RIP Register

RIP is the 64-bit instruction pointer in the x86-64 architecture, the extension of EIP. It always holds the address of the next instruction to execute. You cannot write to RIP with an ordinary mov; it changes only as a side effect of control-flow instructions — jmp, call, ret, conditional jumps, and interrupts.

x86-64 added a feature with no 32-bit equivalent: RIP-relative addressing. Operands can be encoded as a signed displacement from RIP, so code references its own data and functions by distance rather than absolute address. This is what makes position-independent code (PIC) and ASLR-friendly executables efficient on x86-64.

lea rax, [rip + message]     ; address of 'message' relative to RIP
mov edi, [rip + counter]     ; load a global without an absolute address
call printf

RIP has no sub-registers you address by name and no role in calling conventions as an argument or return register — it is pure control state.

Why it matters in reverse engineering

RIP is where execution is: in a debugger it tells you the current instruction, and redirecting it (corrupting a return address so ret pops an attacker-controlled value into RIP) is the heart of control-flow hijacking. RIP-relative operands like [rip + 0x2e1f] are the standard way globals and string literals are referenced, so resolving that displacement is a routine step when reading 64-bit disassembly.

See the general register concept and the assembly reference. RIP-relative addressing is a headline difference in x86 vs x64 assembly. It is pushed and restored via the stack managed by the RSP register.