Why are the cpu-registers in OllyDbg not sorted alphabetically?

Question

In OllyDbg the registers window, among other things, lists the standard cpu-registers:

EAX
ECX
EDX
EBX

Is there a particular reason why EBX is displayed last?

Answer 1

My guess is that it's because EAX, ECX and EDX are used as scratch registers by functions both in the cdecl ,stdcall and other calling conventions, that is they are not preserved after function calls. Besided the remaining registers special use is as pointers which is documented in the Intel Developer Manual (2.36MB PDF). That's just my two cents.

Answer 2

This is probably the same reason that they are ordered that way in processor instructions. When specifying a 32 bit register, eax is 0, ecx is 1, edx is 2, ebx is 3, esp is 4, ebp is 5, esi is 6, and edi is 7. Intel has used this order since they started the X86 architecture.

Answer 3

Since i've been into reverse engineering with ollydbg for years, i can tell you that this is the order of importance when debugging. Eax is used everywhere because of its nature. It gets the return values, it's used a lot. Then, ecx and edx are of equal occurence i would say. Instructions like loop, repsb and the likes use ecx, while divs,muls and more use edx. Moreover, when we program in assembly, we tend to use eax,edx and ecx a lot. Esi and edi are used sometimes as well, mostly in repeat string functions or as secondary registers in some cases.

I suppose that the reason behind the order is really the way intel uses the order, but it would be really weird to have esi on top of my ollydebug registers, since eax is used everywhere. Thus, it has an ergonomic point also :D

Answer 4

PUSHAD is the instruction which gave me more insight for this question. It pushes the values of EAX, ECX, EDX, EBX, original ESP, EBP, ESI, and EDI to the stack. This is most probably the reason why OllyDbg sorts them in that order in the registers view. A description of PUSHAD can be found here.