Difference between revisions of "Assembler"
Jump to navigation
Jump to search
(→Opcodes) |
(→Flags) |
||
| Line 30: | Line 30: | ||
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.<br> | There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.<br> | ||
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF<br> | ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF<br> | ||
| − | + | ||
| − | Bit | + | {| class="gallery" style="background-color:#f4f4f4" |
| − | 00 | + | |+ Flags |
| − | 02 | + | ! Bit !! Flag !! Description |
| − | 04 | + | |- |
| − | 06 | + | |00 |
| − | 07 | + | |'''CF''' Carry Flag |
| − | 08 | + | |Becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result. |
| − | 09 | + | |- |
| − | 10 | + | |02 |
| − | 11 | + | |'''PF''' Parity Flag |
| − | 12-13 | + | |Becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits. |
| − | 14 | + | |- |
| − | 16 | + | |04 |
| − | 17 | + | |'''AF''' Auxiliary Flag |
| − | 18 | + | |Set on a carry or borrow to the value of the lower order 4 bits. |
| − | 19 | + | |- |
| − | 20 | + | |06 |
| − | 21 | + | |'''ZF''' Zero Flag |
| + | |Becomes 1 if an operation results in a 0 writeback, or 0 register. | ||
| + | |- | ||
| + | |07 | ||
| + | |'''SF''' Sign Flag | ||
| + | |Is 1 if the value saved is negative, 0 for positive. | ||
| + | |- | ||
| + | |08 | ||
| + | |'''TF''' Trap Flag | ||
| + | |Allows for the stopping of code within a segment (allows for single stepping/debugging in programming). | ||
| + | |- | ||
| + | |09 | ||
| + | |'''IF''' Interrupt Flag | ||
| + | |When this flag is set, the processor begins 'listening' for external interrupts. | ||
| + | |- | ||
| + | |10 | ||
| + | |'''DF''' Direction Flag | ||
| + | |Determines the direction to move through the code (specific to repeat instructions). | ||
| + | |- | ||
| + | |11 | ||
| + | |'''OF''' Overflow Flag | ||
| + | |Becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits). | ||
| + | |- | ||
| + | |12-13 | ||
| + | |'''IOPL''' I/O Privilege Level | ||
| + | |2-bit register specifying which privilege level is required to access the IO ports | ||
| + | |- | ||
| + | |14 | ||
| + | |'''NT''' Nested Task | ||
| + | |Becomes 1 when calls within a program are made. | ||
| + | |- | ||
| + | |16 | ||
| + | |'''RF''' Resume Flag | ||
| + | |Stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs. | ||
| + | |- | ||
| + | |17 | ||
| + | |'''VM''' Virtual Machine 8086 | ||
| + | |Becomes a 1 if the processor is to simulate the 8086 processor (16-bit). | ||
| + | |- | ||
| + | |18 | ||
| + | |'''AC''' Alignment Check | ||
| + | |Checks that a file or command is not breaking its privilege level. | ||
| + | |- | ||
| + | |19 | ||
| + | |'''VIF''' Virtual Interrupt Flag | ||
| + | |Almost always set in protected mode, listening for internal and assembling interrupts. | ||
| + | |- | ||
| + | |20 | ||
| + | |'''VIP''' Virtual Interrupt Pending | ||
| + | |1 if a virtual interrupt is yet to occur. | ||
| + | |- | ||
| + | |21 | ||
| + | |'''ID''' ID Flag | ||
| + | |Is set if a CPU identification check is pending (used in some cases to ensure valid hardware). | ||
| + | |} | ||
| + | |||
Revision as of 12:02, 12 March 2017
| This entry needs a lot of work. Please contribute if you can. Check this page to see if there are some suggestions for adding to Assembler. |
To describe:
- Flags
- Segments
- CPL/DPL
- IDT/GDT(/LDT)
Segments
Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)
example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8
CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32
Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset
GDT
The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)
IDT
The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate
Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)
Flags
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF
| Bit | Flag | Description |
|---|---|---|
| 00 | CF Carry Flag | Becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result. |
| 02 | PF Parity Flag | Becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits. |
| 04 | AF Auxiliary Flag | Set on a carry or borrow to the value of the lower order 4 bits. |
| 06 | ZF Zero Flag | Becomes 1 if an operation results in a 0 writeback, or 0 register. |
| 07 | SF Sign Flag | Is 1 if the value saved is negative, 0 for positive. |
| 08 | TF Trap Flag | Allows for the stopping of code within a segment (allows for single stepping/debugging in programming). |
| 09 | IF Interrupt Flag | When this flag is set, the processor begins 'listening' for external interrupts. |
| 10 | DF Direction Flag | Determines the direction to move through the code (specific to repeat instructions). |
| 11 | OF Overflow Flag | Becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits). |
| 12-13 | IOPL I/O Privilege Level | 2-bit register specifying which privilege level is required to access the IO ports |
| 14 | NT Nested Task | Becomes 1 when calls within a program are made. |
| 16 | RF Resume Flag | Stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs. |
| 17 | VM Virtual Machine 8086 | Becomes a 1 if the processor is to simulate the 8086 processor (16-bit). |
| 18 | AC Alignment Check | Checks that a file or command is not breaking its privilege level. |
| 19 | VIF Virtual Interrupt Flag | Almost always set in protected mode, listening for internal and assembling interrupts. |
| 20 | VIP Virtual Interrupt Pending | 1 if a virtual interrupt is yet to occur. |
| 21 | ID ID Flag | Is set if a CPU identification check is pending (used in some cases to ensure valid hardware). |
Opcodes
Most commonly used opcodes:
- MOV destination, source
- Sets a register or address to a specified value.
- INC destination
- Increases a register or address with 1.
- DEC destination
- Decreases a register or address with 1.
- ADD destination, source
- Adds the source to the destination.
- SUB destination, source
- Subtracts the source from the destination.
- NOP
- No Operation.
- Usually used when removing original code.
- OR destination, source
- The OR instruction is used for supporting logical expression by performing bitwise OR operation.
- The bitwise OR operator returns 1, if the matching bits from either or both operands are one.
- It returns 0, if both the bits are zero.
- Example:
destination: 0101
source: 0011
----------------------------
After OR -> destination: 0111
- XOR destination, source
- The XOR instruction implements the bitwise XOR operation.
- The XOR operation sets the resultant bit to 1, if and only if the bits from the operands are different.
- If the bits from the operands are same (both 0 or both 1), the resultant bit is cleared to 0.
- Example:
destination: 0101
source: 0011
----------------------------
After XOR -> destination: 0110
- AND
- The AND instruction is used for supporting logical expressions by performing bitwise AND operation.
- The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
- Example:
destination: 0101
source: 0011
----------------------------
After AND -> destination: 0001
- TEST destination, source
- The TEST instruction works same as the AND operation, but unlike AND instruction, it does not change the first operand.
- NOT operand
- The NOT instruction implements the bitwise NOT operation.
- NOT operation reverses the bits in an operand.
- The operand could be either in a register or in the memory.
- Example:
operand: 0101 0011 After NOT -> operand: 1010 1100
