RBP Register

RBP is a 64-bit general-purpose register in the x86-64 architecture, extending EBP. By convention it serves as the base pointer (frame pointer): set once at the start of a function to a fixed point in the stack frame, it gives stable, constant offsets to local variables and stack arguments even as RSP moves during the function's body.

RBP is callee-saved (non-volatile) in both the System V AMD64 ABI and the Microsoft x64 ABI, so a function that uses it must save and restore the caller's value. It is never an argument or return register. Modern compilers often omit the frame pointer (-fomit-frame-pointer) and address everything off RSP, freeing RBP as an ordinary register — so its presence as a frame pointer is a code-style signal, not a guarantee.

The classic frame prologue

push rbp             ; save caller's frame pointer
mov  rbp, rsp        ; establish new frame
sub  rsp, 0x30       ; locals
; [rbp-8], [rbp-10h] ... = locals
; [rbp+10h], [rbp+18h] ... = stack arguments
leave                ; mov rsp, rbp ; pop rbp
ret

Its sub-registers are ebp, bp, and bpl, rarely used directly.

Why it matters in reverse engineering

When a function uses RBP as a frame pointer, every local and argument has a clean, fixed [rbp±N] address, which makes the stack layout far easier to reconstruct than the shifting [rsp+N] form. Recognizing the push rbp; mov rbp, rsp prologue instantly marks a function boundary.

See the general register concept and the assembly reference. Frame-handling changes are covered in x86 vs x64 assembly. It pairs closely with the RSP register, the live stack top.