Assembly Language preparation knowledge

Source: Internet
Author: User
Tags integer division

Assembly Language and CPU, memory, port, and other hardware knowledge are connected. This is why the assembly language is not universal. The following is a brief introduction of basic knowledge (for intel X86 and compatible machines)
======================================
X86 assembly language commands, whose operation objects are the registers on the CPU, system memory, or immediate number. some commands do not have an operand on the surface or seem to lack an operand. In fact, this command has a set operation object, such as a push command, which must be a memory operation specified by SS: ESP, the CDQ operation object must be eax/EDX.

In assembly languages, registers use names to access. There are several types of CPU registers, which have different functions:

1. General registers:
Eax, EBX, ECx, EDX, ESI, EDI, EBP, and ESP (this is common but rarely used for usage other than stack pointers)
  
These 32 bits can be used for multiple purposes, but each has "expertise ". eax is the accumulator, which is the default register of many addition multiplication commands. EBX is a "base address" register that stores the base address in memory addressing. ECX is the counter and the internal counter of the repeated (REP) prefix command and loop command. edX is... (forgot .. haha) but it is always used to place the remainder produced by integer division. the low 16 bits of the four registers can be accessed separately, using ax, BX, CX, and DX. ax can separately access low 8-bit (Al) and high 8-bit (AH), BX, CX, Dx. function return values are often placed in eax.
  
ESI/EDI are called "source/destination Index" (source/destination index), because in many string operation commands, DS: ESI refers to the source string, While ES: EDI points to the target string.
EBP is a base pointer, which is most often used as a frame pointer for calling high-level language functions ). when cracking, you can often see the starting code of a standard function:
  
Push EBP; Save the current EBP
MoV EBP, esp; EBP is set as the current stack pointer
Sub ESP, xxx; reserve XXX bytes for function temporary variables.
...
  
In this way, EBP forms a framework of this function. The above EBP is the original EBP, return address, and parameters respectively. under EBP is a temporary variable. moV ESP, EBP/pop EBP/RET when the function returns.
  
ESP is specially used as a stack pointer.
  
2. segment register:
CS (code segment) specifies the code segment currently executed. the EIP (Instruction Pointer) points to a specific instruction in this section. CS: the CPU executes the command to which the EIP directs. generally, you can only use commands such as JMP, RET, jnz, and call to change the program process, rather than assigning values to them directly.
DS (Data Segment) specifies a data segment. note: In the current computer system, there is no essential difference between code and data. It is a string of binary numbers. The difference lies only in how you use it. for example, the Section specified by CS is always used as code and cannot be modified through the address specified by CS. however, you can apply for a data segment descriptor "alias" for the same segment and access/modify it through Ds. this is often the case for self-modified code programs.
Elasticsearch, FS, and GS are auxiliary segment registers that specify additional data segments.
SS (stack segment) specifies the current stack segment. ESP indicates the top of the current stack in this segment. All push/pop commands only operate on the address pointed by SS: ESP.
  
3. Mark register (eflags ):
This register has 32 bits and combines various system logos. eflags are generally not accessed as a whole, but only interested in a single flag. Commonly Used logos include:
  
The carry sign C (carry). It is set to 1 when the carry or subtraction generated by addition has a borrow digit. Otherwise, it is 0.
Zero sign Z (zero). If the calculation result is 0, set it to 1. Otherwise, set it to 0.
Symbol bit S (sign). If the highest position of the calculation result is 1, this bit is also set to 1.
Overflow flag O (overflow). If the result of the (Signed) operation exceeds the value range that can be expressed, 1 is set.
  
Jxx commands determine whether to jump based on these marks to implement conditional branching. note that many jxx commands are equivalent and correspond to the same machine code. for example, je and JZ are the same, both when z = 1 is the jump. only JMP is an unconditional jump. jxx commands are divided into two groups for unsigned operations and signed operations. the "XX" after jxx has the following letters:
  
Unsigned operation: signed operation:
A = "above", indicating "higher than" G = "Greater", indicating "greater"
B = "below", indicating "less than" L = "less", indicating "less"
C = "carry", indicating "carry" or "borrow" O = "overflow", indicating "overflow"
S = "sign", indicating "negative"
General symbols:
E = "equal" indicates "equal to", equivalent to Z (zero)
N = "not" indicates "not", indicating that the flag is not set. For example, jnz "jumps if z is not set"
Z = "zero", same as E.
  
If you think about it, you will find that ja = jnbe, Jae = JNB, jbe = JNA, JG = jnle, jge = JNL, JL = jnge ,....
  
4. Port

The port is a place for direct communication with external devices. After the peripherals are connected to the system, the system maps the data interfaces of the peripherals to the specific port address space. In this way, the data read from the ports is read from the peripherals, writing data to peripherals is writing data to ports. Of course, all of this must follow the way peripherals work. The address space of the port has nothing to do with the memory address space. The system provides access to 64 K 8-bit ports, numbered 0-65535. the adjacent eight-bit ports can form a 16-bit port, and the adjacent 16-bit ports can form a 32-bit port. Port input and output are implemented by commands in, out, INS, and outs. For details, refer to the assembly language books.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.