Assembly language learning I (with stack co process, 32-bit registers and related instructions, to be continued 06/29)

• Background examples

 Example of operation ： hold ebx Move to eax in 
 Machine instructions ： from 0 and 1 The sequence of components 
 Assembly instruction ：mov    eax  ,ebx ( register )

One 、 Base number

16 Base number

89D8
1000 1001 1101 1000

Two 、 Register introduction

（1） Data register

• Register introduction
  CPU A component on ,CPU One of the components of , Very fast reading and writing

1） Introduction to data registers

Save operands , Save the data to be transferred (0 and 1), Save the calculation results

2） Data register classification

1）EAX： Accumulation register , Also called an accumulator . give an example 1+1=2, Will be able to 2 Put it in eax Inside
2）EBX： Base address register , A register for storing addresses
3）ECX： Counter register , For example, write a for loop , loop 5 Time ,5 This is in the count register
4）EDX： Data register , Generally put the required data ,for The loop has a value of 5, Generally placed on EDX

EAX,EBX,ECX,EDX by 32 Bit register
AX,BX,CX,DX position 16 Bit register
Lower eight ：al
Top eight digit ：ah

• Use command results to show
  1）mov eax , 0x100
  
  2）mov ax ,0x10 (16 Bit register )
  
  3）mov ah,0x1 （ high 8 position ）
  

（2） Pointer register

1） Pointer register classification

Register of operation stack

ESP： Save the pointer to the top of the stack
EBP： Save the pointer to the bottom of the stack

• Add ： Definition of stack

Save stack parameters and variables

2） Operation pointer register instance

1）push eax front
eax Value ： 0019FFCC
Stack information ：（0019FF70 Deposit is 0019FF80, The address at the bottom of the stack ）

2）push eax after
Changes in stack data ：（ Because it is 32 Bit exe,0019FF70 Stack top offset to stack bottom 4 The length of bytes , Namely 0019FF6C）
0019FF6C Change to top of stack pointer , The data stored in the stack top pointer becomes the original eax Value 0019FFCC

（3） Index register

1） Introduction to index register

Of registers ESI,EDI,SI,DI The register of , It is mainly used to store the offset of the storage unit in the segment

2） Function introduction （ Get to know , No characteristic ）

ESI： A register for storing addresses
EDI： A register for storing addresses

（4） Instruction pointer register

EIP register ： It is indicated by the location of the storage point （ preservation CPU The address of the code to be executed next time ）

When executed 004013A5 68 D41E4000 push TraceMe.004040D0,push The instruction will stack the address of the next code execution , Original stack top pointer 0019FF6C It becomes 0019FF68, And the value becomes 004040D0, This is it. EIP The function of register

（5） Flag register

1） Introduction and function of flag register

EFL Flag register ： Also called flag register , Occupy 16 Bit size

2） Example flag register ：ZF The function of register

( Doing operations will affect ZF position )

3） Take a screenshot to illustrate

EFL：246 Of 16 Base number

1001000110

sub esp,0x58 ( because esp reduce 0x58 Not for 0,ZF The position is 0; When the result is 0,ZF Set as 1)

（6） Segment register

1） The segment register functions

It is set due to the segmented management of memory . The computer needs to segment its memory , Used for different programs

• Screenshot （ The red square part ）
  

2） Segment register classification （ More than 6 individual , It's just OD Shows 6 individual ）

ES:
CS:
SS:
DS:
FS:
GS:

3） Example of segment register use

mov dword ptr ds:[0x405528] , edx 

explain ：
hold edx The value of moves to ds.base+0x405528 In this address

4） Segment register simple split

① The visible part Only shows 16 position , For example, in the figure above 002B Of 2B
② Of an invisible part Base： Where the paragraph begins , For example, the memory used by a program is segmented , from 1 To 10 It's a whole paragraph , image base Namely 1,+0x405528 Namely 10,1 To 10 It's a whole section of a program ; The above example means ：edx The value of is placed in an address
③Limit: For instance from 1 To 10,11 To 20, that 10 Namely limit
④Attribute： attribute , Defines whether the segment is readable, writable, and executable

3、 ... and 、 Instruction Introduction

（1） Data transfer instructions （mov Instructions ）

• Use examples

move ebp,esp // Move the data at the top of the stack to the bottom of the stack

1） Before moving
ESP:0019FF74
EBP:0019FF80

2） After moving

• Be careful ：
  1） Only those with the same number of digits can move each other
  2） You cannot assign an immediate value to a register

mov 123,esp

（2） Addition and subtraction instructions

• Instruction classification
  add: Add
  sub: Subtraction
• Use examples ：

mov eax,0x0
add eax, 0x8 //eax become 0x0000008 了

（3） Logical operations

• Classification of logical operations
  Logic and ：and, A fellow 1 Only then 1
  Logic or ：or, Just one for 1, Namely 1
  Logical XOR ： xor, A fellow 0, Different from 1
  Logic is not ：not,0 become 1,1 become 0
• Use examples

mov eax , 1
and  eax  , 2   // Now? eax Namely 0

（4） Shift instructions

（5）test、cmp Instructions

（6）push、pop Instructions

（7）jmp、nop Instructions

（8）jcc Instructions

（9）call、retn Instructions

Portal