Saturday, July 10, 2010

eip in 32-bit mode,, and rip in 64-bit mode

software | Windows |






The instruction pointer is called ip in 16-bit mode, eip in 32-bit mode,,
 and rip in 64-bit mode. The instruction pointer register points to the
 memory address which the processor will next attempt to execute; it
 cannot be directly accessed in 16-bit or 32-bit mode, but a sequence
 like the following can be written to put the address of next_line into
 eax:
    call next_line
next_line:
    pop eax

source :
http://en.wikipedia.org/wiki/X86_assembly_language

software | GNU/Linux | 



(gdb) info registers 
rax            0xfffffffffffffdfc	-516
rbx            0x5dc	1500
rcx            0xffffffffffffffff	-1
rdx            0x5dc	1500
rsi            0x1	1
rdi            0x7fff09cf5780	140733357971328
rbp            0x2051160	0x2051160
rsp            0x7fff09cf5730	0x7fff09cf5730
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x8	8
r11            0x246	582
r12            0x7fff09cf5780	140733357971328
r13            0x7fff09cf5790	140733357971344
r14            0x0	0
r15            0x1	1
rip            0x7f2e947000c8	0x7f2e947000c8 <*__GI___poll+24>
eflags         0x246	[ PF ZF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb) 


 rip            0x7f2e947000c8	0x7f2e947000c8 <*__GI___poll+24>



The RIP register is the instruction pointer register. In 64-bit mode, the
 RIP register is extended to 64 bits to support 64-bit offsets. In 32-bit
 x86 architecture, the instruction pointer register is the EIP register.

source:
http://developers.sun.com/solaris/articles/x64_dbx.html

| Related Discussion | 



Hi...I'm teaching myself some AMD 64 bit assembler programing and I'm 
curious about RIP relative addressing. The docs that I've read state
 "You are recommended to use RIP relative addressing whenever possible
 to reduce code size" now my question is, is this the code size reduction
 they are talking about


Code:
example code 1 RIP-relative addressing

.section .data
	mydata: .long 0

.section .bss

.section .text
	.global _start
_start:
			movq	$64, mydata(%rdi)
Code:
example code 2
.section .data
	mydata: .long 0

.section .bss

.section .text
	.global _start
_start:
			movq	$64, mydata
and the results

Code:
example 1 RIP-relative addressing
code1:     file format elf64-x86-64


Disassembly of section .text:

00000000004000b0 <_start>:
  4000b0:	48 c7 87 bc 00 60 00 	movq   $0x40,0x6000bc(%rdi)
  4000b7:	40 00 00 00
Code:
example 2
code2:     file format elf64-x86-64


Disassembly of section .text:

00000000004000b0 <_start>:
  4000b0:	48 c7 04 25 bc 00 60 	movq   $0x40,0x6000bc
  4000b7:	00 40 00 00 00
are we talking about a one byte reduction in code size every time I use RIP relative addressing?

source :
http://www.linuxforums.org/forum/linux-programming-scripting/131795-amd-64-bit-rip-relative-addressing.html

| Variation | 



How RIP/EIP relative addressing works in 32-bit mode

In 32-bit programs you can't do this :

mov al, [eip]

But you will have to do something like this instead :
call $ + 5
pop ebx
add ebx, 1 + 1 + 1 + 1 ; POP + ADD + ModRM + imm8
mov al, [ebx] ; EBX is now pointing to this instruction!



How RIP/EIP relative addressing works in 64-bit mode

In 64-bit programs you are allowed to write this :
mov al, [rip]

source :
http://www.codegurus.be/codegurus/Programming/riprelativeaddressing_en.htm


Posted by at

Auto Draft

Posted by at

Friday, July 9, 2010

The Intel IA32 processors have a base pointer.. 


 software | Windows | 






The Intel IA32 processors have a base pointer register called EBP . The 
EBP register is typically set to the value of the ESP register at the
 beginning of a procedure, and used to address the procedure arguments
 and locally allocated variables throughout the procedure. Thus, the
 arguments are located at positive offsets from the EBP register, while the
 variables are located at negative offsets from the EBP register.

source :
http://d3s.mff.cuni.cz/~ceres/sch/osy/text/ch03s02s02.php


 software | GNU/Linux | 



(gdb) info registers 
rax            0xfffffffffffffdfc	-516
rbx            0x5dc	1500
rcx            0xffffffffffffffff	-1
rdx            0x5dc	1500
rsi            0x1	1
rdi            0x7ffffb2814d0	140737407096016
rbp            0x1f70160	0x1f70160
rsp            0x7ffffb281480	0x7ffffb281480
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x8	8
r11            0x246	582
r12            0x7ffffb2814d0	140737407096016
r13            0x7ffffb2814e0	140737407096032
r14            0x0	0
r15            0x1	1
rip            0x7f668b3710c8	0x7f668b3710c8 <*__GI___poll+24>
eflags         0x246	[ PF ZF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb)

  rbp            0x1f70160	0x1f70160 



In computer architecture, a processor register (or general purpose
 register) is a small amount of storage available on the CPU whose
 contents can be accessed more quickly than storage available
 elsewhere.
source :
http://en.wikipedia.org/wiki/Processor_register

The AMD64 architecture has sixteen 64-bit general purpose registers
 (GPRs): RAX, RBX, RCX, RDX, RBP, RSI, RDI, RSP, R8, R9, R10, R11, R12,
 R13, R14, and R15. Compared to the x86 architecture, the AMD64
 architecture has eight new GPRs.

source :
http://developers.sun.com/solaris/articles/x64_dbx.html


 | Related Discussion | 



 Hi, Could somebody please explain what GCC is doing for this piece of code? What is it initializing? The original code is:

#include 
int main()
{

}
And it was translated to:

    .file       "test1.c"
    .def        ___main;        .scl    2;      .type   32;     .endef
    .text
.globl _main
    .def        _main;  .scl    2;      .type   32;     .endef
_main:
    pushl       %ebp
    movl        %esp, %ebp
    subl        $8, %esp
    andl        $-16, %esp
    movl        $0, %eax
    addl        $15, %eax
    addl        $15, %eax
    shrl        $4, %eax
    sall        $4, %eax
    movl        %eax, -4(%ebp)
    movl        -4(%ebp), %eax
    call        __alloca
    call        ___main
    leave
    ret


 | Variation | 



Registers E(SP), E(IP) and E(BP) are promoted to 64-bits and are re-named RSP, RIP, and RBP respectively.

source and link(s) :
http://x86asm.net/articles/x86-64-tour-of-intel-manuals/
Posted by at

Thursday, July 8, 2010

Register EDI holds the bit offset ... 


 software | Windows |







EDI: The Destination Index

Every loop that generates data must store the result in memory, and 
doing so requires a moving pointer. The destination index, EDI, is that
 pointer. The destination index holds the implied write address of all
 string operations. The most useful string instruction, remarkably
 enough, is the seldom-used STOS. STOS copies data from the
 accumulator into memory and increments the destination index. This
 one-byte instruction is perfect, since the final result of any calculation
 should be in the accumulator anyhow, and storing results in a moving
 memory address is a common task.

source :
http://www.swansontec.com/sregisters.html


 software | GNU/Linux | 



(gdb) info registers
rax            0xfffffffffffffdfc	-516
rbx            0x5dc	1500
rcx            0xffffffffffffffff	-1
rdx            0x5dc	1500
rsi            0x1	1
rdi            0x7fffedb60c40	140737181518912
rbp            0x23c7160	0x23c7160
rsp            0x7fffedb60bf0	0x7fffedb60bf0
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x8	8
r11            0x246	582
r12            0x7fffedb60c40	140737181518912
r13            0x7fffedb60c50	140737181518928
r14            0x0	0
r15            0x1	1
rip            0x7fc4a09070c8	0x7fc4a09070c8 <*__GI___poll+24>
eflags         0x246	[ PF ZF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb) 

 rdi            0x7fffedb60c40	140737181518912 


The RAX, RBX, RCX, RDX, RBP, RSI, RDI, and RSP registers are used by
 both 32-bit and 64-bit binaries. However, in 32-bit mode, only the low
 32 bits of these registers are accessible by 32-bit binaries. In the x86
 architecture, these registers are EAX, EBX, ECX, EDX, EBP, ESI, EDI,
 and ESP.

source :
http://developers.sun.com/solaris/articles/x64_dbx.html



 | Related Discussion | 


knut st. osmundsen 2007-02-09 18:29:55 EST
Description of problem:

Crashing at __lll_mutex_timedlock_wait+148 (/lib64/tls/libpthread.so.0):
lock cmpxchg %edx,(%rdi)
Because the syscall wasn't made and %rdi hasn't been loaded with %r12
 yet.
Version-Release number of selected component (if applicable):
glibc-3.4.0
How to fix:
Move the mov %r12,%rdi instruction up somewhere before the je 8f.

How to reproduce:

This isn't easy to reproduce and I'm not going to write a testcase for it
since it's a very obvious bug in the code. But, my from the situation I 
get it in is that it requires a 2nd thread to signal the condition variable 
/mutex (I'm not quite sure which it is) while the crashing thread is
engaging a sleep.


source :
https://bugzilla.redhat.com/show_bug.cgi?id=228103



 | Variation | 


Hardware 64 bit.
Windows OS 32 bit so uses EDI.
GNU/Linux 64 bit version so used RDI.

Links(s).
http://archive.midrange.com/wdsci-l/200903/msg00083.html

Posted by at

Auto Draft

Posted by at
Subscribe to: Posts (Atom)