EAX
The Accumulator Register; Addition and Subtraction
EBX
Base Register; No specific purpose, used for storage
ECX
Counter Register: As its name implies, the counter (or count) register is frequently used as a loop and function repetition counter, though it can also be used to store any data. Like EAX, it can be referenced in whole (ECX) or in part (CX, CH, CL).
EDX
Data Register: EDX is kind of like a partner register to EAX. It’s often used in mathematical operations like division and multiplication to deal with overflow where the most significant bits would be stored in EDX and the least significant in EAX. It is also commonly used for storing function variables. Like EAX, it can be referenced in whole (EDX) or in part (DX, DH, DL).
ESI
The counterpart to EDI, ESI is often used to store the pointer to a read location. For example, if a function is designed to read a string, ESI would hold the pointer to the location of that string.
EDI
Destination Index; can be (and is) used for general data storage, EDI was primarily designed to store the storage pointers of functions, such as the write address of a string operation.
EBP
Base Pointer; Track base/bottom of the stack, often used to reference variables located on the stack by using an offset to the current value of EBP
ESP
Stack Pointer; Tracks the top of the stack
EIP
Points to the memory address of the next instruction to be executed by the CPU.
ADD/SUB
add or subtract two operands, storing the result in the first operand. These can be registers, memory locations (limit of one) or constants. For example, ADD EAX, 10 means add 10 to the value of EAX and store the result in EAX
XOR
Performing an ‘exclusive or’ of a register with itself sets its value to zero; an easy way of clearing the contents of a register
INC/DEC op1
increment or decrement the value of the operand by one
CMP op1, op2
compare the value of two operands (register/memory address/constant) and set the appropriate EFLAGS value.
VALUE vs [VALUE]
When you see a value in brackets such as ADD DWORD PTR [X] or MOV eax, [ebx] it is referring to the value stored at memory address X. In other words, EBX refers to the contents of EBX whereas [EBX] refers to the value stored at the memory address in EBX
DWORD
4 bytes
