List of registers in IA-32 protected mode

Recently, looking at Mr. Zhang Banque's "Debugging software", I want to record the key technologies for future reference, and share them with those who want to see them.

1 General-purpose registers

Eax,ebx,ecx,edx: General register for operation, can use 8-bit short registers such as 16-bit or al,ah, such as AX,BX, to access the corresponding address of the long register

esp,ebp:extended Stack/base Pointer, referring to the top of the stack and the starting address of the current stack

Esi,edi: Source and target registers, such as in a loop operation, with ECX, representing counters (ECX), starting number (ESI), target number (EDI), respectively

64-Bit Extended Universal Register: RAX,RBX, RCX, Rdx,r8~r15

2 eflags Flag Register

Altogether 32, currently only 18 are in use, divided into three major categories

In addition, the 64-bit extended flag Register Rflags

2.1 Report Arithmetic Instruction

Sign	Position	Meaning
TF (Trap Flag)	8	Trap Flags
IF (Interrupt Enable Flag)	9	Interrupt flag, 0 Forbidden Response unshielded interrupt, 1 open
IOPL (I/O Privilege level)	12,13	I/O permission level for the current task (program)
NT (Nested Task Flag)	14	Task nesting flags, 1 the current task is linked to the task performed earlier, usually because an interrupt or an exception triggers the task gate in the IDT table
RF (Resume Flag)	16	Control processor response to debug exceptions (#DB), 1 temporarily disables debug exceptions due to instruction breakpoints (which are instructions breakpoints set through debug registers)
VMS (Virtual-8086 Mode Flag)	17	1 Enable virtual 8086 mode, clear the bit back to normal protected mode
AC (Alignment Check Flag)	18	Set this flag and CR0 's AM flag to enable memory alignment checking
VIF (Virtual Interrupt Flag)	19	Virtual interrupt mechanism introduced with the VIP logo for Pentium processor implementation
VIP (Virtual Interrupt Pending Flag)	20	Virtual interrupt mechanism introduced with the VIF flag for Pentium processor implementation
ID (Identification Falg)	21st	Used to detect if the CPUID directive is supported, which supports the CPUID instruction if the flag can be set and cleared successfully

2.2 Result Status Flag

Sign	Position	Meaning
CF (Carry Flag)	0	Rounding or Borrow
PF (Parity Flag)	2	When the lowest byte of the calculated result contains an even number of 1 o'clock, the flag is 1
AF (Adjust Flag)	4	Secondary carry flag, 1 if there is a carry or borrow flag at bit 3 (half byte)
ZF (Zero Flag)	6	Evaluates to 0 o'clock, the flag bit 1, otherwise 0
SF (sign Flag)	7	Symbol flag with a negative result of 1, otherwise 0
Of (Overflow Flag)	11	Remove flag, the result exceeds the machine's expression range is 1, otherwise 0

2.3 Control flags for controlling the direction of operation of a string instruction

Sign	Position	Meaning
DF (Direction Flag)	10	The direction flag, which is 1 o'clock, causes the string instruction to decrement the address register (ESI and EDI) after each operation, incrementing by 0 o'clock

3 MSR Register

Model specific Register with 64-bit content.

READ: The ID of the MSR to be read first is placed in the ECX, then the RDMSR is executed, the return value is put to edx (high 32 bits) and EAX (low 32 bits)

Write: The ID of the MSR to be written is placed in the ECX, then the data to be written is placed in edx and EAX, and finally executed WRMSR

4 Control Register

IA-32 provides 5 control registers cr0~cr4,64 bit CPU increased CR8 indicates task priority register

CR1 has remained useless, CR2 is used to store the linear address that caused the page fault, the high 20 bits of CR3 represent the page directory base address, and the remaining registers are described below

-bit	Sign	Meaning
cr0-00	PE (Protection Enable)	1 enable protected mode, 0 enable real mode
Cr0-01	MP (Monitor coprocessor)	Used to control the inspection of the TS flag by the wait/fwait directive
cr0-02	EM (Emulation)	1 means using software to simulate floating-point units (FPU) for floating-point operations, 0 means that the processor has an internal or external FPU
cr0-03	TS (Task switched)	When the CPU sets this bit each time the task is switched, the bit is checked when the x87 FPU and MMX/SSE/SSE2/SS3 instructions are executed, primarily to support the delay in saving the x87 FPU and MMX/SSE/SSE2/SS3 contexts during task switching
cr0-04	ET (Extension Type)	For the cpu,1 of 386 and 486, the 387 math coprocessor instruction is supported, and for the IA-32 CPU after 486, the bit is reserved (fixed to 1)
cr0-05	NE (Numeric Error)	Used to control x87 FPU Error Reporting method, 1 enable internal standard (native) mechanism, 0 Enable DOS compatible PC mode
Cr0-16	WP (Write Protect)	1 prohibit kernel-level code write user-level read-only storage pages, 0 allow
Cr0-18	AM (Alignment Mask)	1 Enable automatic memory alignment check, 0 prohibit
cr0-29	NW (not Write-through)	Options related to the common control cache for CD flags
Cr0-30	CD (Cache Disable)	Options related to the NW flag common control Cache
Cr0-31	PG (Paging)	1 enable page mechanism, 0 forbidden
====	==================	===========================================================================================
cr3-03	PCD (page-level Cache Disable)	Controls whether to cache the current page directory (caching), 1 forbidden, 0 allowed
cr3-04	PWT (page-level Write Transparent)	Control how the page directory is cached, 1 enable Write-through-mode caching, 0 enable Write-back-mode caching
====	==================	===========================================================================================
cr4-00	VME (Virtual-8086 Mode Extensions)	1 enable interrupt and exception handling extensions in virtual 8086 mode: Redirect interrupts and exceptions to 8086 program's processing routines to reduce the overhead of calling virtual 8086 watchdog program (monitor)
Cr4-01	PVI (Protected-mode Virtual interrupts)	1 Enable hardware-supported virtual interrupt flag (VIF), 0 forbidden VIF Flag
cr4-02	TSD (Time Stamp Disable)	1 The RDTSC directive can be used only at the RING0 privilege level, and 0 all privileged levels may use the instruction to read timestamps
cr4-03	DE (Debugging Extensions)	1 referencing the DR4 and DR5 registers will result in an invalid instruction (#UD) exception, and 0 references DR4 and DR5 are equivalent to applying DR6 and DR7
cr4-04	PSE (Page Size Extensions)	1 Enable 4MB memory page, 0 limit memory page bit 4KB
cr4-05	PAE (physical Address Extension)	1 supports 36 or more 36-bit physical memory addresses, 0 supports only 32-bit physical memory
cr4-06	MCE (Machine-check Enable)	1 Machine Check exception enabled, 0 forbidden
cr4-07	PGE (Page Global Enable)	1 Enable the Global page feature introduced by the P6 processor, 0 forbidden
cr4-08	PCE (performance-monitoring COunter Enable)	1 Allow all privileged-level code to read performance counters using the RDPMC instruction, 0 only RING0 privileged level to use RDPMC directives
cr4-09	OSFXSR (Operationg System support for Fxsave and fxrstor instructions)	Operating system use, indicating operating system support for Fxsave, Fxrstor, and sse/sse2/sse3 directives to ensure older operating systems can still run on newer CPUs
Cr4-10	OSXMMEXCPT (Operating System support for Unmasked SIMD floating-point Exceptions)	Used by the operating system to indicate support for SIMD floating-point exceptions (#XF) introduced by the operating system to the Pentium III processor. 0 indicates that the operating system does not support #xf exceptions, then the CPU reports the exception through an invalid instruction exception (#UD). To prevent an error from running on Pentium III or newer CPUs for operating systems that were designed for Pentium III processors

5 Segment Registers

CS Code snippet, DS data segment, SS stack segment, ES extension segment, FS flag segment, GS global segment, all 16-bit numbers

Real mode: This value is the segment address, the value is shifted to the Left 4 bits (or multiplied by 16), directly to the base address of the segment, the base address in real mode is the physical address.

Protected mode: Splits the value of the segment address into 16-bit

0~1 bit	2 guests	3~15 bit
RPL	TI	Index
Privilege level 0~3, currently only 0 and 32 values	Segment selector, 0 means gdt,1 means LDT	An index in the GDT or Ldt table that indicates that the 1~8191,0 position is null and will not be used

GDTR: Global Descriptor Table Register, preserving the location and boundaries of the GDT, valid in protected mode, one operating system with only one GDT, read with LGDT instruction, SGDT settings

LDTR: Local Descriptor Table Register, which holds the location and boundary of the LDT, is valid in protected mode, one task corresponds to a LDT list, and multiple tasks can share a LDT table

IDTR: Interrupt descriptor register, which holds IDT's location and boundaries, is active in protected mode, one CPU core has an IDT table, read and write instructions for Lidt and Sidt

6 Program Pointer Register EIP

EIP (Extended instruction Pointer), which points to the next instruction to be executed by the CPU, whose value is the offset address of the directive in the current code snippet

This register is very important, the general function call will be the current execution of the next instruction of the address (that is, the current EIP) stack, so that after the end of the function call from the stack out of the EIP can be adjusted back to the upper level function to continue execution

7 Other Registers

(1) Vector Operation Register XMM0~XMM7 for SSE/SSE2/SSE3 instruction to support SIMD computation of single-precision floating-point numbers

(2) st0~st7 (each register occupies 80 bits) for the FPU and MMX registers, when the MMX instruction is executed, where the low 64 bits are used for the MMX data register mm0~mm7; when executing x87 floating-point arithmetic instructions, they are used as floating-point data registers R0~R7

(3) The Task Register TR, which holds the selector for the selection task status segment (Task State Segment, TSS) descriptor, the TSS is used to hold the state information of a task, in a multitasking environment, when the CPU switches from one task to another, The status of the previous task's register is saved in the TSS

(4) Timestamp counter TSC (time Stamp counter,64 bit), each clock period is increased by 1, the 0,RDTSC command reads the TSC register, Ring3 want to use the command, you need to first CR4 the TSD position 0

(5) Memory Type range register MTRR (memory type and range register), which defines the types of memories in each region of the memory space, where the CPU knows the characteristics of the response memory area, such as whether it can be cached, etc.

(6) Debug Register DR0~DR7

List of registers in IA-32 protected mode