I am currently learning buffer overflow attacks, in order to pass the OSCP exam. My current understanding of the stack is that ESP and EIP are not located on the stack itself. I always thought that the current value of EIP, is just held in the CPU register "EIP".
The course continuously uses terminology such as the EIP is being over written, so the EIP value must be physically there.
I understand why EBP is recorded within the stack.
My current theory is that EIP and ESP are added to the stack when a function calls another function?
Below is diagram from the course.
