The following instructions:
0xffffd096 push eax
0xffffd097 push 0x41414141
Oxffffd09c push 0x42424242
affect the stack as follows:
0xffffd024|+0x0000 "BBBBAAAA" <- esp
0xffffd028|+0x0004 "AAAA"
0xffffd02c|+0x0008 Ox00000000
Why does the stack pointer automatically reference the two consecutive push imm \x68 opcodes as merged, distinct from the earlier push eax \x50 opcode?
I think you're misreading the output.
You have eight bytes ("BBBBAAAA") beginning at 0xffffd024|+0x0000.
You have four bytes ("AAAA") beginning at 0xffffd028|+0x0004.
Both "AAAA" are the same.
(The tool you're using may be printing each "line" from the start address until it founds a 0x00, as if they were C strings.)
From top of stack (lower address) to bottom:
0xffffd024|+0x0000 "BBBB" (four bytes, 0x42424242)
0xffffd028|+0x0004 "AAAA" (four bytes, 0x41414141)
0xffffd02c|+0x0008 Ox00000000 (four bytes, the content of eax)