Win32 compilation of general functions of various registers

Learning Win32 Assembly [16]: common functions of common registers

General registers
Eax	Accumulator register		Ax (ah, Al)		It is often used for multiplication, division, and function return values.
EBX	Base register		Bx (BH, BL)		Usually refers to the Memory Data Pointer, or uses it as the base address to access the memory.
ECX	Counter (Counter) Register		CX (CH, Cl)		Counters in string and loop operations
EdX	Data Register		DX (DH, DL)		Used for multiplication, division, and I/O pointers
ESI	Source index register		Si		Memory Data Pointer and source string pointer
EDI	Destination index register		Di		Memory Data Pointer and destination string pointer
ESP	Stack point register		SP		Only the top pointer of the stack. It cannot be used for arithmetic operations or data transmission.
EBP	Base point register		BP		Only stack pointers can be used to access any address in the stack. It is often used to transfer data in ESP and also uses it as the base address to access the stack. It cannot be used for arithmetic operations or data transmission.
Instruction Pointer register
EIP	Instruction Pointer register				It always points to the address of the next instruction; all executed commands are directed to it.
Mark register
Eflags	Flag register: The 32 bits in eflags are divided into 0-31 binary bits; The 0th, 2, 4, 6, 7, and 11 digits indicate the status signs; 10th bits are the flag of string operation control; Other flag spaces are generally not used or are not authorized to use	0	Cf	Carry sign	The target cannot accommodate the result of the unsigned arithmetic operation. It must be set when the carry or borrow bits are required. It can be set by the STC command, and the CLC command is canceled.
		1
		2	PF	Parity flag	Set when there are even numbers of 1 in the Lower 8 bits
		3
		4	AF	Auxiliary (Auxiliary) Flag	The BCD code operation causes three to four digits to be set when carrying is generated.
		5
		6	ZF	Zero sign	Set when the calculation result is 0
		7	SF	Sign	Set when calculation result is negative
		8
		9
		10	DF	Direction Flag	String operations are set from high to low. STD commands can be used to set and CLD commands are canceled.
		11	Of	Overflow flag	It is set when data is lost because the result of the signed operation is too wide.
		...
		31
...

The eax, ECx, and EDX registers are relatively free, so they are used in practice.

Ignore segment registers: CS, DS, SS, es, FS, GS, because programming in Win32 protection mode is no longer important.

There are also FPU and MMX series registers. Let's talk about it later.

The sizeof in the sizeofwin32 assembly in Win32 assembly is different from the sizeof in other languages. This is a real sizeof, in bytes.
See the following example.

Szhello dB 'hello, world! ', 0

MoV eax, sizeof szhello

Eax =?
The answer is:
Eax = 13
Because hello, world! It is 13 bytes, and then 0 occupies one, so it is the prefix meaning of the naming style of the 13 variable
B byte
W word
DW DWORD
H handle
LP pointer
SZ string ending with 0
Lpsz pointer to a string ending with 0
F indicates a floating point number.
St indicates a Data Structure

The prefixes @ enter and leaveenter under the global variables are the stack framework of the current function, which is equivalent to the following two commands:
Pushl % EBP
Movl % EBP, % ESP
8) leave is the stack framework for releasing the current function or process, which is equivalent to the following two commands:

Movl ebpesp

Popl EBP

If you disassemble a function, it is often found that there are Assembly statements similar to the following forms in the function entry and return:

Pushl % EBP; EBP register content pressure stack, that is, save the stack base address of the upper-level function called by the main function
Movl % ESP, % EBP; the ESP value is assigned to EBP and the stack base address of the main function is set.

..........; The preceding two commands are equivalent to enter0, 0
...........

Leave; assign the EBP value to esp. the base address of the upper-level function stack in the pop stack is given to EBP to restore the base address of the original stack.

RET; the main function returns to the upper-level call

These statements are used to create and release a function or process stack framework.
The compiler automatically inserts statements for creating and releasing stack frameworks at the function entry and exit.
When a function is called:
1) EIP/EBP becomes the boundary of the new function Stack
When a function is called, The EIP returned is first pushed into the stack. When a stack framework is created, the EBP of the upper-level function stack is pushed into the stack, and the EIP works together to form the boundary of the new function stack framework.
2) EBP becomes the stack framework pointer SFP, which is used to indicate the boundary of the new function stack.
After the stack framework is established, the content of the stack that EBP points to is the EBP of the upper-level function stack. As you can imagine, through EBP, You can traverse the stacks that call function layers, the debugger uses this feature to implement the backtrace function.
3) ESP always points to the top of the stack as a stack pointer to allocate stack space
Stack allocation space to the function of local variables is usually the statement to ESP minus a constant value, for example, to assign an integer data is ESP-4
4) function parameter transfer and local variable access can be achieved through SFP or EBP.
Because the stack framework pointer always points to the stack base address of the current function, access to parameters and local variables is usually in the following form:
+ 8 + XX (% EBP); function entry parameter access

-XX (% EBP); Function Local variable access 80x86 stack growth and push and pop1, stack to address reduction direction growth 2. Push, first press into the stack, then the ESP value is reduced; pop is the opposite. 3. ESP points to the value at the top of the stack, rather than the purpose of the general register in the next blank space of the stack 1. eax and ax: accumulators, all I/O commands use it to transmit information with external devices 2. EBX and Bx: these are often used as base address registers 3. ECx and CX: save count values 4, EDX, and DX: When performing a 4-or 2-word operation, you can set EDX (dx) and eax (ax) in combination, a four-character or two-character long data is stored. During some I/O operations, DX can put the port addresses of I/O 5, ESP, and SP: top pointer of the stack. 6. EBP and BP: base register 7. ESI and Si: Source Address Change 8. EDI and Di: invoke statement can call both Windows API and Assembly subroutine.
Format: invoke program name, parameter 1, parameter 2 ,....
Parameter 2 first enters the stack, parameter 1 re-enters the stack, and so on
For example, invoke mysubpro, eax, and ECx
The compiler will compile it into the following:
Push ECx
Push eax
Call mysubpro is similar to the condition selection statement in advanced languages,
. If condition 1
Statement 1
. Else condition 2
Statement 2
....
. Else
Statement 3
. Endif
However, after compilation
1. For if EBX
2. If eax is translated into or eax, eax
Je 0040100c if eax is 0, the condition is not met, jump to the next statement or next condition judgment, 0040100c is an example, that is, the address of the next statement. Loop statement. while condition .................... [. break [. if exit condition] [. contine]. endw. repeat ..................... [. break [. if exit condition] [. contine]. until condition (or. untilcxz [condition]) Labels and variables 1. Labels @: labels @ F: previous labels @ B: Next labels 2. Global variables are defined in. data and. data? 3. Use the local command to define the local variable name 1: type, variable name 2: type Data Structure 1. Declare wndclass struct ............... wndclass ends2. Define mystruct wndclass <1, 1 ,..., 1> mystruct wndclass <> 3. Use mov eax and mystruct. lpfnwndproc mov ESI, offset mystructassume ESI: PTR wndclassmov eax, [esi]. lpfnwndproc ....... assume ESI: The nothing variable uses 1, mov eax, dword prt variable name 2, sizeof: the length of the variable, data type, or data structure in bytes. Lengthof: gets the number of data items in the variable. 3. offset: the pseudo operator used to get the variable address. The ADDR is completed during compilation. The address is obtained at runtime.

Subroutine 1. Define the subroutine name proc [distance] [language type] [visible area] [users register list] [, parameter: type]... [vararg] local variable list ................................. ........... subroutine name endp2. If it is used before undefined, declare the function name proto [distance] [language] [parameter 1]: data type, [parameter 2]: data Type ,............... segment addressing in Protected Mode 1. The virtual address is XXXX: yyyyyyyyyyy 2. The 16-bit segment register only has 13 high bits to indicate the index value. The remaining three data bits are, 0th and 1 bits indicate the current priority of the program, and 2nd-bit Ti bits are used to represent the location of the segment descriptor; Ti = 0 indicates in gdt, AND Ti = 1 indicates in LDT. 3. 1. Check whether the Ti bit of XXXX is 0. If yes, obtain the gdt address from the GDTR register first. Then, in gdt, wait for the segment descriptor Based on the index value of the segment register to get the start address of the segment. 2. If the Ti bit of XXXX is 1, it indicates that the segment register stores segments in LDT. First, obtain the gdt address from the GDTR register, then obtain the index value of LDT in gdt from ldtr, index the location of the LDT segment in gdt, and search for the value in LDT by using the 13-bit high.