Difference between revisions of "Assembler"
(Undo revision 545 by 76.212.169.188 (Talk) (He added [I LIKE PIE])) |
(→Flags: Added abit) |
||
| Line 28: | Line 28: | ||
== Flags == | == Flags == | ||
| − | ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF | + | There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.<br> |
| + | ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF<br> | ||
| + | <br> | ||
| + | Bit: Flag - description<br> | ||
| + | 00: '''CF''' Carry Flag – becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result.<br> | ||
| + | 02: '''PF''' Parity Flag – becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits.<br> | ||
| + | 04: '''AF''' Auxiliary Flag – Set on a carry or borrow to the value of the lower order 4 bits.<br> | ||
| + | 06: '''ZF''' Zero Flag – becomes 1 if an operation results in a 0 writeback, or 0 register.<br> | ||
| + | 07: '''SF''' Sign Flag – is 1 if the value saved is negative, 0 for positive.<br> | ||
| + | 08: '''TF''' Trap Flag – allows for the stopping of code within a segment (allows for single stepping/debugging in programming).<br> | ||
| + | 09: '''IF''' Interrupt Flag – when this flag is set, the processor begins 'listening' for external interrupts.<br> | ||
| + | 10: '''DF''' Direction Flag – determines the direction to move through the code (specific to repeat instructions).<br> | ||
| + | 11: '''OF''' Overflow Flag – becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits).<br> | ||
| + | 12-13: '''IOPL''' I/O Privilege Level – Read, Write, or a combination of the 2 (2-bit register).<br> | ||
| + | 14: '''NT''' Nested Task – becomes 1 when calls within a program are made.<br> | ||
| + | 16: '''RF''' Resume Flag – stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs.<br> | ||
| + | 17: '''VM''' Virtual Machine 8086 – becomes a 1 if the processor is to simulate the 8086 processor (16-bit).<br> | ||
| + | 18: '''AC''' Alignment Check – checks that a file or command is not breaking its privilege level.<br> | ||
| + | 19: '''VIF''' Virtual Interrupt Flag – almost always set in protected mode, listening for internal and assembling interrupts.<br> | ||
| + | 20: '''VIP''' Virtual Interrupt Pending – 1 if a virtual interrupt is yet to occur.<br> | ||
| + | 21: '''ID''' ID Flag – is set if a CPU identification check is pending (used in some cases to ensure valid hardware).<br> | ||
| + | |||
| + | |||
| + | [http://www.tech-recipes.com/rx/1239/assembly-flags/ Source] | ||
== Opcodes == | == Opcodes == | ||
Revision as of 11:11, 18 September 2009
| This entry needs a lot of work. Please contribute if you can. Check this page to see if there are some suggestions for adding to Assembler. |
To describe:
- Flags
- Segments
- CPL/DPL
- IDT/GDT(/LDT)
Contents
Segments
Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)
example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8
CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32
Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset
GDT
The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)
IDT
The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate
Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)
Flags
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF
Bit: Flag - description
00: CF Carry Flag – becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result.
02: PF Parity Flag – becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits.
04: AF Auxiliary Flag – Set on a carry or borrow to the value of the lower order 4 bits.
06: ZF Zero Flag – becomes 1 if an operation results in a 0 writeback, or 0 register.
07: SF Sign Flag – is 1 if the value saved is negative, 0 for positive.
08: TF Trap Flag – allows for the stopping of code within a segment (allows for single stepping/debugging in programming).
09: IF Interrupt Flag – when this flag is set, the processor begins 'listening' for external interrupts.
10: DF Direction Flag – determines the direction to move through the code (specific to repeat instructions).
11: OF Overflow Flag – becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits).
12-13: IOPL I/O Privilege Level – Read, Write, or a combination of the 2 (2-bit register).
14: NT Nested Task – becomes 1 when calls within a program are made.
16: RF Resume Flag – stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs.
17: VM Virtual Machine 8086 – becomes a 1 if the processor is to simulate the 8086 processor (16-bit).
18: AC Alignment Check – checks that a file or command is not breaking its privilege level.
19: VIF Virtual Interrupt Flag – almost always set in protected mode, listening for internal and assembling interrupts.
20: VIP Virtual Interrupt Pending – 1 if a virtual interrupt is yet to occur.
21: ID ID Flag – is set if a CPU identification check is pending (used in some cases to ensure valid hardware).
Opcodes
Most commonly used opcodes:
....
ADD : Increases a register or address with a specified amount
DEC : Decreases a register or address with 1
INC : Increases a register or address with 1
SUB : Decreases a register or address with a specified amount
MOV : Sets a register or address to a specified value
NOP = No Operation , usually used when removing the code that decreases life
XOR : Exclusive OR operation on a register or address with a specified value. An Exclusive OR sets the result bit to 1 for each bit that is different between the 2 values
....
