X86 register
Table of Contents
首先介绍x86,x64, x86_64, amd64。
X86 64 Register and Instruction Quick Start
Contents
Registers
General-Purpose Registers
Floating-Point and SIMD Registers
Instructions
Starter Kit
Resources
x86 Registers
General registers
Segment registers
Indexes and pointers
The EFLAGS register
Undocumented registers
CPU Registers x86-64
Contents
General Purpose Registers
Pointer Registers
Segment Registers
RFLAGS Register
Control Registers
CR0
CR2
CR3
CR4
CR8
CR1, CR5-7, CR9-15
MSRs
IA32_EFER
FS.base, GS.base
KernelGSBase
Debug Registers
DR0 - DR3
DR6
DR7
Test Registers
Protected Mode Registers
GDTR
LDTR
TR
IDTR
首先介绍x86,x64, x86_64, amd64。
- x86:386,586, 686等等的32位处理器;
- amd64:amd公司推出的领先于Intel的cpu,64位;
- x64:传统意义上的64位系统;
- x86_64:x86坐不住了,在原有x86基础上发展起来的64微系统;
然后,当然了,以我以往的作风,当然是直接粘贴英文文章喽!
X86 64 Register and Instruction Quick Start
原文地址:https://wiki.cdot.senecacollege.ca/wiki/X86_64_Register_and_Instruction_Quick_Start
This page contains very basic information on the x86_64 architecture: the [Register|register] layout and naming and the some basic instructions.
Contents
- 1 Registers
- 1.1 General-Purpose Registers
- 1.2 Floating-Point and SIMD Registers
- 2 Instructions
- 2.1 Starter Kit
- 3 Resources
Registers
General-Purpose Registers
The 64-bit versions of the 'original' x86 registers are named:
- rax - register a extended
- rbx - register b extended
- rcx - register c extended
- rdx - register d extended
- rbp - register base pointer (start of stack)
- rsp - register stack pointer (current location in stack, growing downwards)
- rsi - register source index (source for data copies)
- rdi - register destination index (destination for data copies)
The registers added for 64-bit mode are named:
- r8 - register 8
- r9 - register 9
- r10 - register 10
- r11 - register 11
- r12 - register 12
- r13 - register 13
- r14 - register 14
- r15 - register 15
These may be accessed as:
- 64-bit registers using the 'r' prefix: rax, r15
- 32-bit registers using the 'e' prefix (original registers: e_x) or 'd' suffix (added registers: r__d): eax, r15d
- 16-bit registers using no prefix (original registers: _x) or a 'w' suffix (added registers: r__w): ax, r15w
- 8-bit registers using 'h' ("high byte" of 16 bits) suffix (original registers - bits 8-15: _h): ah, bh
- 8-bit registers using 'l' ("low byte" of 16 bits) suffix (original registers - bits 0-7: _l) or 'b' suffix (added registers: r__b): al, bl, r15b
Usage during syscall/function call:
- First six arguments are in rdi, rsi, rdx, rcx, r8d, r9d; remaining arguments are on the stack.
- For syscalls, the syscall number is in rax.
- Return value is in rax.
- The called routine is expected to preserve rsp,rbp, rbx, r12, r13, r14, and r15 but may trample any other registers.
Floating-Point and SIMD Registers
x86_64 also defines a set of large registers for floating-point and single-instruction/multiple-data (SIMD) operations. For details, refer to the Intel or AMD documentation.
Instructions
Starter Kit
These instructions are sufficient to complete the SPO600 Assembler Lab (GAS syntax):
add %r10,%r11 // add r10 and r11, put result in r11
cmp %r10,%r11 // compare register r10 with register r11. The comparison sets flags in the processor status register which affect conditional jumps.
cmp $99,%r11 // compare the number 99 with register r11. The comparison sets flags in the processor status register which affect conditional jumps.
div %r10 // divide rax by the given register (r10), places quotient into rax and remainder into rdx (rdx must be zero before this instruction)
inc %r10 // increment r10
jmp label // jump to label
je label // jump to label if equal
jne label // jump to label if not equal
jl label // jump to label if less
jg label // jump to label if greater
mov %r10,%r11 // move data from r10 to r11
mov $99,%r10 // put the immediate value 99 into r10
mov %r10,(%r11) // move data from r10 to address pointed to by r11
mov (%r10),%r11 // move data from address pointed to by r10 to r10
mul %r10 // multiplies rax by r10, places result in rax and overflow in rdx
push %r10 // push r10 onto the stack
pop %r10 // pop r10 off the stack
syscall // invoke a syscall (in 32-bit mode, use "int $0x80" instead)
Note the syntax:
- Register names are prefixed by %
- Immediate values are prefixed by $
- Indirect memory access is indicated by (parenthesis).
- Hexadecimal values are indicated by a 0x prefix.
- Character values are indicated by quotation marks. Escapes (such as '\n') are permitted.
- Data sources are given as the first argument (mov %r10,%r11 moves FROM r10 INTO r11).
For the MOV instruction:
- You can append a suffix indicating the amount of data to be moved -- e.g., q for quadword (64 bits), d for doubleword (32 bits), w for word (16 bits), or b for byte (8 bits).
Resources
- CPU Instruction Set and Software Developer Manuals
- AMD: http://developer.amd.com/resources/documentation-articles/developer-guides-manuals/
- Intel: http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
- Web sites
- http://ref.x86asm.net/
- http://sandpile.org/
- GAS Manual - Using as, The GNU Assembler: https://sourceware.org/binutils/docs/as/
x86 Registers
原文地址:http://www.eecg.toronto.edu/~amza/www.mindsec.com/files/x86regs.html
The main tools to write programs in x86 assembly are the processor registers. The registers are like variables built in the processor. Using registers instead of memory to store values makes the process faster and cleaner. The problem with the x86 serie of processors is that there are few registers to use. This section describes the main use of each register and ways to use them. That in note that the rules described here are more suggestions than strict rules. Some operations need absolutely some kind of registers but most of the you can use any of the freely.
Here is a list of the available registers on the 386 and higher processors. This list shows the 32 bit registers. Most of the can be broken down to 16 or even 8 bits register.
General registers
EAX EBX ECX EDXSegment registers
CS DS ES FS GS SSIndex and pointers
ESI EDI EBP EIP ESPIndicator
EFLAGS
General registers
As the title says, general register are the one we use most of the time Most of the instructions perform on these registers. They all can be broken down into 16 and 8 bit registers.
32 bits : EAX EBX ECX EDX
16 bits : AX BX CX DX8 bits : AH AL BH BL CH CL DH DL
The "H" and "L" suffix on the 8 bit registers stand for high byte and low byte. With this out of the way, let's see their individual main use
EAX,AX,AH,AL : Called the Accumulator register. It is used for I/O port access, arithmetic, interrupt calls,etc...EBX,BX,BH,BL : Called the Base registerIt is used as a base pointer for memory accessGets some interrupt return valuesECX,CX,CH,CL : Called the Counter registerIt is used as a loop counter and for shiftsGets some interrupt valuesEDX,DX,DH,DL : Called the Data registerIt is used for I/O port access, arithmetic, some interrupt calls.
Segment registers
Segment registers hold the segment address of various items. They are only available in 16 values. They can only be set by a general register or special instructions. Some of them are critical for the good execution of the program and you might want to consider playing with them when you'll be ready for multi-segment programming
CS : Holds the Code segment in which your program runs.Changing its value might make the computer hang.DS : Holds the Data segment that your program accesses.Changing its value might give erronous data.ES,FS,GS : These are extra segment registers available forfar pointer addressing like video memory and such.SS : Holds the Stack segment your program uses.Sometimes has the same value as DS.Changing its value can give unpredictable results,mostly data related.
Indexes and pointers
Indexes and pointer and the offset part of and address. They have various uses but each register has a specific function. They some time used with a segment register to point to far address (in a 1Mb range). The register with an "E" prefix can only be used in protected mode.
ES:EDI EDI DI : Destination index registerUsed for string, memory array copying and setting andfor far pointer addressing with ESDS:ESI EDI SI : Source index registerUsed for string and memory array copyingSS:EBP EBP BP : Stack Base pointer registerHolds the base address of the stackSS:ESP ESP SP : Stack pointer registerHolds the top address of the stackCS:EIP EIP IP : Index PointerHolds the offset of the next instructionIt can only be read
The EFLAGS register
The EFLAGS register hold the state of the processor. It is modified by many intructions and is used for comparing some parameters, conditional loops and conditionnal jumps. Each bit holds the state of specific parameter of the last instruction. Here is a listing :
Bit Label Desciption
---------------------------
0 CF Carry flag
2 PF Parity flag
4 AF Auxiliary carry flag
6 ZF Zero flag
7 SF Sign flag
8 TF Trap flag
9 IF Interrupt enable flag
10 DF Direction flag
11 OF Overflow flag
12-13 IOPL I/O Priviledge level
14 NT Nested task flag
16 RF Resume flag
17 VM Virtual 8086 mode flag
18 AC Alignment check flag (486+)
19 VIF Virutal interrupt flag
20 VIP Virtual interrupt pending flag
21 ID ID flagThose that are not listed are reserved by Intel.
Undocumented registers
There are registers on the 80386 and higher processors that are not well documented by Intel. These are divided in control registers, debug registers, test registers and protected mode segmentation registers. As far as I know, the control registers, along with the segmentation registers, are used in protected mode programming, all of these registers are available on 80386 and higher processors except the test registers that have been removed on the pentium. Control registers are CR0 to CR4, Debug registers are DR0 to DR7, test registers are TR3 to TR7 and the protected mode segmentation registers are GDTR (Global Descriptor Table Register), IDTR (Interrupt Descriptor Table Register), LDTR (Local DTR), and TR.
CPU Registers x86-64
原文地址:https://wiki.osdev.org/CPU_Registers_x86-64
Contents[hide]
|
General Purpose Registers
| Monikers | Description | ||||
|---|---|---|---|---|---|
| 64-bit | 32-bit | 16-bit | 8 high bits of lower 16 bits | 8-bit | |
| RAX | EAX | AX | AH | AL | Accumulator |
| RBX | EBX | BX | BH | BL | Base |
| RCX | ECX | CX | CH | CL | Counter |
| RDX | EDX | DX | DH | DL | Data (commonly extends the A register) |
| RSI | ESI | SI | N/A | SIL | Source index for string operations |
| RDI | EDI | DI | N/A | DIL | Destination index for string operations |
| RSP | ESP | SP | N/A | SPL | Stack Pointer |
| RBP | EBP | BP | N/A | BPL | Base Pointer (meant for stack frames) |
| R8 | R8D | R8W | N/A | R8B | General purpose |
| R9 | R9D | R9W | N/A | R9B | General purpose |
| R10 | R10D | R10W | N/A | R10B | General purpose |
| R11 | R11D | R11W | N/A | R11B | General purpose |
| R12 | R12D | R12W | N/A | R12B | General purpose |
| R13 | R13D | R13W | N/A | R13B | General purpose |
| R14 | R14D | R14W | N/A | R14B | General purpose |
| R15 | R15D | R15W | N/A | R15B | General purpose |
Note: you cannot access AH, BH, CH and DH when using the REX.W instruction prefix. This prefix is added (automatically by assemblers) when an operand contains a 64-bit register.
Pointer Registers
| Monikers | Description | ||
|---|---|---|---|
| 64-bit | 32-bit | 16-bit | |
| RIP | EIP | IP | Instruction Pointer |
Note: The instruction pointer can only be used in RIP-relative addressing, which was introduced with long mode.
Segment Registers
All these are 16 bits long.
| Moniker | Description |
|---|---|
| CS | Code Segment |
| DS | Data Segment |
| SS | Stack Segment |
| ES | Extra Segment (used for string operations) |
| FS | General-purpose Segment |
| GS | General-purpose Segment |
Segments of CS, DS, ES, and SS are treated as if their base was 0 no matter what the segment descriptors in the GDT say. Exceptions are FS and GS which have MSRs to change their base.
Limit checks are disabled for all segments.
RFLAGS Register
| Bit(s) | Label | Description |
|---|---|---|
| 0 | CF | Carry Flag |
| 1 | 1 | Reserved |
| 2 | PF | Parity Flag |
| 3 | 0 | Reserved |
| 4 | AF | Auxiliary Carry Flag |
| 5 | 0 | Reserved |
| 6 | ZF | Zero Flag |
| 7 | SF | Sign Flag |
| 8 | TF | Trap Flag |
| 9 | IF | Interrupt Enable Flag |
| 10 | DF | Direction Flag |
| 11 | OF | Overflow Flag |
| 12-13 | IOPL | I/O Privilege Level |
| 14 | NT | Nested Task |
| 15 | 0 | Reserved |
| 16 | RF | Resume Flag |
| 17 | VM | Virtual-8086 Mode |
| 18 | AC | Alignment Check / Access Control |
| 19 | VIF | Virtual Interrupt Flag |
| 20 | VIP | Virtual Interrupt Pending |
| 21 | ID | ID Flag |
| 22-63 | 0 | Reserved |
Control Registers
CR0
| Bit(s) | Label | Description |
|---|---|---|
| 0 | PE | Protected Mode Enable |
| 1 | MP | Monitor Co-Processor |
| 2 | EM | Emulation |
| 3 | TS | Task Switched |
| 4 | ET | Extension Type |
| 5 | NE | Numeric Error |
| 6-15 | 0 | Reserved |
| 16 | WP | Write Protect |
| 17 | 0 | Reserved |
| 18 | AM | Alignment Mask |
| 19-28 | 0 | Reserved |
| 29 | NW | Not-Write Through |
| 30 | CD | Cache Disable |
| 31 | PG | Paging |
| 32-63 | 0 | Reserved |
NOTE that this register is the only control register that can be written and read via 2 ways unlike the other that can be accessed only via the MOV instruction
;way 1:
;write:
mov cr0,reg32(64)
;read:
mov reg32(64),cr0
;----------------------
;way 2:
;write:
lmsw reg16(32/64) ; the 'w' in lms(w) stands for word size (16 bit) but the instruction itself can modify the upper 48 bit of cr0 using instruction overrides.;read:
smsw reg16(32/64) ; SAME as aboveCR2
This control register contains the linear (virtual) address which triggered a page fault, available in the page fault's interrupt handler.
CR3
| Bit(s) | Label | Description | Condition | |
|---|---|---|---|---|
| 0-11 | 0-2 | 0 | Reserved | CR4.PCIDE = 0 |
| 3 | PWT | Page-Level Write Through | ||
| 5 | PCD | Page-Level Cache Disable | ||
| 5-11 | 0 | Reserved | ||
| 0-11 | PCID | CR4.PCIDE = 1 | ||
| 12-63 | Physical Base Address of the PML4 | |||
Note that this must be page aligned
CR4
| Bit(s) | Label | Description |
|---|---|---|
| 0 | VME | Virtual-8086 Mode Extensions |
| 1 | PVI | Protected Mode Virtual Interrupts |
| 2 | TSD | Time Stamp enabled only in ring 0 |
| 3 | DE | Debugging Extensions |
| 4 | PSE | Page Size Extension |
| 5 | PAE | Physical Address Extension |
| 6 | MCE | Machine Check Exception |
| 7 | PGE | Page Global Enable |
| 8 | PCE | Performance Monitoring Counter Enable |
| 9 | OSFXSR | OS support for fxsave and fxrstor instructions |
| 10 | OSXMMEXCPT | OS Support for unmasked simd floating point exceptions |
| 11 | UMIP | User-Mode Instruction Prevention (SGDT, SIDT, SLDT, SMSW, and STR are disabled in user mode) |
| 12 | 0 | Reserved |
| 13 | VMXE | Virtual Machine Extensions Enable |
| 14 | SMXE | Safer Mode Extensions Enable |
| 15 | 0 | Reserved |
| 17 | PCIDE | PCID Enable |
| 18 | OSXSAVE | XSAVE And Processor Extended States Enable |
| 19 | 0 | Reserved |
| 20 | SMEP | Supervisor Mode Executions Protection Enable |
| 21 | SMAP | Supervisor Mode Access Protection Enable |
| 22-63 | 0 | Reserved |
CR8
CR8 is a new register accessible in 64-bit mode using the REX prefix. CR8 is used to prioritize external interrupts and is referred to as the task-priority register (TPR).
The AMD64 architecture allows software to define up to 15 external interrupt-priority classes. Priority classes are numbered from 1 to 15, with priority-class 1 being the lowest and priority-class 15 the highest. CR8 uses the four low-order bits for specifying a task priority and the remaining 60 bits are reserved and must be written with zeros.
System software can use the TPR register to temporarily block low-priority interrupts from interrupting a high-priority task. This is accomplished by loading TPR with a value corresponding to the highest-priority interrupt that is to be blocked. For example, loading TPR with a value of 9 (1001b) blocks all interrupts with a priority class of 9 or less, while allowing all interrupts with a priority class of 10 or more to be recognized. Loading TPR with 0 enables all external interrupts. Loading TPR with 15 (1111b) disables all external interrupts.
The TPR is cleared to 0 on reset.
| Bit | Purpose |
|---|---|
| 0-3 | Priority |
| 4-63 | Reserved |
CR1, CR5-7, CR9-15
Reserved, the cpu will throw a #ud exeption when trying to access them.
MSRs
IA32_EFER
Extended Feature Enable Register (EFER) is a model-specific register added in the AMD K6 processor, to allow enabling the SYSCALL/SYSRET instruction, and later for entering and exiting long mode. This register becomes architectural in AMD64 and has been adopted by Intel. Its MSR number is 0xC0000080.
| Bit(s) | Label | Description |
|---|---|---|
| 0 | SCE | System Call Extensions |
| 1-7 | 0 | Reserved |
| 8 | LME | Long Mode Enable |
| 10 | LMA | Long Mode Active |
| 11 | NXE | No-Execute Enable |
| 12 | SVME | Secure Virtual Machine Enable |
| 13 | LMSLE | Long Mode Segment Limit Enable |
| 14 | FFXSR | Fast FXSAVE/FXRSTOR |
| 15 | TCE | Translation Cache Extension |
| 16-63 | 0 | Reserved |
FS.base, GS.base
MSRs with the addresses 0xC0000100 (for FS) and 0xC0000101 (for GS) contain the base addresses of the FS and GS segment registers. These are commonly used for thread-pointers in user code and CPU-local pointers in kernel code. Safe to contain anything, since use of a segment does not confer additional privileges to user code.
In newer CPUs, these can also be written with WRFSBASE and WRGSBASE instructions at any privilege level.
KernelGSBase
MSR with the address 0xC0000102. Is basically a buffer that gets exchanged with GS.base after a swapgs instruction. Usually used to seperate kernel and user use of the GS register.
Debug Registers
DR0 - DR3
Contain linear addresses of up to 4 breakpoints. If paging is enabled, they are translated to physical addresses.
DR6
It permits the debugger to determine which debug conditions have occured. When an enabled debug exception is enabled, low order bits 0-3 are set before entering debug exception handler.
DR7
| Bit | Description |
|---|---|
| 0 | Local DR0 Breakpoint |
| 1 | Global DR0 Breakpoint |
| 2 | Local DR1 Breakpoint |
| 3 | Global DR1 Breakpoint |
| 4 | Local DR2 Breakpoint |
| 5 | Global DR2 Breakpoint |
| 6 | Local DR3 Breakpoint |
| 7 | Global DR3 Breakpoint |
| 16-17 | Conditions for DR0 |
| 18-19 | Size of DR0 Breakpoint |
| 20-21 | Conditions for DR1 |
| 22-23 | Size of DR1 Breakpoint |
| 24-25 | Conditions for DR2 |
| 26-27 | Size of DR2 Breakpoint |
| 28-29 | Conditions for DR3 |
| 30-31 | Size of DR3 Breakpoint |
A local breakpoint bit deactivates on hardware task switches, while a global does not.
00b condition means execution break, 01b means a write watchpoint, and 11b means an R/W watchpoint. 10b is reserved for I/O R/W (unsupported).
Test Registers
| Name | Description |
|---|---|
| TR3 - TR5 | Undocumented |
| TR6 | Test Command Register |
| TR7 | Test Data Register |
Protected Mode Registers
GDTR
| Operand Size | Label | Description | |
|---|---|---|---|
| 64-bit | 32-bit | ||
| Bits 0-15 | Limit | Size of GDT | |
| Bits 16-79 | Bits 16-47 | Base | Starting Address of GDT |
LDTR
Stores the segment selector of the LDT.
TR
Stores the segment selector of the TSS.
IDTR
| Operand Size | Label | Description | |
|---|---|---|---|
| 64-bit | 32-bit | ||
| Bits 0-15 | Limit | Size of IDT | |
| Bits 16-79 | Bits 16-47 | Base | Starting Address of IDT |
Retrieved from "https://wiki.osdev.org/index.php?title=CPU_Registers_x86-64&oldid=22538"
Categories:
- CPU Registers
- Disputed Pages
X86 register相关推荐
- Linux虚拟化KVM-Qemu分析(四)之CPU虚拟化(2)
Table of Contents 1. 概述 1.1 CPU工作原理 1.2 guest模式 2. 流程分析 2.1 vcpu的创建 2.1.1 qemu中vcpu创建 2.1.2 kvm中vcpu ...
- [CSAW‘22] 世界这么大
目录 pwn-ezROP baby Windows 未作 how2pwn 未作成 shello world 未完成 Crypto: Gotta Crack Them All 未完成 Phi Too M ...
- 听说,英特尔要对外开放 x86 授权?
整理 | 郑丽媛 出品 | CSDN(ID:CSDNnews) 同为主流芯片架构,相较于可申请授权的 ARM 和开源的 RISC-V,x86 一直以来都保持着"高高在上"的立场-- ...
- x86汇编语言从实模式百度云_Intel x86 CPU 32位保护模式杂谈之任务切换 上
目录: 什么是任务 任务由什么组成 任务门描述符是什么东东?有了TSS描述符为什么要有任务门描述符? 参考文献 什么是任务 任务(task)是处理器可以分配.执行.挂起的工作单位,笔者认为和我们操作系 ...
- 寄存器理解 及 X86汇编入门
本文整理自多材料源,感谢原址分享,请查看末尾Url I, 汇编语言分类: 汇编语言和CPU息息相关,但是不能把汇编语言完全等同于CPU的机器指令.不同架构的CPU指令并不相同,如x86,powerpc ...
- WCF 4.0 Issues with IIS 7.0 on x86 and x64 bit Machines(转载)
If you are experienced with WCF, you know that in case of installing IIS after installing .NET frame ...
- 【转载】x86和x64
x86是对基于intel处理器的系统的标准缩写.X与处理器没有任何关系,它是一个对所有*86系统的简单的通配符定义,是一个 intel通用计算机系列的编号,也标识一套 通用的计算机指令集合,由于早期i ...
- linux内核(4.17.10)配置项详解(x86)
64-bit kernel--支持64位 General setup--通用设置 Cross-compiler tool prefix--交叉编译工具前缀 Local version-append t ...
- x86 下制作 ARM Docker 镜像,Docker Hub、Travis 自动构建 qemu-user-static
一般情况下,Docker 的镜像都是在一个已有的镜像内,一步步运行给定的命令,从而生成一个新的镜像.这样的步骤在大多数人使用的 x86 架构计算机上都不是问题,由于架构互相兼容,一台计算机上生成的镜像 ...
最新文章
- windows操作系统的引导过程描述
- 调查问卷_员工满意度调查问卷
- Guava中针对集合的 filter和过滤功能
- 初学__Python——Python代码的组织形式
- 分享10个2012年最新发布的jQuery插件
- 数字类 default 0和 default 0_全方位的数字规划工具Visual Components 4.0 数字化工厂仿真软件...
- 计算机对医学影像学的作用,医学影像技术中数字图像处理的重要性
- arduino接收hmi屏幕_汽车HMI设计中交互设计的发展趋势
- Linux系统(四) echo和重定向、管道的概念和使用
- css判断手机端还是pc端,JavaScript判断设备是手机端还是PC端,并加载不同的css/js文件...
- 辩证统一和有机统一的比较
- Redis面试宝典12道法
- 天气预报接口_JMeter 接口自动化测试篇 26
- .net企业实战视频就业培训
- 滴滴研究院副院长叶杰平 | 大规模稀疏和低秩学习
- 华为云解锁云原生数据库发展新动能
- 由《对应届和即将应届毕业生的忠告》想到的
- bootstrap.yml与application.yml的区别
- 做微商如何快速建立信任?
- 利用OpenCV读取大华网络摄像头