax is used everywhere. Thus, it has an ergonomic point: D

+1
source

PUSHAD is an instruction that gave me more information for this question. It pushes the values โ€‹โ€‹of EAX, ECX, EDX, EBX, the original ESP, EBP, ESI and EDI onto the stack. This is most likely the reason OllyDbg sorts them in that order in a register view. A description of PUSHAD can be found here .

0
source

Source: https://habr.com/ru/post/1340567/

More articles:


All Articles