From 125195294f834b276fbfefaf4e048d2b584dd758 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 22 May 2018 18:33:15 -0400 Subject: [PATCH] Create registers.md Adding information about differences between 32bit and 64 bit registers and architecture. This is relevant to buffer overflow examples. --- buffer_overflow_example/registers.md | 249 +++++++++++++++++++++++++++ 1 file changed, 249 insertions(+) create mode 100644 buffer_overflow_example/registers.md diff --git a/buffer_overflow_example/registers.md b/buffer_overflow_example/registers.md new file mode 100644 index 0000000..89e4bcd --- /dev/null +++ b/buffer_overflow_example/registers.md @@ -0,0 +1,249 @@ +# Good Information about Registers + +x64 extends x86's 8 general-purpose registers to be 64-bit, and adds 8 new 64-bit registers. + +The 64-bit registers have names beginning with "r", so for example the 64-bit extension of **eax** is called **rax**. + +The lower 32 bits, 16 bits, and 8 bits of each register are directly addressable in operands. + +This includes registers, like **esi**, whose lower 8 bits were not previously addressable. + +The following table specifies the assembly-language names for the lower portions of 64-bit registers. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
64-bit registerLower 32 bitsLower 16 bitsLower 8 bits
**rax****eax****ax****al**
**rbx****ebx****bx****bl**
**rcx****ecx****cx****cl**
**rdx****edx****dx****dl**
**rsi****esi****si****sil**
**rdi****edi****di****dil**
**rbp****ebp****bp****bpl**
**rsp****esp****sp****spl**
**r8****r8d****r8w****r8b**
**r9****r9d****r9w****r9b**
**r10****r10d****r10w****r10b**
**r11****r11d****r11w****r11b**
**r12****r12d****r12w****r12b**
**r13****r13d****r13w****r13b**
**r14****r14d****r14w****r14b**
**r15****r15d****r15w****r15b**
+ + + +* Operations that output to a 32-bit subregister are automatically zero-extended to the entire 64-bit register. +* Operations that output to 8-bit or 16-bit subregisters are *not* zero-extended (this is compatible x86 behavior). +* The high 8 bits of **ax**, **bx**, **cx**, and **dx** are still addressable as **ah**, **bh**, **ch**, **dh**, but cannot be used with all types of operands. +* The instruction pointer, **eip**, and **flags** register have been extended to 64 bits (**rip** and **rflags**, respectively) as well. + +The x64 processor also provides several sets of floating-point registers: + +* Eight 80-bit x87 registers. +* Eight 64-bit MMX registers. (These overlap with the x87 registers.) +* The original set of eight 128-bit SSE registers is increased to sixteen. + +The addressing modes in 64-bit mode are similar to, but not identical to, x86. + +* Instructions that refer to 64-bit registers are automatically performed with 64-bit precision. (For example **mov rax, \[rbx\]** moves 8 bytes beginning at **rbx** into **rax**.) +* A special form of the **mov** instruction has been added for 64-bit immediate constants or constant addresses. For all other instructions, immediate constants or constant addresses are still 32 bits. +* x64 provides a new **rip**-relative addressing mode. Instructions that refer to a single constant address are encoded as offsets from **rip**. For example, the **mov rax, \[***addr***\]** instruction moves 8 bytes beginning at *addr* + **rip** to **rax**. + +Note: Instructions, like **jmp**, **call**, **push**, and **pop**, that implicitly refer to the instruction pointer and the stack pointer treat them as 64 bits registers on x64. +