Assembly Language For Beginners 2 (Tutorial Series: 2)
Following the previous article of this series, today in assembly language for beginners 2 series we are going to continue with learning about Registers and CPU and also about Memory. Let’s start with CPU first.
Basically, it consists of four parts to execute the process in a computer system. Following diagram can be inferred to better picture the scenario of CPU (Central Processing Unit).
Control Unit actually interacts with both Arithmetic Logical Unit (ALU) and Memory. As the name implies it manages all the units present in a computer, as well as the coordinates. It takes the instructions from the memory, interprets them and transfers or directs the operation to the computer. It’s also used for storing and retrieving data from memory while CPU is executing instructions.
A basic overview of registers is that they are used to store memory address and assign address to the running processes. Some instructions specify registers as part of the instruction. For example, an instruction may specify that the contents of two defined registers be added together and then placed in a specified register. A register must be large enough to hold an instruction – for example, in a 32-bit instruction computer, a register must be 32 bits in length. In some computer designs, there are smaller registers – for example, half-registers – for shorter instructions.
The FLAGS register is the status register in Intel x86 microprocessors that contains the current state of the processor. This register is 16 bits wide. Its successors, the EFLAGS and RFLAGS registers, are 32 bits and 64 bits wide, respectively. It’s basically used to indicate various events when execution is happening.
Now let’s talk about CPU Registers in detail. Well, the CPU register consists of basically four registers:
- General Purpose Registers
- Segment Registers
- Instruction Pointer Registers
- Control Registers
General Purpose Registers
There are generally eight general purpose registers:
EAX: Accumulator Register basically used to store operands and results data
EBX: Base Register used for storing Pointers to Data
ECX: Counter Register used in Loop operations and string operation
EDX: Data Register used as an I/O Pointer
ESI: Source Index, Data Pointer Register used for various memory operations
EDI: Destination Index, Data Pointer Register used for various memory operations
ESP: Stack Pointer Register points to the top of the stack
EBP: Stack Data Pointer Register
The segment registers are:
CS: Code Segment
DS: Data Segment
SS: Stack Segment
FS:— Pointers used for other segments
Instruction Pointer Register
This register is generally one of the most important registers for those who are trying for reverse engineering and exploitation. Generally, because this register points to the instruction which the CPU is executing.
EIP: Extended Instruction Pointer
These registers are internal to CPU for many different operations.
Talking about Memory, let’s talk about virtual memory model.
Virtual Memory Model
Every memory in a system is laid out in the same virtual memory space despite the actual physical memory space of that specific process. Normally the processor and Operating System will abstract out all the complex memory layouts from the process itself and the process thinks that the entire system is for itself and it’s the only process that exists in the system. We just need to understand that every process is laid out in the same virtual memory space.
Generally, a process is laid out in above give layout order. Let’s just talk a little about what actually they are and discuss in detail in future articles.
The first segment that is laid out is the .text which is the program code and is placed in the lowest memory value possible that is 0x8048000. The diagram is laid out from lowest memory to the highest memory. The next segment is the .data segment where any value that is being initialized is stored and then .bss segment is where all uninitialized segment data is stored. And the Heap, which is the dynamic memory and as we know malloc() in C which is used to generate the dynamic memory. And then we have some unused memory and lastly the stack, used for storing arguments and local variables and is at the highest memory location.
The stack is an LIFO which means Last In First Out and it gets laid out from highest memory to lowest memory. A stack supports only two operations i.e.
When PUSH operation gets initiated, a value is pushed onto the stack memory.
When POP operation gets initiated, a value gets POPed out of the stack memory.
In the process of push and pop, we need to update the ESP register which actually points to the top of the stack.
This much should be enough to get you engaged and start learning all these slowly. In the next article, we will see a simple example to illustrate everything that we have learned in this article.
Stay tuned for next article and don’t forget to check out other cool stuffs in lincoder. Have a nice day 🙂 !