banner



Home  ›  What Is Ecx Register Foresics

What Is Ecx Register Foresics

Written By Sunday, May 8, 2022 Add Comment Edit

Introduction

This article will define 3 key types of registers in the x86 architecture and then get on to evidence simulations of registers' contents subsequently specific instructions have been run.

This article is designed for self-starters, students and professionals who desire to gain a detailed agreement of the x86 hardware architecture, including its internal architecture with accent on registers. This article will help to requite you the fine details and ameliorate understanding of architecture issues, particularly in processor registers.

Figure i: Internal compages of a calculator using x86 hardware

Fundamental components of a computer system

The fundamental components of a computer system are:

  1. The Primal Processing Unit (CPU), which includes the command unit, arithmetic logic unit of measurement (ALU) and registers
  2. Random Admission Memory (RAM)
  3. Input and output peripherals, which include mouse, keyboard and disk drive
  4. The system double-decker, which consists of the data charabanc, control motorbus and accost passenger vehicle

The Key Processing Unit of measurement (CPU)

Writing at Digital Trends, Jon Martindale defined a CPU as follows: "A primal processor, or CPU, is arguably the near important component of any computing device. It handles bones instructions and allocates the more than complicated tasks to other specific chips to get them to do what they do all-time."

CPU Registers

TechDifferences defined registers as follows: "Registers are the smallest data holding elements that are built into the processor'south hardware itself. Registers are the temporary storage locations that are straight accessible by the processor. The registers hold the educational activity or operands that is currently beingness accessed by the CPU."

General Purpose Registers (GPRs)

The x86 architecture contains eight 32-bit General Purpose Registers (GPRs). These registers are mainly used to perform accost calculations, arithmetic and logical calculations. Four of the GPRs tin can be treated equally a 32-fleck quantity, a xvi-bit quantity or as ii viii-bit quantities. They are the EAX, EBX, ECX and EDX as shown in Effigy 2.

Table 1: Conventional utilize of full general purpose registers

Figure 2: General purpose registers

Below is a listing of instructions that describe how the GPRs tin can exist used:

  • one. MOV EBX , 0xf7
  • 2. MOV ebx , 0xf7

When working with registers in x86, their names are not case-sensitive. For example, the names EBX and ebx refer to the same annals. Instructions 1 and two will copy the hexadecimal value f7 into the annals EBX , which is the aforementioned as ebx . The leading 0x indicates that what follows is a hexadecimal value.

  • three. MOV EBX , 0x0000
  • 4. MOV ebx , 0x7fff ffff

Instruction iii copies the hexadecimal value of 0 into the register EBX and instruction 4 copies the hexadecimal value 7fff ffff into the same register.

As illustrated in Figure 2. the GPRs EAX, EBX, ECX, EDX, ESI, EDI, ESP and EBP are all 32 $.25. This means they tin can hold binary values from 00000000 00000000 00000000 00000000 to 01111111 11111111 11111111 11111111, decimal values from 0 to 2147483647 and hexadecimal values from 0 to 7fff ffff.

Let's assume a part is required to perform an instruction by copying the binary value 00000000 00000000 00000000 00000111 b into a General Purpose Register.

Instead of using, for instance, the ECX annals or whatsoever of the 32-bit GPRs, it is best to apply the depression-order 8-bit of the GPRs. The to the lowest degree meaning two bytes of register ECX can exist treated as a 16-flake annals called CX .

The to the lowest degree significant byte of register CX can also be used equally a single 8-fleck register chosen CL , while the almost significant byte of register CX can be used as a single 8-bit annals called CH . It is of import to note that these names refer to the same physical register ECX .

  • 5. MOV C L , 111 b
  • 6. MOV CH , 1 000 0111 b

Effigy 3: x86 emulator showing contents of the sixteen-chip register CX after executing Instructions 5 and 6

Instruction 5 copies the binary value 111 b into C 50 , the depression-order viii-bit annals of ECX .

Instruction half dozen copies the binary value 1 000 0111 b into CH , the high-order eight-flake register of ECX .

Similarly, the registers DX, CX, BX and AX can be used to conduct out 16-bit calculations. It is important to notation that only the GPRs EAX, EBX, ECX and EDX can be used in this manner.

  • 7. MOV BX , 0xff00
  • 8. MOV BH , 0xff
  • 9. MOV BL , 0x00

Effigy 4: Result of copying the hexadecimal value ff00 into annals BX — Instruction seven

Figure v: Issue of copying the hexadecimal value ff into register BH — Instruction 8

Effigy 6: Result of copying the hexadecimal value 00 into register BL — Teaching 9

From instructions 7, viii and 9 too as Figures iv, 5 and vi, it tin can be concluded that putting 0xff00 into BX is the same as putting 0xff into BH and putting 0x00 into BL. This confirms that we can reference:

  • BX in terms of BH, BL
  • AX in terms of AH, AL
  • CX in terms of CH, CL
  • DX in terms of DH, DL

Figure seven: A debugger showing General Purpose Registers with values

EFLAGS or control registers

Figure 8: EFLAGS

EFLAGS are status registers which monitor the results produced from the execution of arithmetics instructions and then perform specific tasks based on the condition report. Figure 8 above shows a summary of the functions for each of these registers.

Segment Registers

Figure 9: Segment registers

As shown in Figure 9, segment registers are 16-bit memory pointers located inside the x86 architecture which point to a place in memory where 1 of the following actions begin:

  1. Data storage
  2. Code execution

Conclusion

This article has briefly explained the internal architecture of an x86 hardware system. It has introduced three primal types of registers, particularly Full general Processor Registers (GPRs) in a unique way by showing simulations of annals contents after specific instructions have been executed. These simulations clarify when to use the16-flake and 8-flake subsections of the 32-scrap processor registers.

Sources

  1. What is a CPU? , Digital Trends
  2. Difference Between Register and Memory , TechDifferences

What Is Ecx Register Foresics,

Source: https://resources.infosecinstitute.com/topic/registers/

Posted by: stevesonapture.blogspot.com

0 Response to "What Is Ecx Register Foresics"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel