new blog 2.0


[0x04]. Notes on Assembly - The fairytale of an x86 CPU

  • A 32bit x86 has 16 registers, divided in 6 groups respectively:
    • 1 x EFLAGS register
    • 1 x Instruction Pointer
    • 2 x Stack Pointing Registers
    • 6 x Segment Registers
    • 2 x Index Registers
    • 4 x General Purpose Registers
  • The registers are assigned specific roles:
    • EFLAGS register (Extended FLAGS register is a 32bit version of the 16bit FLAGS) contains the state of current processor. Only 18 out of 32 flags have a meaning assigned.
    • EIP - Extended Instruction Pointer points to the next instruction memory address in the Fetch-Execute cycle.
    • ESP - Extended Stack Pointer - points to the top of the stack. You can see how it grows down on an x86 architecture in the following example: stack_pointer.c
    • EBP - Extended Base Pointer - points to the base of the current Stack Frame. If you assemble func.c as follows:
      $ gcc -S func.c -o func.s
      and take a look into func.s file, the f() function will be translated to some thing like that:
      pushl %ebp
      movl %esp, %ebp
      subl $16, %esp
      movl $11, -16(%ebp)
      movl $22, -12(%ebp)
      movl $33, -8(%ebp)
      movl $44, -4(%ebp)
      1. Line one saves the old EBP
      2. Old ESP becomes new EBP
      3. Increasing the stack by the size of 1 paragraph
      4-7. Saving local variables in the stack frame locations relative to EBP

    • ?S - Segment Registers
      • CS, Code Segment
      • DS, Data Segment
      • SS, Stack Segment
      • ES, Extra Segment
      • FS, another Extra Segment
      • GS, another Extra Segment
    • Extended Index Registers, used for array operations (e.g. strings, which are arrays of bytes)
      • Source Index
      • Destination Index

    • Extended General Purpose Registers
      • EAX - accumulator, used for storing intermediate results of I/O access, interrupts or arithmetics.
      • EBX - base register, used for addressing
      • ECX - counter, used in loops and countdowns.
      • EDX - data register


Gurmeet Singh said...


Nice article!
Could you help me know a way in which I can find out *Sizes* of (code and data) segments of a process (in Ubuntu)? I really needed to know that asap, and would be really helpful to you for any hint!

Thanks and Regards,

Gurmeet Singh said...

oops.. i mean i would be really thankful* to you!!