I'm reading "Hacking: The Art of Exploitation".
In the book the registers are different from the registers that I can see on my pc. These are my cpu registers:
rax,
rbx,
rcx,
rdx,
rsi,
rdi,
rbp,
rsp,
r8,
r9,
r10,
r11,
r12,
r13,
r14,
r15,
rip,
eflags,
cs,
ss,
ds,
es,
fs,
gs
while in the book the registers are:
eax,
ecx,
edx,
ebx,
esp,
ebp,
esi,
edi,
eip,
eflags,
cs,
ss,
ds,
es,
fs,
gs
Can someone explain why they are different? It's possible because I'm running on a amd cpu?
In this case can someone explain me the correspondence between the registers of the two architecture?
Answer
The registers starting with r as in rax, rbx, etc, are the 64-bit registers introduced with the AMD64 extension to the existing 32-bit x86 ISA. That ISA extension was subsequently adopted by Intel and is often known by the more neutral name x86-64. Essentially all x86 chips released in the last decade from AMD and Intel support this ISA.
Registers like eax, ebx, etc are the 32-bit registers which exist both in the original 32-bit x86 ISA, as well as the 64-bit x86-64. If your book refers only to those registers, it is likely that it doesn't cover the 64-bit extension (perhaps it was written before it).
Note that the 32-bit and the 64-bit registers are not separate registers since they overlap: the 64-bit rax, for example, has eax as its bottom 32-bits, and so on for rbx and ebx, r8 and r8d and so on. Therefore, modifications to a 32-bit register are reflected in the corresponding 64-bit register, and vice versa.
A similar relationship exists among the 16-bit (ax, etc) and 8-bit (al, etc) registers. You can find all the gory details in many places.
No comments:
Post a Comment