vault backup: 2025-03-16 18:59:42
This commit is contained in:
boris
@@ -35,30 +35,34 @@ If source code not available:
|
||||
- ESP - Stack pointer (last item on the stack)
|
||||
- EBP - Stack frame base pointer and reference to arguments and local variables
|
||||
- EIP - Pointer to the next instruction to execute (“instruction pointer”)
|
||||
|
||||
### Segment Registers
|
||||
- CS : Holds the address to the Code segment of the program
|
||||
- DS : Holds the address to the Data segment of the program
|
||||
- SS : Holds the address to the Stack segment of the program
|
||||
|
||||
- CS : Holds the address to the Code segment of the program
|
||||
- DS : Holds the address to the Data segment of the program
|
||||
- SS : Holds the address to the Stack segment of the program
|
||||
- ES,FS,GS : Hold the address to the extra segments
|
||||
|
||||
### Flags
|
||||
- Zero Flag (ZF) - Set if the result of some instruction is zero; cleared otherwise.
|
||||
- Sign Flag (SF) - Set equal to the most-significant bit of the result, which is the sign bit of a signed integer. (0 indicates a positive value and 1 indicates a negative value)
|
||||
- Carry Flag (CF): Set if an arithmetic operation generate a carry or a borrow out of the most significant bit of the result, cleared otherwise
|
||||
- Parity Flag (PF): Set if the least-significant byte of the result contains an even number of 1 bit, cleared otherwise.
|
||||
- Overflow Flag (OF): Set if the integer result is too large a positive number or too small a negative number, excluding the sign bit, to fit in the destination operand, cleared otherwise. This flag indicates an overflow condition for signed-integer that is two’s complement arithmetic.
|
||||
|
||||
- Zero Flag (ZF) - Set if the result of some instruction is zero; cleared otherwise.
|
||||
- Sign Flag (SF) - Set equal to the most-significant bit of the result, which is the sign bit of a signed integer. (0 indicates a positive value and 1 indicates a negative value)
|
||||
- Carry Flag (CF): Set if an arithmetic operation generate a carry or a borrow out of the most significant bit of the result, cleared otherwise
|
||||
- Parity Flag (PF): Set if the least-significant byte of the result contains an even number of 1 bit, cleared otherwise.
|
||||
- Overflow Flag (OF): Set if the integer result is too large a positive number or too small a negative number, excluding the sign bit, to fit in the destination operand, cleared otherwise. This flag indicates an overflow condition for signed-integer that is two’s complement arithmetic.
|
||||
- 
|
||||
|
||||
### Push / Pop
|
||||
PUSH src
|
||||
- src operand can be a register or immediate
|
||||
- In a DWORD scenario, the PUSH instruction automatically decrements the stack pointer by 4, i.e., sp <- sp-4
|
||||
|
||||
PUSH src
|
||||
|
||||
- src operand can be a register or immediate
|
||||
- In a DWORD scenario, the PUSH instruction automatically decrements the stack pointer by 4, i.e., sp <- sp-4
|
||||
POP src
|
||||
- Src operand can be a register
|
||||
- Src operand can be a register
|
||||
- In a DWORD scenario, the POP instruction automatically takes a DWORD off the stack, puts in a register and increments the stack pointer by 4, i.e., sp <- sp+4
|
||||
|
||||
#### Examples of PUSH / POP
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user