Assembly – CPU Registers

Course notes from Vivek Ramachandran’s online class “x86/64 Assembly and Shellcoding on Linux

Within the CPU are components used to retreive instructions, store data, flag events, etc.  These sections of the CPU can be conceptualized as:

  • Control Unit: Used to retrieve and decode instructions or to store data in memory
  • Execution Unit: Actual execution of instruction
  • Registers: Internal memory areas used to store temporary data (like a “variable”)
  • Flags: Are indicators used to express a specific event is happening during execution

General Purpose 64bit Registers

The general registers on a 64 bit processor will be described below.  Note it is like a tree diagram, where the entire 64bit register may be something like RAX, but it includes the 32bit EAX and the 32bit EAX includes 8bit AH and 8bit AL registers.  Each register will similarly unfold with it’s own subset.  Knowing this is important, as it comes up in saving byte space, for example – if you make an instruction that runs in RAX but only needs 32bit of space, it could reference EAX directly and not waste the remaining space of RAX.

  1. RAX (64bit)
    1. EAX (32bit)
      1. AX (16bit)
        1. AH (Higher 8bit) – restrictions apply on directly addressing the higher byte register.
        2. AL (Lower 8bit)
  2. RBX
    1. EBX
      1. BX
        1. BH
        2. BL
  3. RCX
    1. ECX
      1. CX
        1. CH
        2. CL
  4. RDX
    1. EDX
      1. DX
        1. DH
        2. DL
  5. RSI
    1. ESI
      1. SI
        1. SIL (only lower registers are allowed direct access)
  6. RDI
    1. EDI
      1. DI
        1. DIL
  7. RBP
    1. EBP
      1. BP
        1. BPL
  8. RSP
    1. ESP
      1. SP
        1. SPL
  9. R8
    1. R8D
      1. R8W
        1. R8B
  10. R9
    1. R9D
      1. R9W
        1. R9B
  11. R[10-15] (the above pattern repeats with only the numeric value incrementing)
    1. R[10-15]D
      1. R[10-15]W
        1. R[10-15]B

Instruction Pointer RIP

A register outside the general purpose, worth mentioning, is RIP.  In 32bit that would be EIP.  This is the instruction pointer and is made useful with exploit research.  This is the register that when compromised can choose what to execute next (i.e. other code that was introduced.)


Posted in: ASM

Leave a Reply

Your email address will not be published. Required fields are marked *