Reverse beginners [2]: getting started with assembly-register

Reverse beginners [2]: getting started with assembly-register
The main structure of the CPU is the memory generator, controller and register. These devices are connected through the internal bus of the CPU. The memory generator is responsible for information processing, the registers are responsible for information storage, and the controller controls various devices for work, the internal bus connects various devices for data transmission between them. For assembler programmers, the main component is registers, because only registers can be programmed and operated directly. The 8086CPU has 14 registers with different CPU architectures, these are AX, BX, CX, DX, SI, DI, SP, BP, IP, CS, SS, DS, ES, and PSW. Today we will first learn the basic general register, the remaining registers are described when they are used.

I. General registers
AX, BX, CX, and DX are four General registers, which are usually used to store general data. The subsequent analysis is carried out in the 8086CPU. Each general register is a 16-bit register that can process one word (2 bytes) of data at a time. However, to be compatible with the CPU before the 8086CPU, it also supports one byte register, that is, AH and AL, similar to BH and BL. During CPU operations, AH and AL are dropped as independent registers, which are directly discarded during carry operations, because the CPU considers that there is only one 8-bit register:


Ii. physical address
The address of the storage unit needs to be known when the CPU accesses the memory. Because the 8086CPU address bus is 20 bits, but the register is only 16 bits, that is, the address processed at a time is limited to 16 power of 2, the power is less than 20 times of 2. To make up for this problem, the 8086CPU uses a special method to construct a 20-bit access address through a 16-bit register. Simply put, the segment address is * 16 + offset address. In terms of the calculated number of digits, both the segment address and the offset address are stored in the CPU register, both of which are 16 bits. The segment address is * 16, that is, four binary bits are added on the right, 20 bits are added; 20 bits and 16 bits are added to obtain the actual memory address of 20 bits. Although this is the method in the 8086CPU, it is true that the actual addressing Algorithm in all the CPUs is now, that is, adding an offset to a base address to get an actual address. From this we can get the concept of segment, the memory itself is not segmented, but due to the special addressing method of the CPU, we can regard the memory as a maximum of 64 kb segments (the maximum value of 16 bits is exactly 64 KB), so we can start and end the specified segment in the Assembly. Of course, the segment address and offset here are actually stored in the CPU register, for example, the CS: IP address of the command, where CS is the code segment register, where the base address of the code segment is stored, the IP register stores the pointer of the instruction to be executed, that is, an offset. Therefore, CS: IP specifies the position of the instruction to be executed by the CPU. It should be noted that the data in the memory is binary for the CPU. The only criterion for distinguishing data from commands is that the commands were or are being specified by CS: IP; each time a command is executed, the IP address will add the length of the command to point to the down command.

Can we modify and control the CS: IP value? The answer is yes, but we should not use the mov and other transfer commands, but should use the jmp commands. The basic usage is:
-1. Modify CS: IP: jmp 2AE3: 3 after execution: CS = 2AE3H, IP = 0003 H;
-2. Modify the IP address only: jmp ax (ie. move ip, ax) uses the value in the Register to modify the IP address;

Iii. Memory Access
In addition to instructions and data, how do I locate the data in the CPU access memory? Like the command CS: IP address, 8086CPU uses DS: [...] to obtain the memory data address, where the segment register stores the base address of the memory data segment, and [...] indicates the memory unit to which the memory offset points. For example, [0] indicates the memory unit whose offset is 0. Note that the 8086CPU does not support direct transmission of DS values. Therefore, mov ds, 1000H is invalid. It is correctly implemented through registers, that is, mov ax, 1000 H; mov ds, ax;
In this part, we need to learn basic assembly commands, such as mov, sub, and add, which can all operate on registers. After the operation, we can put the data into the registers represented by the first parameter. A special result of memory data in the CPU is the stack, that is, the structure of data can only be read and written from one end. The basic instruction is push ax; import the value of register ax into the stack; and pop ax; extract the top element of the stack from the stack and put it into the register ax. Below is a simple example of the mov \ add \ sub command:

Then let's take a look at the execution process of the PUSH command:

Then the POP command:

We can see that the key to stack operations is the determination of the stack top position, so the CPU uses SS: SP to obtain the stack top position in the current memory. It is worth mentioning that the CPU itself does not check the size of the stack, so the top of the stack may be out of bounds (the upper limit is exceeded-PUSH; the lower limit is exceeded-POP ), this requires us to manually check, or a program vulnerability may occur.