h4cker/buffer_overflow_example/registers.md
2018-06-26 21:58:59 -04:00

5 KiB

Good Information about Registers

Additional Notes: The x64 architecture extends x86's 8 general-purpose registers to be 64-bit, and adds 8 new 64-bit registers. The 64-bit registers have names beginning with "r", so for example the 64-bit extension of eax is called rax. The lower 32 bits, 16 bits, and 8 bits of each register are directly addressable in operands. This includes registers, like esi, whose lower 8 bits were not previously addressable. The following table specifies the assembly-language names for the lower portions of 64-bit registers.

64-bit register Lower 32 bits Lower 16 bits Lower 8 bits
**rax** **eax** **ax** **al**
**rbx** **ebx** **bx** **bl**
**rcx** **ecx** **cx** **cl**
**rdx** **edx** **dx** **dl**
**rsi** **esi** **si** **sil**
**rdi** **edi** **di** **dil**
**rbp** **ebp** **bp** **bpl**
**rsp** **esp** **sp** **spl**
**r8** **r8d** **r8w** **r8b**
**r9** **r9d** **r9w** **r9b**
**r10** **r10d** **r10w** **r10b**
**r11** **r11d** **r11w** **r11b**
**r12** **r12d** **r12w** **r12b**
**r13** **r13d** **r13w** **r13b**
**r14** **r14d** **r14w** **r14b**
**r15** **r15d** **r15w** **r15b**
  • Operations that output to a 32-bit subregister are automatically zero-extended to the entire 64-bit register.
  • Operations that output to 8-bit or 16-bit subregisters are not zero-extended (this is compatible x86 behavior).
  • The high 8 bits of ax, bx, cx, and dx are still addressable as ah, bh, ch, dh, but cannot be used with all types of operands.
  • The instruction pointer, eip, and flags register have been extended to 64 bits (rip and rflags, respectively) as well.

The x64 processor also provides several sets of floating-point registers:

  • Eight 80-bit x87 registers.
  • Eight 64-bit MMX registers. (These overlap with the x87 registers.)
  • The original set of eight 128-bit SSE registers is increased to sixteen.

The addressing modes in 64-bit mode are similar to, but not identical to, x86.

  • Instructions that refer to 64-bit registers are automatically performed with 64-bit precision. (For example mov rax, [rbx] moves 8 bytes beginning at rbx into rax.)
  • A special form of the mov instruction has been added for 64-bit immediate constants or constant addresses. For all other instructions, immediate constants or constant addresses are still 32 bits.
  • x64 provides a new rip-relative addressing mode. Instructions that refer to a single constant address are encoded as offsets from rip. For example, the mov rax, [addr] instruction moves 8 bytes beginning at addr + rip to rax.

Note: Instructions, like jmp, call, push, and pop, that implicitly refer to the instruction pointer and the stack pointer treat them as 64 bits registers on x64.