Here are the purposes of the X86 registers:
EAX - the Accumulator stores return values from function calls and is used for calculations
EDX - the Data register is used in conjunction with EAX
ECX - the Count register is used in looping operations
ESI - the Source Index register is used in data operations
EDI - the Destination Index is also used in data operations
EBP - the stack base pointer
ESP - the stack pointer
EBX - has no specific purpose
DR0 thru DR7 are the hardware debug registers
Hardware breakpoints use Interrupt 1 and software breakpoints use Interrupt 3. Stepping through instructions is accomplished with Interrupt 1.
The book provides knowledge of Windows security and how it is overcome and then goes on to provide the means to overcome malware with important tips like why it is important to use hardware breakpoints instead of soft breakpoints.
Here's a surprising example:
from ctypes import * msvcrt = cdll.msvcrt message = "1. Hello, World\n" msvcrt.printf("Testing %s", message) hello = c_char_p("2. Hello world") print hello print hello.value
c_char_p("2. Hello world") 2. Hello world Testing 1. Hello, World