x86_64 GPR

MySprtlty·2024년 5월 29일
0

x86

목록 보기
2/2

🏷️x86_64 GPR

  • The 64-bit versions of the 'original' x86 registers are named
    rax: register a extended
    rbx: register b extended
    rcx: register c extended
    rdx: register d extended
    rbp: register base pointer (start of stack)
    rsp: register stack pointer (current location in stack, growing downwards)
    rsi: register source index (source for data copies)
    rdi: register destination index (destination for data copies)
  • The registers added for 64-bit mode are named
    r8: register 8
    r9: register 9
    r10: register 10
    r11: register 11
    r12: register 12
    r13: register 13
    r14: register 14
    r15: register 15
  • These may be accessed as
    • 64-bit registers using the r prefix: rax, r15
    • 32-bit registers using the e prefix (original registers: e*x) or d suffix (added registers: r**d): eax, r15d
    • 16-bit registers using no prefix (original registers: *x) or a w suffix (added registers: r**w): ax, r15w
    • 8-bit registers using h ("high byte" of 16 bits) suffix (original registers - bits 8-15: *h): ah, bh
    • 8-bit registers using l ("low byte" of 16 bits) suffix (original registers - bits 0-7: *l) or b suffix (added registers: r**b): al, bl, r15b

📌arch/x86/include/asm/ptrace.h

struct pt_regs {
/*
 * C ABI says these regs are callee-preserved. They aren't saved on kernel entry
 * unless syscall needs a complete, fully filled "struct pt_regs".
 */
  unsigned long r15;
  unsigned long r14;
  unsigned long r13;
  unsigned long r12;
  unsigned long bp;
  unsigned long bx;
/* These regs are callee-clobbered. Always saved on kernel entry. */
  unsigned long r11;
  unsigned long r10;
  unsigned long r9;
  unsigned long r8;
  unsigned long ax;
  unsigned long cx;
  unsigned long dx;
  unsigned long si;
  unsigned long di;
/*
 * On syscall entry, this is syscall#. On CPU exception, this is error code.
 * On hw interrupt, it's IRQ number:
 */
  unsigned long orig_ax;
/* Return frame for iretq */
  unsigned long ip;
  unsigned long cs;
  unsigned long flags;
  unsigned long sp;
  unsigned long ss;
/* top of stack page */
};

📌Usage during syscall/function call

  • User-level applications use as integer registers for passing the sequence rdi, rsi, rdx, rcx, r8 and r9.
  • The kernel interface uses rdi, rsi, rdx, r10, r8 and r9.
  • For syscalls, the syscall number is in rax.
    • For procedure calls, rax should be set to 0.
  • Return value is in rax.
profile
MySprtlty
2Co 4:7

0개의 댓글