Secure coding

Registers in x86 assembly

Richard Azu
September 19, 2019 by
Richard Azu

Introduction

This article will define three key types of registers in the x86 architecture and then go on to show simulations of registers’ contents after specific instructions have been run.

This article is designed for self-starters, students and professionals who want to gain a detailed understanding of the x86 hardware architecture, including its internal architecture with emphasis on registers. This article will help to give you the fine details and better understanding of architecture issues, particularly in processor registers.

Intro to x86 Disassembly

Intro to x86 Disassembly

Build your x86 assembly skills with six courses covering the basics of computer architecture, how to build and debug x86, x86 assembly instructions and more.

Figure 1: Internal architecture of a computer using x86 hardware

 

Fundamental components of a computer system

The fundamental components of a computer system are:

  1. The Central Processing Unit (CPU), which includes the control unit, arithmetic logic unit (ALU) and registers
  2. Random Access Memory (RAM)
  3. Input and output peripherals, which include mouse, keyboard and disk drive
  4. The system bus, which consists of the data bus, control bus and address bus

The Central Processing Unit (CPU)

Writing at Digital Trends, Jon Martindale defined a CPU as follows: “A central processor, or CPU, is arguably the most important component of any computing device. It handles basic instructions and allocates the more complicated tasks to other specific chips to get them to do what they do best.”

CPU Registers

TechDifferences defined registers as follows: “Registers are the smallest data holding elements that are built into the processor’s hardware itself. Registers are the temporary storage locations that are directly accessible by the processor. The registers hold the instruction or operands that is currently being accessed by the CPU.”

General Purpose Registers (GPRs)

The x86 architecture contains eight 32-bit General Purpose Registers (GPRs). These registers are mainly used to perform address calculations, arithmetic and logical calculations. Four of the GPRs can be treated as a 32-bit quantity, a 16-bit quantity or as two 8-bit quantities. They are the EAX, EBX, ECX and EDX as shown in Figure 2.

Table 1: Conventional use of general purpose registers

 

Figure 2: General purpose registers

 

Below is a list of instructions that describe how the GPRs can be used:

  • 1. MOV EBX, 0xf7
  • 2. MOV ebx, 0xf7

When working with registers in x86, their names are not case-sensitive. For example, the names EBX and ebx refer to the same register. Instructions 1 and 2 will copy the hexadecimal value f7 into the register EBX, which is the same as ebx. The leading 0x indicates that what follows is a hexadecimal value.

  • 3. MOV EBX , 0x0000
  • 4. MOV ebx , 0x7fff ffff

Instruction 3 copies the hexadecimal value of 0 into the register EBX and instruction 4 copies the hexadecimal value 7fff ffff into the same register.

As illustrated in Figure 2. the GPRs EAX, EBX, ECX, EDX, ESI, EDI, ESP and EBP are all 32 bits. This means they can hold binary values from 00000000 00000000 00000000 00000000 to 01111111 11111111 11111111 11111111, decimal values from 0 to 2147483647 and hexadecimal values from 0 to 7fff ffff.

Let’s assume a function is required to perform an instruction by copying the binary value 00000000 00000000 00000000 00000111b into a General Purpose Register.

Instead of using, for instance, the ECX register or any of the 32-bit GPRs, it is best to use the low-order 8-bit of the GPRs. The least significant two bytes of register ECX can be treated as a 16-bit register called CX.

The least significant byte of register CX can also be used as a single 8-bit register called CL, while the most significant byte of register CX can be used as a single 8-bit register called CH. It is important to note that these names refer to the same physical register ECX.

  • 5. MOV CL , 111
  • 6. MOV CH , 1000 0111

Figure 3: x86 emulator showing contents of the 16-bit register CX after executing Instructions 5 and 6

 

Instruction 5 copies the binary value 111b into CL , the low-order 8-bit register of ECX.

Instruction 6 copies the binary value 1000 0111b into CH, the high-order 8-bit register of ECX.

Similarly, the registers DX, CX, BX and AX can be used to carry out 16-bit calculations. It is important to note that only the GPRs EAX, EBX, ECX and EDX can be used in this way.

  • 7. MOV BX , 0xff00
  • 8. MOV BH , 0xff
  • 9. MOV BL , 0x00

Figure 4: Result of copying the hexadecimal value ff00 into register BX — Instruction 7

 

Figure 5: Result of copying the hexadecimal value ff into register BH — Instruction 8

 

Figure 6: Result of copying the hexadecimal value 00 into register BL — Instruction 9

 

From instructions 7, 8 and 9 as well as Figures 4, 5 and 6, it can be concluded that putting 0xff00 into BX is the same as putting 0xff into BH and putting 0x00 into BL. This confirms that we can reference:

  • BX in terms of BH, BL
  • AX in terms of AH, AL
  • CX in terms of CH, CL
  • DX in terms of DH, DL

Figure 7: A debugger showing General Purpose Registers with values

 

EFLAGS or control registers

Figure 8: EFLAGS

 

EFLAGS are status registers which monitor the results produced from the execution of arithmetic instructions and then perform specific tasks based on the status report. Figure 8 above shows a summary of the functions for each of these registers.

Segment Registers

Figure 9: Segment registers

 

As shown in Figure 9, segment registers are 16-bit memory pointers located inside the x86 architecture which point to a place in memory where one of the following actions begin:

  1. Data storage
  2. Code execution

Conclusion

This article has briefly explained the internal architecture of an x86 hardware system. It has introduced three key types of registers, particularly General Processor Registers (GPRs) in a unique way by showing simulations of register contents after specific instructions have been executed. These simulations clarify when to use the16-bit and 8-bit subsections of the 32-bit processor registers.

Intro to x86 Disassembly

Intro to x86 Disassembly

Build your x86 assembly skills with six courses covering the basics of computer architecture, how to build and debug x86, x86 assembly instructions and more.

 

Sources

  1. What is a CPU?, Digital Trends
  2. Difference Between Register and Memory, TechDifferences
Richard Azu
Richard Azu

Experienced in the deployment of voice and data over the 3 media; radio, copper and fibre, Richard – a system support technician with First National Bank Ghana Limited is still looking for ways to derive benefit from the WDM technology in Optics. Using Kali as a springboard, he has developed an interest in digital forensics and penetration testing.