Difference between revisions of "Assembler"
| Line 6: | Line 6: | ||
* IDT/GDT(/LDT) | * IDT/GDT(/LDT) | ||
| − | + | [PIE!] | |
== Segments == | == Segments == | ||
Segment registers: cs,es,ds,ss,fs,gs<br> | Segment registers: cs,es,ds,ss,fs,gs<br> | ||
Revision as of 05:11, 7 September 2009
| This entry needs a lot of work. Please contribute if you can. Check this page to see if there are some suggestions for adding to Assembler. |
To describe:
- Flags
- Segments
- CPL/DPL
- IDT/GDT(/LDT)
[PIE!]
Contents
Segments
Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)
example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8
CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32
Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset
GDT
The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)
IDT
The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate
Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)
Flags
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF
Opcodes
Most commonly used opcodes:
....
ADD : Increases a register or address with a specified amount
DEC : Decreases a register or address with 1
INC : Increases a register or address with 1
SUB : Decreases a register or address with a specified amount
MOV : Sets a register or address to a specified value
NOP = No Operation , usually used when removing the code that decreases life
XOR : Exclusive OR operation on a register or address with a specified value. An Exclusive OR sets the result bit to 1 for each bit that is different between the 2 values
....
