Getting started with cracking (1) ----- common register introduction (graphic)

Comments: First, let's talk about common registers.

1 CPU Composition
CPU can be roughly divided into the following three parts:
(1) The arithmetic logic Part ALU (arithmetic logic unit) is used for arithmetic and logical operations.
(2) control logic.
(3) working register, each register is equivalent to a storage unit in the memory, but it is fast to access. It is used to store information required or obtained during an operation, including the operand address, operand, and intermediate result of the operation.
2. Data Storage Methods in computers
In a computer, a binary number occupies one byte, and eight is a byte.
In computer memory, information is stored in bytes. A computer assigns a unique storage address to each byte unit, called a physical address. This address is used to access the data in the corresponding memory.
A binary can express all ASCII characters, that is, a memory unit can store an English character or number. The Chinese character must be represented in Unicode, that is, two bytes are required to hold a Chinese character.
The sixteen bits are two bytes before a Chinese character can be loaded. The 32-digit Chinese character can contain dual characters. Four Chinese characters can be entered in the 14th Chinese character.
3. basic registers
3.1 General registers (32-bit)
There are eight General registers: EAX, EBX, ECX, EDX, ESP, EBP, EDI, ESI
EAX, EBX, ECX, and EDX are data registers used to store the operands, results, or other information used during calculation. In addition to direct access, you can also perform 16-bit high and 16-bit low. Their 16-bit low is to remove the E in front of them, that is, the sixteen bits of EAX are AX. In addition, their low 16-bit access can be carried out separately, that is, AX can be further decomposed, that is, AX can also be divided into AH (high 8-bit) AL (eight lower places ).
16-bit high
EAX (AH)
16-bit low (AX)
Low 8-bit (AL)
This parameter is available for 32-digit operations: MOV EAX
The 16-digit operation is available: MOV AX
The value can be used for 8-digit operations: mov ah/mov al.
Note: from 386 onwards, all registers can be used to store memory addresses. Did you see the form of [EBX] during the attack? This means that at this time, EBX is installed with a memory address, and the actual access is the value stored in the memory unit.
The four registers ESP, EBP, EDI, and ESI are mainly used to provide an offset address for memory addressing. Therefore, they can be called pointers or address change registers.
ESP is called a stack pointer register. A stack is a storage area that uses the "back-to-first-out" method. It must exist in the stack segment, so its segment address is stored in the SS register. It has only one entrance, so there is only one stack pointer register. The content of ESP points to the top of the current stack at any time.
When the data is pushed to the stack, the ESP moves up and uses the PUSH command. The ESP changes to the ESP-data bit.
When the data is pressed into the stack, ESP moves down and uses the POP command. The ESP changes to: ESP + Data bit
EBP, known as base address pointer registers, can be used with the stack segment register SS to determine the address of a storage unit in the stack. ESP is used to indicate the offset address at the top of the segment, the EBP can be used as a base address in the stack area to access information in the stack.
ESI (source address change register) and EDI (Destination Address Change register) are generally used together with the data segment register DS to determine the address of a storage unit in the data segment. The two address change registers provide the automatic increment and automatic reduction functions, which can be easily used for address change. In string processing commands, when ESI and EDI are used as implicit source address changes and destination address changes registers, ESI and DS are used together with EDI and the additional segment ES, addressing in data segments and additional segments is achieved respectively.
3.2 Special Registers
There are two dedicated registers, one is EIP and the other is FLAGS.
EIP is the most important of all registers. It refers to the instruction pointer register, which is used to store the offset address in the code segment. During the running process, it always points to the first address of the next command. It is used with the segment register CS to determine the physical address of the next instruction. When the address is sent to the memory, the controller can obtain the next instruction to be executed, and the Controller immediately modifies the content of the EIP once the instruction is obtained so that it always points to the first address of the next instruction. It can be seen that the computer uses the EIP register to control the execution process of the command sequence. The redirection commands are implemented by modifying the EIP value.
FLAGS, the flag register, also known as PSW (program status word), is the program status Register. This is a register that stores the condition flag, control mark, and system sign.
The following is an example.
Cmp EAX, EBX; subtract from EBX using EAX
JNZ 00470395; Skip here if they are not equal;
These two commands are very simple, that is, the number loaded with the EAX register minus the number installed in the EBX register. To compare whether the two numbers are equal. After the Cmp command is executed, the corresponding value will be placed on the zero sign of ZF (zero flag) of FLAGS. If the result is 0, that is, if the two of them are equal, ZF sets 1; otherwise, it sets 0. Other include OF (overflow mark) SF (symbol mark) CF (carry mark) AF (Auxiliary carry mark) PF (parity mark) and so on.
3.3-segment register
There are six segment registers, namely the CS segment, the DS segment, the elasticsearch segment, the SS stack segment, the FS segment, and the GS segment.