Can anyone explain the difference between EIP and return address?
It seems to be the same but in my debugger, it indicates that they are different.
EIP register holds the address of the instruction about to be executed. When a call is executed, the instruction is read from the address in EIP, EIP is incremented past the call instruction and this updated EIP (i.e. the address of the instruction after the call) is pushed onto the stack - it becomes the return address - and the function address is loaded into EIP as the next instruction to execute. When the function's return statement is executed, it pops the return address off the stack and loads it into EIP, so that execution continues after the call instruction.