2

Can anyone explain the difference between EIP and return address?

It seems to be the same but in my debugger, it indicates that they are different.

dspencer
  • 4,297
  • 4
  • 22
  • 43
princessgirl
  • 67
  • 1
  • 5
  • To make your question better: could you add more tags at least about what language you are using, tools etc. – Vova Oct 05 '15 at 01:11
  • I'm sorry but I'm beginner so I'm not really used to it – princessgirl Oct 05 '15 at 01:56
  • 1
    That's fine :). You can click Edit below your question and add more tags. Also make sure to take a look at a tutorial: http://stackoverflow.com/tour. You can get more from Stackoverflow by following it's guidelines. – Vova Oct 05 '15 at 02:00

1 Answers1

3

EIP register holds the address of the instruction about to be executed. When a call is executed, the instruction is read from the address in EIP, EIP is incremented past the call instruction and this updated EIP (i.e. the address of the instruction after the call) is pushed onto the stack - it becomes the return address - and the function address is loaded into EIP as the next instruction to execute. When the function's return statement is executed, it pops the return address off the stack and loads it into EIP, so that execution continues after the call instruction.

DisappointedByUnaccountableMod
  • 6,656
  • 4
  • 18
  • 22