X86 CS IP

[Cs ip address]

2.10 CS and IP (1)

CS and IP are the two most critical registers in the 8086cpu, which indicate the address of the CPU to read the instruction. CS is the code segment register, and IP is the instruction pointer register. We can see their relationship with the instruction from the name.

On an 8086pc, set CS content to m and IP content to N at any time, And the 8086cpu reads and executes a command starting from memory M 16 + N Units.

It can also be expressed as follows: at any time on the 8086 host, the CPU executes the content that CS: IP points to as a command.

Figure 2.10 shows how the 8086cpu reads and executes commands (only components closely related to the problem to be explained are shown in the figure, and the numbers in the figure are hexadecimal ).

Figure 2.10 components related to reading and executing commands in 8086pc

Figure 2.10 is described as follows.

(1) 8086cpu Current status: the CS content is 2000 h, and the IP content is 0000 h;

(2) memory 20000h ~ The Unit 20009h stores executable machine codes;

(3) memory 20000h ~ The Assembly command corresponding to the machine code stored in unit 20009h is as follows.

Address: 20000h ~ 20002 H, content: B8 23 01, Length: 3 bytes, corresponding Assembly command: mov ax, 0123 H

Address: 20003h ~ 20005 H, content: BB 03 00, Length: 3 bytes, corresponding Assembly command: mov BX, 0003 H

Address: 20006h ~ 20007 H, content: 89 D8, Length: 2 bytes, corresponding Assembly command: mov ax, BX

Address: 20008h ~ 20009 H, content: 01 D8, Length: 2 bytes, corresponding Assembly command: Add ax, BX

The following figure shows a group of images (Figure 2.11 ~ Figure 2.19), as described in Figure 2.10, is the initial state. The 80-CPU reads and executes a command. Pay attention to the changes in each graph (the description of 8086cpu is carried out at the logic structure and macro process level, the objective is to give readers a clear and intuitive understanding of the CPU operating principles and lay the foundation for learning assembly languages. It hides the physical structure of the CPU and detailed work details ).

Figure 2.11 initial status (Cs: 2000 h, IP: 0000 h, CPU will Memory H × 16 + H reading command execution)

Figure 2.12 sending content in Cs and IP addresses to the address divider (address Addition Completed: physical address = segment address × 16 + offset address)

Figure 2.13 The address divider sends the physical address to the input/output control circuit

Figure 2.14 input/output control circuit transfers a physical address 20000h to the address bus

Figure 2.15 Machine command B8 23 01 sent to CPU through data bus

Figure 2.16 the input/output control circuit sends the machine instruction B8 23 01 to the instruction Buffer

Figure 2.17 the value in the IP address is automatically increased

(After reading an instruction, the value in the IP address is automatically increased so that the CPU can read the next instruction. Because the currently read command b82301

The length is 3 bytes, so the value in the IP address is 3. In this case, CS: IP points to memory unit 2000:0003 .)

2.10 CS and IP (2)

Figure 2.18 execution controller command B8 23 01 (mov ax, 0123 H)

Figure 2.19 command B8 23 01 after execution, the content in ax is 0123 H

(In this case, the CPU reads the command from the memory unit .)

The following figure shows a group of images (Figure 2.20 ~ Figure 2.26). In the initial state of Figure 2.19, the 80-CPU continues to read and execute three commands. Note the changes in the IP address (the following description hides the details of reading each command ).

Figure 2.20 Cs: 2000 h, IP: 0003 H (the CPU will read the command BB 03 00 from the memory of 2000h × 16 + 0003h)

Figure 2.21 The CPU reads the command BB 03 00 into the command buffer from the memory for H (add the value of 3 in the IP address)

Figure 2.22 Execute Command BB 03 00 (mov BX, 0003 H)

Figure 2.23 CPU reads command 89 D8 into command buffer from memory H (Value in IP address plus 2)

 

Figure 2.24 After executing command 89 D8 (mov ax, BX), the content in ax is 0003 H

Figure 2.25 CPU reads Instruction 01 D8 into instruction buffer from memory H (value of IP plus 2)

Figure 2.26 After executing command 01 D8 (add ax, BX), the content in ax is 0006 H

The above process shows a brief description of the operating process of the 8086cpu as follows.

(1) read commands from the Cs: Memory Unit pointed to by the IP address, and read the commands into the instruction buffer;

(2) IP = IP + the length of the read command to point to the next command;

(3) execute commands. Go to step (1) and repeat this process.

After the 8086cpu is powered on or reset (that is, when the CPU is started), Cs and IP are set to cs = ffffh, IP = 0000 h, that is, when the 8086pc is started, the CPU reads and executes commands from the ffff0h unit in the memory. The command in the ffff0h unit is the First Command executed after the 8086pc instance is started.

Now we know more about the importance of CS and IP, and their content provides the address for the CPU to execute commands.

As we mentioned in chapter 1, there is no difference between commands and data in the memory. They are binary information. When the CPU is working, it regards some information as instructions and some information as data. Now, if you ask a question: what does the CPU regard the information in the memory as a command? How to answer? We can say that the CPU regards the content in the memory unit pointed to by CS: IP as an instruction, because at any time, the CPU regards the content in Cs and IP as the instruction segment address and offset address, use them to synthesize the physical address of the instruction, read and execute the instruction code in the memory. If a piece of information in the memory has been executed by the CPU, the memory unit in which it is located must be directed by CS: IP.

2.11 commands for modifying CS and IP addresses

In the CPU, programmers can read and write commands only by using registers. programmers can control the CPU by changing the content in the registers. Where the CPU executes commands is determined by the content in Cs and IP addresses. programmers can control the CPU to execute the target commands by changing the content in Cs and IP addresses.

How can we change the value of CS and IP addresses? Obviously, the 8086cpu must provide corresponding commands. How do we modify the value in ax? You can use mov commands, such as mov ax and 123, to set the value in ax to 123. Obviously, we can also set the value of other registers in the same way, such as mov BX, 123, moV CX, 123, mov dx, 123, etc. In fact, the mov command can be used to change the value of most registers of the 8086cpu. The mov command is called a transfer command.

However, the mov command cannot be used to set the Cs and IP values, because 8086cpu does not provide such a function. 8086cpu provides additional commands for CS and IP addresses to change their values. Commands that can change the content of CS and IP addresses are collectively referred to as transfer commands (We will conduct further research later ). Now we will introduce the simplest command for modifying CS and IP addresses: JMP command.

If you want to modify the Cs and IP content at the same time, the command can be completed in the form of "JMP segment address: Offset address", as shown in figure

JMP 2ae3: 3, after execution: cs = 2ae3h, IP = 0003 H, the CPU will read the command from 2ae33h.

JMP 3: 0f8, after execution: cs = 0003 H, IP = 0b16h, the CPU will read the command from 00b46h.

The "JMP segment address: Offset address" command can be used to modify CS segments and IP addresses.

If you want to modify only the content of the IP address, the command can be completed in the form of "JMP a valid register", as shown in figure

JMP ax, before command execution: AX = 1000 h, cs = 2000 h, IP = 0003 H After the command is executed: AX = 1000 h, cs = 2000 h, IP = 1000 h Jmp bx, before command execution: BX = 0b16h, cs = 2000 h, IP = 0003 H After the command is executed: BX = 0b16h, cs = 2000 h, IP = 0b16h

The function of the "JMP a valid register" command is to modify the IP address with the value in the register.

The meaning of JMP ax is as follows: mov IP, ax.

Note: When appropriate, we will use the known assembly instruction syntax to describe the functions of the newly learned assembly instruction. This method is used to make readers better understand the functions of assembly instructions. This helps readers to integrate their knowledge. It should be emphasized that we use the "known assembly instruction Syntax" to describe, rather than the "known assembly instruction". For example, we use mov IP, to describe JMP ax, ax does not mean that there are commands such as mov IP and ax. Instead, it uses the mov command syntax to describe the functions of JMP commands. We can describe the JMP 3: 01b6 function in the same way: JMP 3: 01b6 in terms of meaning as mov CS, 3 mov IP, 01b6.

The machine code stored in the memory and the corresponding assembly instructions are as follows: 2.27. Set the initial CPU status: cs = 2000 h, IP = 0000 h. Write the instruction execution sequence. After thinking, let's look at the analysis.

Figure 2.27 machine codes stored in memory and corresponding Assembly commands

Analysis:

The CPU executes the commands shown in Figure 2.27 as follows.

(1) If the current CS is 2000 h and the IP address is 0000 h, the CPU reads the command from the memory of 2000h × 16 + 0 = 20000h. The READ command is: b8 22 66 (mov ax, 6622 H), after reading, IP = IP + 3 = 0003 h;

(2) After the command is executed, if CS is 2000 h and IP is 0003 H, the CPU reads the command from the memory of 0003 H × 16 + H = H. The READ command is: EA 03 00 00 10 (JMP 1000:0003), after reading, IP = IP + 5 = 0008 h;

(3) After the command is executed, if CS is 1000 h and IP is 0003 H, the CPU reads the command from the memory of 0003 H × 16 + H = H. The READ command is: b8 00 00 (mov ax, 0000), IP address = IP + 3 = 0006 h after reading;

(4) After the command is executed, if CS is 1000 h and IP is 0006 H, the CPU reads the command from the memory of 0006 H × 16 + H = H. The READ command is: 8b D8 (mov BX, ax), after reading, IP = IP + 2 = 0008 h;

(5) After the command is executed, if CS is 1000 h and IP is 0008 H, the CPU reads the command from the memory of 0008 H × 16 + H = H. The READ command is: FF E3 (jmp bx), IP address = IP + 2 = 000ah after reading;

(6) After the command is executed, the cs = 1000 h, IP = 0000 h, and the CPU reads the command from Memory swap h ......

After analysis, we can see that the command execution sequence is:

(1) mov ax, 6622 H

(2) JMP 1000:3

(3) mov ax, 0000

(4) mov BX, ax

(5) JMP BX

(6) movax, 0123 H

(7) Go to Step 1 for execution

2.12 code segment (1)

As mentioned above, for 8086pc machines, a group of memory units can be defined as a segment as needed during programming. We can put a group of code with a length of n (n ≤ 64kb) in a group of memory units with a sequential address and a starting address multiple of 16. We can think that, this memory is used to store code and thus define a code segment. For example:

mov ax,0000   (B8 00 00) add ax,0123   (05 23 01) mov bx,ax     (8B D8) jmp bx         (FF E3)

This 10-byte instruction is stored in 123b0h ~ In a group of memory units of 123b9h, we can think that 123b0h ~ The memory size of 123b9h is used to store code. It is a code segment. Its segment address is 123bh and its length is 10 bytes.

How can we make the commands in the code segment be executed? Using a piece of memory as a code segment is just an arrangement during programming. The CPU does not automatically execute the commands in the code segment as commands. CPU only recognizes Cs: the content in the memory unit pointed to by the IP address is a command. Therefore, to let the CPU execute the commands we put in the code segment, you must point Cs: IP to the first address of the first command in the defined code segment. For the above example, we store a piece of code in 123b0h ~ In the memory unit of 123b9h, it is defined as a code segment. to execute this code, you can set CS to 123bh and IP to 0000 h.

2.9 ~ Conclusion 2.12

(1) The segment address is stored in the segment register of 8086cpu. When the 8086cpu needs to access the memory, the segment address of the memory unit is provided by the segment register. The 8086cpu has four segment registers, in which CS is used to store the segment address of the instruction.

(2) The segment address of the CS command and the offset address of the IP address for storing the command.

At any time on the 8086 host, the CPU executes the Cs: IP point content as a command.

(3) 8086cpu operation process:

① Read commands from CS: memory units pointed to by IP addresses, and read commands enter the instruction buffer;

② IP points to the next instruction;

③ Execute commands. (Go to Step 1 and repeat this process .)

(4) The 8086cpu provides the transfer instruction to modify the Cs and IP content.

Detection site 2.3

How many times does the CPU modify the IP address after the following three commands are executed? When? What is the value of the last IP address?

mov ax,bx sub ax,ax jmp ax

Experiment 1: View CPU and memory, and program with machine instructions and assembly instructions

1. Prerequisites: Use of DEBUG

We will use the debug program in all future experiments. First, we will learn its main usage.

(1) What is debug?

Debug is a debugging tool for real-mode (8086) programs provided by DOS and Windows. You can use it to view the content in various registers of the CPU, the memory conditions, and the running of the tracing program at the machine code level.

(2) The debug function we use.

Use the R command of DEBUG to view and change the content of the CPU register;
Use the debug D command to view the content in the memory;
Use the debug e command to rewrite the content in the memory;
Use the debug U command to translate the machine commands in the memory into assembly commands;
Execute a machine command using the debug t command;
Use the debug a command to write a machine command in the memory in the format of Assembly command.

There are more than 20 debug commands in total, but these six commands are closely related to Assembly Learning. In future experiments, we will also use a p command.

(3) Go to debug.

Debug is a program used in DOS mode. Before entering debug, we should first enter the DOS mode. Use the following method to enter DoS.

① Restart the computer and enter the DOS mode. At this time, the real-mode DoS is entered.

② Enter the DOS mode in windows, and then enter the virtual 8086 mode dos.

The following describes a method for entering debug in Windows 2000. The method for entering debug in Windows 98 is similar.

Select the run command in the Start Menu, as shown in 2.28, open the run dialog box, as shown in 2.29, enter "Command" in the text box, and click OK.

Figure 2.28 select the Run Command

Figure 2.29 enter "Command" in the text box"

After entering the DOS mode, if the window mode is displayed, press Alt + enter to change the window to full screen mode. Then run the debug program, as shown in 2.30. This program is usually under C:/Windows98/command in Windows 98 and C:/winnt/System in Windows 2000. Because the system specifies the search path, it can run in any path.

Figure 2.30 run the debug program

(4) use the R command to view and change the content of the CPU register.

We already know the six registers ax, BX, CX, dx, Cs, and IP. Now let's take a look at the content in these registers, as shown in Figure 2.31. We will ignore other registers such as SP, BP, Si, Di, DS, es, SS, and Mark register.

Figure 2.31 use the R command to view the content of each register in the CPU

Note the Cs and IP values. cs = 0ca 2 and IP = 0100. That is to say, the command at memory 0ca 2: 0100 is the command to be read and executed by the CPU. Below all registers, debug also lists the machine code stored in the memory unit location that CS: IP points to, and translates it into assembly instructions. As you can see, CS: IP points to the memory unit 0ca 2: 0100, the machine code stored here is 02 75 48, and the corresponding Assembly command is add DH, [di + 48] (we do not know the meaning of this instruction, so we do not need to go into it ).

In the lower-right corner of the debug output, there is a message: "ds: 0048 = 0". We will explain it later. We do not need to go into it here.