Labels

2008/09/21

[0x04]. Notes on Assembly - The fairytale of an x86 CPU

FLAGSEIPESPEBP
CSDSESSS
FSGSESIEDI
EAXEBXECXEDX
  • A 32bit x86 has 16 registers, divided in 6 groups respectively:
    • 1 x EFLAGS register
    • 1 x Instruction Pointer
    • 2 x Stack Pointing Registers
    • 6 x Segment Registers
    • 2 x Index Registers
    • 4 x General Purpose Registers
  • The registers are assigned specific roles:
    • EFLAGS register (Extended FLAGS register is a 32bit version of the 16bit FLAGS) contains the state of current processor. Only 18 out of 32 flags have a meaning assigned.
    • EIP - Extended Instruction Pointer points to the next instruction memory address in the Fetch-Execute cycle.
    • ESP - Extended Stack Pointer - points to the top of the stack. You can see how it grows down on an x86 architecture in the following example: stack_pointer.c
    • EBP - Extended Base Pointer - points to the base of the current Stack Frame. If you assemble func.c as follows:
      $ gcc -S func.c -o func.s
      and take a look into func.s file, the f() function will be translated to some thing like that:
      f:
      pushl   %ebp  
      movl    %esp, %ebp
      subl    $16, %esp
      movl    $11, -16(%ebp)
      movl    $22, -12(%ebp)
      movl    $33, -8(%ebp)
      movl    $44, -4(%ebp)
      leave
      ret
      1. Line one saves the old EBP
      2. Old ESP becomes new EBP
      3. Increasing the stack by the size of 1 paragraph
      4-7. Saving local variables in the stack frame locations relative to EBP

    • ?S - Segment Registers
      • CS, Code Segment
      • DS, Data Segment
      • SS, Stack Segment
      • ES, Extra Segment
      • FS, another Extra Segment
      • GS, another Extra Segment
    • Extended Index Registers, used for array operations (e.g. strings, which are arrays of bytes)
      • Source Index
      • Destination Index

    • Extended General Purpose Registers
      • EAX - accumulator, used for storing intermediate results of I/O access, interrupts or arithmetics.
      • EBX - base register, used for addressing
      • ECX - counter, used in loops and countdowns.
      • EDX - data register
Labels:

3 comments:

SBL - BPO Services said...

Thanks for the excellent content...
Regards,
SBL - BPO Services

October 17, 2008 10:33 AM
Gurmeet Singh said...

Hi,

Nice article!
Could you help me know a way in which I can find out *Sizes* of (code and data) segments of a process (in Ubuntu)? I really needed to know that asap, and would be really helpful to you for any hint!

Thanks and Regards,
Gurmeet

May 9, 2011 1:49 PM
Gurmeet Singh said...

oops.. i mean i would be really thankful* to you!!

May 9, 2011 1:50 PM

Post a Comment

Subscribe to: Post Comments (Atom)