Compilation learning

1, Basic knowledge

AH&AL＝AX(accumulator)： Accumulation register
BH&BL＝BX(base)： Base register
CH&CL＝CX(count)： Count register
DH&DL＝DX(data)： Data register
SP（Stack Pointer）： Stack pointer register
BP（Base Pointer）： Base pointer register
SI（Source Index）： Source index register
DI（Destination Index）： Destination address register
IP（Instruction Pointer）： Instruction pointer register
CS（Code Segment） Code segment register
DS（Data Segment）： Segment register
SS（Stack Segment）： Stack segment register
ES（Extra Segment）： Additional segment register
OF overflow flag Overflow sign The operand exceeds the range that the machine can represent, indicating overflow , Overflow is 1.
SF sign Flag sign indicator A symbol that records the result of an operation , When the result is negative, it is 1.
ZF zero flag Zero mark The result is equal to 0 When is 1, Otherwise 0.
CF carry flag Carry mark When the most significant bit generates a carry, it is 1, Otherwise 0.
AF auxiliary carry flag Auxiliary carry flag Operation time , The first 3 In the first place 4 When bit generates carry, it is 1, Otherwise 0.
PF parity flag Parity mark The operands of the operation result are 1 When the number of is even, it is 1, Otherwise 0.
DF direcion flag Direction signs For string processing .DF=1 when , Make... After each operation SI and DI Reduce .DF=0 When it increases .
IF interrupt flag Interrupt flag IF=1 when , allow CPU Response maskable interrupt , Otherwise close the interrupt .
TF trap flag Trap sign For debugging single step operation .

Common registers

eax： It is usually used as the return value of a function
ecx
edx
ebx
esp： The address at the top of the stack
ebp
esi、edi： Used when memory data is moved
eip： The address where the next command will be executed

Stack balance

1, If you want to return to the parent program , In stack operations , Make sure you are ret Before this order ,esp It points to the address we pushed into the stack .
Like the image below , Originally call The instruction is pressed into the next address of the instruction （00a01353）
2, If you pass parameters through the stack , After the function is executed , Balance the stack changes caused by parameters .
Similar to the following picture ,1,2 Is the parameter of the function , After the function is executed ,1,2 The address of is still on the stack , As a result, useless addresses are still in use , In short, memory leakage .
Outer flat stack ： stay call Command below , to esp assignment , Make him point to the original address , This example can be used add esp,8
Inner flat stack ： Use ret 8, Similar to waiping stack , It's just inside the function .

2, Common commands

1,mov command （ mobile data ）
Register to register , Register to memory , Memory to register
2,movs
Memory to memory , If df by 0（efl The first 10 position ）, The address is automatically increased according to the width , If 1, Is decreasing
for example ：movs byte ptr es:[edi],byte ptr es:[esi] after edi And esi change
movsb , movsw ,movsd
3,stos
take al/ax/aex The value of moves to edi In the specified memory unit （edi The specified address will also change ）
for example ：stos byte ptr es:[edi]
4,rep
Press count register （ecx） Repeat the string instruction a specified number of times
5,push
Push data into the stack , Modify the top of stack pointer esp register （ Stack address from large to small , therefore esp Register reduction ）
6,pop
And push contrary
7,jmp
eip The register stores the address of the next command to be executed ,jmp The command is to modify eip The contents of the register
8,call（f7 debugging ）
jmp+ Store the address of the next instruction of the current instruction on the stack , Generally used in function calls
9,ret（ Generally speaking, it is related to call Matching ）
Assign the value of the stack top pointer to eip, And add the pointer at the top of the stack 4（esp Add 4）