Recently I discovered the underlying principle lack of knowledge, and therefore it is about re-compilation, in order to have a better understanding of the system offense and defense technology
Below is illustrated the entire 80X86 Register:
Four data registers (EAX, EBX, ECX, and EDX)
2 variant addresses and pointer register (ESI and EDI) 2 pointer register (ESP and EBP)
. 6 segment registers (ES, CS, SS, DS , FS , and GS )
an instruction pointer register (the EIP) a flag register (EFLAGS)
Action: is a register central processor components within. Register is limited storage capacity high-speed storage means, they can be used for temporarily storing commands , data and addresses . In the central processor control means, the registers are contained in instruction register (IR) and program counter (PC). In the central processor arithmetic and logic unit, the registers are accumulator (the ACC) (from Wikipedia)
The following description of the various types of registers:
1. Data Register
Action: mainly used to save the data register operands and results of the operation information and the like, thus saving the time required to read the operand to access memory and bus occupancy
Register data store:
In the memory, since the memory cell unit is a byte, a word just to use two consecutive addresses of memory cells to store, there is a low word low byte address unit.
Byte 0 data is stored in address location 20H, font data stored in the address location 0 is 4E20H, 2 byte data is stored in address location 12H, font data stored in the address unit 2 is 0012H
Compilation command:
2. Segment Register
Action : segment register is because the memory management provided in segments. Computer memory segments need to be assigned to different uses (like hard tab )
Treatment: 8086CPU has 20 address lines, the maximum addressable memory space of 1MB. While 8086 is only 16-bit registers, instruction pointer (IP) and index register (SI, DI) are 16-bit. 16-bit address of the 1MB address space is not possible. Therefore, it is imperative memory segments,
1MB i.e. the space is divided into 2 ^ 4, i.e., 16 segments, each of not more than 64KB (2 ^ 16,16-bit data lines to be addressed)
Each register description:
Segment registers CS: program storage memory segment point, the IP is used to store instructions to be executed under conditions in the segment offset, they may be taken together to be executed next instruction in the memory segment
segment register SS: point memory segments for the stack, SP points to the top of the stack is used, and put them together to access the stack unit. Further, when the shift amount uses a pointer register BP, it is the default segment register SS, BP and with access to the entire stack, the stack just accessed only
segment registers DS: point to data segments, ES additional segment point, when accessing an operand, and either can be combined to give an offset to a physical address of a memory cell. The offset value may be a specific one, and the value of the address pointer register symbols, etc., by addressing the specific case of the instruction to determine
Typically, the default data segment register is the DS, with one exception, namely: performing string in operation, a segment register is specified as the destination address ES. Of course, in the general instructions, we can also change the "para-substituted" field prefix to modify the operand segment register
"optional segment register" that is described values of these segment registers with a strong set as its operation segment address number address
3. Pointer Register
SS, SP, BP three registers
SS: segment address stack storage;
SP: Stack register SP (stack pointer) storing offset address stack;
on BP: base pointer register BP (base pointer) is a register that uses a special bit, and SP are combined used, used as a calibration SP, only looking at the stack of data and the use of individual addressing when they could be used
The SP, BP generally associated with SS segment register to determine the address of a cell in the stack register, SP is used to indicate the offset address of the stack, the stack area BP as one group address in the stack to determine the operand address
https://my.oschina.net/orion/blog/15879 (reference)
For chestnut:
Calling the function test (int p1, int p2) assembler code
; before the execution of the function is assumed as the stack pointer ESP NN
Push P2; 2 parameter stack, ESP - = 4H, ESP = NN - 4H
Push P1; a parameter stack, ESP - = 4H, the ESP = NN - 8H
Call Test; pushed onto the return address ESP - = 4h, ESP = NN - 0Ch ( CALL instruction will note the return address onto the stack)
; // into the function
{
Push EBP; previously protected pointer EBP, EBP stack, ESP- = 4H, the ESP = NN - 10H
MOV EBP, ESP; set top of the stack pointer to EBP-10H NN
MOV EAX, DWORD PTR [EBP + 0CH]; EBP + 0CH as NN-4h, i.e., the parameter 2 a position where you can see the effect of BP of the
mov ebx, dword ptr [ebp + 08h]; ebp + 08h as NN-8h, i.e. the parameter 1 position where you can see the effect of BP of the
ub esp, 8; local variable space occupied ESP- = 8, ESP = (address of the outsole stack) NN-18h
; This is applied for a local variable space.
...
the Add ESP,. 8; the release of a local variable, ESP + = 8, ESP = NN-10h
; (Assuming the above EBP instruction has not changed, then direct MOV ESP, EBP stack can reach equilibrium,
; Indeed often so used)
POP EBP; the stack, recovery EBP, the ESP + =. 4, the ESP-NN = 0Ch
RET. 8; RET returns, pop the return address, ESP + = 4, ESP = NN-08h,
; Behind the increase operand stack 8 is balanced, ESP + = 8, ESP = NN, restore function before entering the stack
; Why Test Functions 8 because there are two parameters, 8 is the corresponding parameters onto the stack when the two SP decreased by 8?
}
Had been ESP is a pointer to top of the stack, the stack pointer EBP only access a certain time, in order to facilitate the operation of the stack, such as access to the function parameters, local variables, etc.
4. Control Registers
