常见看名字猜测不了功能的指令¶
lea //Load Effective Address
test //Logical Compare, Computes the bit-wise logical AND of first operand
//(source 1 operand) and the second operand (source 2 operand) and
//sets the SF, ZF, and PF status flags according to the result. The result is then discarded.
incl //Adds 1 to the destination operand, while preserving the state of the CF flag.
//The destination operand can be a register or a memory location. This instruction
//allows a loop counter to be updated without disturbing the CF flag. (Use a ADD
//instruction with an immediate operand of 1 to perform an increment operation that does updates the CF flag.)
操作模式¶
IA32
- real address mode:用于兼容 8086,只能访问 1MB 空间
- protected mode:32 位一般情况
- system management mod
IA64 新增
- Compatiblity mode
- 64-bit mode
- 资源
- 基本资源:用于执行用户程序和操作系统
IA32 整数部分寄存器: - 8 个通用寄存器 (32bits):EAX, EBX, ECX, EDX, ESI, EDI, **EBP, ESP** - 6 个段寄存器 (16bits):**CS, DS, SS**, ES, FS, GS - EFLGAS(32bits)  - **EIP**(32bits) - 特权资源:作为系统级架构的一部分,用于支持操作系统和系统级软件
- I/O ports - 控制寄存器:CR0-CR4,用于控制处理器的操作模式 - 内存管理寄存器:GDTR, IDTR, LDTR, ... - Performance monitoring counters:用于监控性能事件
内存管理¶
-
内存模型
- Flat memory model: 线性地址,0-2^32-1
- Segmented memory model:将内存分为一个独立的地址空间称为段。如代码、数据、栈等都可以存放在不同的段里。逻辑地址=(segment selector, offset)。一共可以有 2^14-1 个段,每个段最大为 2^32B。
- real-address mode memory model: The real-address mode uses a specific implementation of segmented memory in which the linear address space for the program and the operating system/executive consists of an array of segments of up to 64 KBytes in size each. The maximum size of the linear address space in real-address mode is 2 20 bytes.
-
分页和虚拟内存:无论是 flat 模式还是 segemented 模式,线性地址均通过分页映射到物理地址。(需要开启分页)
-
Extended Physical Addressing in Protected Mode Beginning with P6 family processors, the IA-32 architecture supports addressing of up to 64 GBytes (2 36 bytes) of physical memory. A program or task could not address locations in this address space directly. Instead, it addresses individual linear address spaces of up to 4 GBytes that mapped to 64-GByte physical address space through a virtual memory management mechanism. Using this mechanism, an operating system can enable a program to switch 4-GByte linear address spaces within 64-GByte physical address space.
The use of extended physical addressing requires the processor to operate in protected mode and the operating system to provide a virtual memory management system. See “36-Bit Physical Addressing Using the PAE Paging Mechanism” in Chapter 3, “Protected-Mode Memory Management,” of the Intel® 64 and IA-32 Architectures Soft-ware Developer’s Manual, Volume 3A.
函数调用¶
-
stack:一个栈帧,主要包含调用参数、返回地址、局部变量。通常栈底为高地址位
-
aa
-
EBP(Stack Base Pointer):RET 从当前栈顶 (ESP) 弹栈,并弹栈值写入 EIP 中。处理器不会保证 RET 弹栈值就是返回地址,因此需要程序员保证。
常见做法是在被调用函数第一句,将 EBP 设置为 ESP(执行 CALL 后,处理器将 EIP 压入栈,因此栈顶即对应返回地址),在调用 RET 返回前,将 ESP 重设为 EBP。
不过目前的做法会在被调用函数的第一句先将 EBP 压入栈中(对应上一层的 EBP),再将 EBP 设置为 ESP。
于是我们便有关系:EBP+4 对应当前函数的返回地址。这样便可以通过 EBP 遍历整个调用栈
-
传参
- 通用寄存器(8-2=6)
- Stack
- arguement list:传一个 pointer 指向 arguement list。传大量数据的方式
保存变量:PUSHA pushes the values in all the general-purpose registers on the stack in the following order: EAX, ECX, EDX, EBX, ESP (the value prior to executing the PUSHA instruction), EBP, ESI, and EDI. POPA does the inverse
-
在不同特权级间调用(会使用到吗,一般通过系统调用切换特权级再调用的吧?)
-
经验:
- 0x8(%ebp) 对应第一个参数
- 函数返回值存储在 eax 中
-
enter, leave:enter 有两个参数,一个指定分配多大的内存用于存储函数局部变量 (等价于自己执行 sub size, %esp),一另一个为 lexical nesting level,会安装层次储存父函数的 ebp。
leave 恢复 enter 的操作。比较特别的是,如果使用了 leave,就不需要自己在函数结尾 pop 了。
异常¶
ucore¶
段¶
voulme3 chapter3 p2893
启动分段机制,未启动分⻚页机制:逻辑地址--> (分段地址转换) -->线性地址=物理理地址 启动分段和分⻚页机制:逻辑地址--> (分段地址转换) -->线性地址-->分⻚页地址转换) -->物理理地址
- 代码段寄存器器中的 CPL 字段(2 位)的值总是等于 CPU 的当前特权级,所以只要看⼀一眼 CS 中的 CPL,你就可以知道 此刻的特权级了了。¶
A segment selector is a 16-bit identifier for a segment (see Figure 3-6). It does not point directly to the segment, but instead points to the segment descriptor that defines the segment.