From b9b94713fc64b0b9443c3114c0c79d641db20a67 Mon Sep 17 00:00:00 2001 From: Malfurious Date: Sun, 15 Aug 2021 03:59:50 -0400 Subject: Update documentation on x86 architecture Some new links are added from the latest CTF. Signed-off-by: Malfurious --- docs/re/arch_x86.txt | 107 ++++++++++++++++++++++++++++++++++ docs/re/registers.txt | 18 ------ docs/re/x86_instruction_reference.txt | 1 - 3 files changed, 107 insertions(+), 19 deletions(-) create mode 100644 docs/re/arch_x86.txt delete mode 100644 docs/re/registers.txt delete mode 100644 docs/re/x86_instruction_reference.txt (limited to 'docs/re') diff --git a/docs/re/arch_x86.txt b/docs/re/arch_x86.txt new file mode 100644 index 0000000..dcb7775 --- /dev/null +++ b/docs/re/arch_x86.txt @@ -0,0 +1,107 @@ +Instruction Set References +-------------------------- +https://en.wikipedia.org/wiki/X86_instruction_listings +https://stackoverflow.com/questions/3818856/what-does-the-rep-stos-x86-assembly-instruction-sequence-do +https://stackoverflow.com/questions/6555094/what-does-cltq-do-in-assembly + + +Register Names / Sizes +---------------------- +"Traditional" general-purpose registers: + rax, rbx, rcx, rdx, rsi, rdi, rbp, rsp + + MSB LSB + +--------+--------+--------+--------+--------+--------+--------+--------+ + | rax | + +--------+--------+--------+--------+--------+--------+--------+--------+ + | eax | + +--------+--------+--------+--------+ + | ax | + +--------+--------+ + | ah | al | + +--------+--------+ + +Additional x86_64 general-purpose registers: + r8, r9, r10, r11, r12, r13, r14, r15 + + MSB LSB + +--------+--------+--------+--------+--------+--------+--------+--------+ + | r8 | + +--------+--------+--------+--------+--------+--------+--------+--------+ + | r8d | + +--------+--------+--------+--------+ + | r8w | + +--------+--------+ + * Note: High byte of lower | r8b / | + 16-bit word is inaccessible | r8l | + +--------+ + + +Calling Conventions +------------------- +Passing function arguments is arch-dependent: see below. The caller return +address is pushed after any argument values. + +Often, the called function will use the base pointer register to mark the stack +address at the bottom of the new stack frame and adjust the stack pointer +register to allocate space for the new frame in full. The old bp value is saved +on the stack above the return address. See below for an illustration of the +stack. + +On return, the original base and stack pointer values are restored. Any pushed +argument values remain on the stack and are the responsibility of the caller. +The function return value is stored in the a register. + ++----------------------------+ <- sp (register) top of stack +| | lower addresses +| space for local function | +| storage: variables, arrays | +| | +| | ++============================+ <- bp (register) +| saved base pointer | ++----------------------------+ +| saved instruction pointer | ++============================+ +| function argument ?? | ++----------------------------+ +| function argument ?? | ++----------------------------+ +| ... | ++----------------------------+ +| | +| | +| | +| caller stack frame | +| | +| | +| | ++============================+ <- saved base pointer (on stack) +| caller saved base ptr | +.............................. higher addresses + + + 32-bit (x86) + ------------ + All function arguments are pushed to the stack in reverse order, leaving the + first arguent on the top of the stack. + + Stack pointer register: esp + Base pointer register: ebp + Return value in: eax + + + 64-bit (x86_64) + --------------- + The first six arguments are stored in registers. All remaining arguments + are pushed to the stack in reverse order. + + Argument #1: rdi + Argument #2: rsi + Argument #3: rdx + Argument #4: rcx + Argument #5: r8 + Argument #6: r15 + Stack pointer register: rsp + Base pointer register: rbp + Return value in: rax diff --git a/docs/re/registers.txt b/docs/re/registers.txt deleted file mode 100644 index c0a3fee..0000000 --- a/docs/re/registers.txt +++ /dev/null @@ -1,18 +0,0 @@ -Register sizes / mappings -------------------------- - -The A register is used as an example - - MSB LSB - +--------+--------+--------+--------+--------+--------+--------+--------+ - | RAX | - +--------+--------+--------+--------+--------+--------+--------+--------+ - | EAX | - +--------+--------+--------+--------+ - | AX | - +--------+--------+ - | AH | AL | - +--------+--------+ - - -# TODO - calling conventions diff --git a/docs/re/x86_instruction_reference.txt b/docs/re/x86_instruction_reference.txt deleted file mode 100644 index c90c64e..0000000 --- a/docs/re/x86_instruction_reference.txt +++ /dev/null @@ -1 +0,0 @@ -https://en.wikipedia.org/wiki/X86_instruction_listings -- cgit v1.2.3