The Reversers.org Vault: Definition of registers

Most recent edit on 2005-07-18 11:23:15 by AdminStew [bmp -> PNG]

Additions:
Registers diagram.

Deletions:

Warning: getimagesize(uploads/RegistersDef/Registers.bmp) [function.getimagesize]: failed to open stream: No such file or directory in /home/.sajak/fractalnet/vault.reversers.org/actions/image.php on line 76
The image could not be found or it was no image. Please check the url

Edited on 2005-07-17 09:31:37 by AdminStew [Minor edits.]

Additions:
Thus, the registers ESI, EDI, EBP and ESP can simply be addressed as SI/DI/BP and SP, when 16-bit operations are required. EIP can be considered for all purposes as a pure 32-bit register, but you can't really move anything out or in to it, so can be ignored.
The following are the basic x86 CPU registers (General purpose registers):

EIP, the Instruction Pointer register. This is a register which points to the next instruction to be read by the CPU and should/can not be altered directly, in the sense that only specific opcodes can change it (ie. you cannot use the instruction 'mov EIP, 004010C4' however you can use 'jmp 004010C4').

Deletions:
Thus, the registers ESI, EDI, EBP and ESP can simply be addressed as SI/DI/BP and SP. EIP can be considered for all purposes as a pure 32-bit register, but you can't really move anything out or in to it, so can be ignored really.

The following are the available registers for use (General purpose registers):

EIP, the Index Pointer register. This is a register which points to the next instruction to be read by the CPU and should/can not be altered directly, in the sense that only specific opcodes can change it (ie. you cannot use the instruction 'mov EIP, 004010C4' however you can use 'jmp 004010C4').

Edited on 2005-07-17 08:58:51 by AdminDaxxar [Two ending parantheses were missing.]

Additions:
- EBP, the 'base pointer' (For more information on this register see the stack.)
ESP, the 'stack pointer' (For more information on this register see the stack.)

Deletions:
- EBP, the 'base pointer' (For more information on this register see the stack.
ESP, the 'stack pointer' (For more information on this register see the stack.

Edited on 2005-07-17 04:54:08 by AdminStew [Minor edit.]

Additions:
As well as these general purpose registers there many other registers available to the assembly programmer / reverser. These registers are more specific in their purpose. For instance the FPU registers are used in floating point operations and are optimized for this function.

Deletions:
As well as these general purpose registers there many other registers available to the assembly programmer / cracker. These registers are more specific in their purpose. For instance the FPU registers are used in floating point operations and are optimized for this function.

Edited on 2005-07-17 04:52:16 by AdminStew [Nearly finished.]

Additions:
Taking EAX as an example, EAX represents the entire scope of the register, the full DWORD value. However, the 'first' (least significant) WORD value can be accessed by using the operand AX. Similarly, the first and second BYTES can be accessed using AL and AH respectively. The above diagram explains the 'structure' of the four ABCD registers (EAX, EBX, ECX and EDX). They have 32/16 and 8-bit addressing modes (EAX/AX and AH/AL, etc.) however the other registers do not have any way of being addressed as 8-bit registers, ie. they have only 32 and 16-bit components.

Thus, the registers ESI, EDI, EBP and ESP can simply be addressed as SI/DI/BP and SP. EIP can be considered for all purposes as a pure 32-bit register, but you can't really move anything out or in to it, so can be ignored really.
As well as these general purpose registers there many other registers available to the assembly programmer / cracker. These registers are more specific in their purpose. For instance the FPU registers are used in floating point operations and are optimized for this function.
Links to other register sets can be followed in the "Related links" section below.
Todo: Put links to other register sets here.

Deletions:
Taking EAX as an example, EAX represents the entire scope of the register, the full DWORD value. However, the 'first' (least significant) WORD value can be accessed by using the operand AX. Similarly, the first and second BYTES can be accessed using AL and AH respectively.
Stub BLAHBLAH.
Any related links go here, possibly with brief descriptions.

Edited on 2005-07-16 09:04:07 by AdminStew [Info on ESI/EDI.]

Additions:
- EBX, the base register. This register was very useful in 16-bit mode, however it can be seen as a true general purpose register in 32-bit mode and thus used for whatever the Hell you want. :o

EDX, the data register. The data register does not have a predefined purpose in many cases, however it is sometimes used to store data pertinent to the contents of the accumulator register (EAX).
ESI, the Source Index register. The source index is used in many of the string opcodes which iterate over a certain area of memory. The source memory location is usually stored in this register.
EDI, the Destination Index register. Similar to ESI but holds the address of the destination memory of the function.

Stub BLAHBLAH.

Deletions:
- EBX, the base register.

EDX, the data register. This is a 'true' general purpose register, in that it does not have a predefined purpose in most situations.
ESI, the Source Index register.
EDI, the Destination Index register.

Edited on 2005-07-16 06:19:34 by AdminStew [Explanation of image.]

Additions:
In the above diagram we can see that a register is 32 bits and is split up in to 4 overlapping areas.

Each ? can be replaced with A/B/C or D to represent the various basic registers.
Taking EAX as an example, EAX represents the entire scope of the register, the full DWORD value. However, the 'first' (least significant) WORD value can be accessed by using the operand AX. Similarly, the first and second BYTES can be accessed using AL and AH respectively.

Edited on 2005-07-16 06:16:28 by AdminStew [Added image.]

Additions:

Warning: getimagesize(uploads/RegistersDef/Registers.bmp) [function.getimagesize]: failed to open stream: No such file or directory in /home/.sajak/fractalnet/vault.reversers.org/actions/image.php on line 76
The image could not be found or it was no image. Please check the url

Deletions:
<Pic>

Edited on 2005-07-16 06:14:52 by AdminStew

Additions:

Attachment	Size	Date Added
Registers.PNG	1.57 KB	7/18/2005 11:22 am

Deletions:
{{files}} for attachments, if necessary (reference uploads at /pagename/filename).

Edited on 2005-07-16 05:39:29 by AdminStew [Minor edit.]

Additions:
- EBP, the 'base pointer' (For more information on this register see the stack.

ESP, the 'stack pointer' (For more information on this register see the stack.

Deletions:
- EBP, the 'base pointer' (For more information on this register see the stack.
ESP, the 'stack pointer' (For more information on this register see the stack.

Edited on 2005-07-16 05:38:47 by AdminStew [Added register definitions, need more.]

Additions:
The following are the available registers for use (General purpose registers):
EAX, the accumulator register. It is here which the results of various opcodes return their values and it is this register in which most functions should place their 'return value'.
EBX, the base register.
ECX, the count register. This register is used in many loop sequences to store the current loop or the number of remaining loops etc. The loop/repeat related opcodes also use this register to define how many loops must be completed.
EDX, the data register. This is a 'true' general purpose register, in that it does not have a predefined purpose in most situations.
ESI, the Source Index register.
EDI, the Destination Index register.
EBP, the 'base pointer' (For more information on this register see the stack.
ESP, the 'stack pointer' (For more information on this register see the stack.
EIP, the Index Pointer register. This is a register which points to the next instruction to be read by the CPU and should/can not be altered directly, in the sense that only specific opcodes can change it (ie. you cannot use the instruction 'mov EIP, 004010C4' however you can use 'jmp 004010C4').

Deletions:
The following are the available registers for use:

List of registers and general uses goes here.

Edited on 2005-07-16 05:15:16 by AdminStew [Minor edit.]

Additions:

Registers

Deletions:

Page heading (again)

Edited on 2005-07-16 05:14:59 by AdminStew [Stub.]

Additions:

Definition of registers

None.
Registers, from an engineer's point of view, are small pieces of memory (hence the name 'register memory') which are much faster, in terms of access time, than the bulk of memory on your mainboard. The register memory is located on the CPU. The size and amount of these pieces of register memory is dependant on the architecture of the processor. Taking the x86 architecture as an example, each piece of register memory is 32 bits (4 bytes) wide and is aranged as shown below.
<Pic>
Access of the individual registers is restricted to assembly level programming (at least in all the programming languages I've seen) and the above sections of each register can be accessed individually through various opcodes.
The following are the available registers for use:
List of registers and general uses goes here.

Stew (AdminStew).

Deletions:

Definition of Page Heading

Brief overview of what you need to know here. Links to WikiPages of required knowledge here.
Definition goes here.

YourAlias/Name (your WikiName).

Any others.

Oldest known version of this page was edited on 2005-07-16 04:49:52 by AdminStew [Initial revision.]

Page view:

Definition of Page Heading

Required Knowledge

Brief overview of what you need to know here. Links to WikiPages of required knowledge here.

Page heading (again)

Definition goes here.

YourAlias/Name (your WikiName).

The Reversers.org Vault : RegistersDef

Registers

Page heading (again)

Definition of registers

Definition of Page Heading

Definition of Page Heading

Required Knowledge

Page heading (again)

Related links

Categories