(Image showing a subset of the x86_64 registers)
General Purpose
Although all of these registers are available for general storage of operands, results, and pointers, caution should be used when referencing the ESP register. The ESP register holds the stack pointer and as a general rule should not be used for another purpose.
Many instructions assign specific registers to hold operands. For example, string instructions use the contents of the ECX, ESI, and EDI registers as operands. When using a segmented memory model, some instructions assume that pointers in certain registers are relative to specific segments. For instance, some instructions assume that a pointer in the EBX register points to a memory location in the DS segment.
R8-R16: Only available on 64 bit processors ( Not x86 )
Instruction Pointer Register
RIP : 64 bit instruction pointer. x86 uses EIP
Flags Register
RFLAGS :
Control Registers
C0 :
The CR0 register is 32 bits long on the 386 and higher processors. On x86-64 processors in long mode, it (and the other control registers) is 64 bits long. CR0 has various control flags that modify the basic operation of the processor.
Bit | Name | Full Name | Description |
---|---|---|---|
31 | PG | Paging | If 1, enable paging and use the CR3 register, else disable paging |
30 | CD | Cache disable | Globally enables/disable the memory cache |
29 | NW | Not-write through | Globally enables/disable write-back caching |
18 | AM | Alignment mask | Alignment check enabled if AM set, AC flag (in EFLAGS register) set, and privilege level is 3 |
16 | WP | Write protect | Determines whether the CPU can write to pages marked read-only |
5 | NE | Numeric error | Enable internal x87 floating point error reporting when set, else enables PC style x87 error detection |
4 | ET | Extension type | On the 386, it allowed to specify whether the external math coprocessor was an 80287 or 80387 |
3 | TS | Task switched | Allows saving x87 task context upon a task switch only after x87 instruction used |
2 | EM | Emulation | If set, no x87 floating point unit present, if clear, x87 FPU present |
1 | MP | Monitor co-processor | Controls interaction of WAIT/FWAIT instructions with TS flag in CR0 |
0 | PE | Protected Mode Enable | If 1, system is in protected mode, else system is in real mode |
C2 : Contains a value called Page Fault Linear Address (PFLA). When a page fault occurs, the address the program attempted to access is stored in the CR2 register.
C3 : Used when virtual addressing is enabled, hence when the PG bit is set in CR0. CR3 enables the processor to translate linear addresses into physical addresses by locating the page directory and page tables for the current task. Typically, the upper 20 bits of CR3 become the page directory base register (PDBR), which stores the physical address of the first page directory entry.
C4: Used in protected mode to control operations such as virtual-8086 support, enabling I/O breakpoints, page size extension and machine check exceptions.
Bit | Name | Full Name | Description |
---|---|---|---|
21 | SMAP | Supervisor Mode Access Protection Enable | If set, access of data in a higher ring generates a fault[1] |
20 | SMEP | Supervisor Mode Execution Protection Enable | If set, execution of code in a higher ring generates a fault |
18 | OSXSAVE | XSAVE and Processor Extended States Enable | |
17 | PCIDE | PCID Enable | If set, enables process-context identifiers (PCIDs). |
14 | SMXE | Safer Mode Extensions Enable | see Trusted Execution Technology (TXT) |
13 | VMXE | Virtual Machine Extensions Enable | see Intel VT-x |
10 | OSXMMEXCPT | Operating System Support for Unmasked SIMD Floating-Point Exceptions | If set, enables unmasked SSE exceptions. |
9 | OSFXSR | Operating system support for FXSAVE and FXRSTOR instructions | If set, enables SSE instructions and fast FPU save & restore |
8 | PCE | Performance-Monitoring Counter enable | If set, RDPMC can be executed at any privilege level, else RDPMC can only be used in ring 0. |
7 | PGE | Page Global Enabled | If set, address translations (PDE or PTE records) may be shared between address spaces. |
6 | MCE | Machine Check Exception | If set, enables machine check interrupts to occur. |
5 | PAE | Physical Address Extension | If set, changes page table layout to translate 32-bit virtual addresses into extended 36-bit physical addresses. |
4 | PSE | Page Size Extension | If unset, page size is 4 KiB, else page size is increased to 4 MiB (or 2 MiB with PAE set). |
3 | DE | Debugging Extensions | If set, enables debug register based breaks on I/O space access |
2 | TSD | Time Stamp Disable | If set, RDTSC instruction can only be executed when in ring 0, otherwise RDTSC can be used at any privilege level. |
1 | PVI | Protected-mode Virtual Interrupts | If set, enables support for the virtual interrupt flag (VIF) in protected mode. |
0 | VME | Virtual 8086 Mode Extensions | If set, enables support for the virtual interrupt flag (VIF) in virtual-8086 mode. |
EFER :
(x64 only)Extended Feature Enable Register (EFER) is a model-specific register added in the AMD K6 processor, to allow enabling the SYSCALL/SYSRET instruction, and later for entering and exiting long mode. This register becomes architectural in AMD64 and has been adopted by Intel.
Bit | Purpose |
---|---|
63:16 | Reserved |
15 | TCE (Translation Cache Extension) |
14 | FFXSR (Fast FXSAVE/FXRSTOR) |
13 | LMSLE (Long Mode Segment Limit Enable) |
12 | SVME (Secure Virtual Machine Enable) |
11 | NXE (No-Execute Enable) |
10 | LMA (Long Mode Active) |
9 | Reserved |
8 | LME (Long Mode Enable) |
7:1 | Reserved |
0 | SCE (System Call Extensions) |
The AMD64 architecture allows software to define up to 15 external interrupt-priority classes. Priority classes are numbered from 1 to 15, with priority-class 1 being the lowest and priority-class 15 the highest. CR8 uses the four low-order bits for specifying a task priorityand the remaining 60 bits are reserved and must be written with zeros.
System software can use the TPR register to temporarily block low-priority interrupts from interrupting a high-priority task. This is accomplished by loading TPR with a value corresponding to the highest-priority interrupt that is to be blocked. For example, loading TPR with a value of 9 (1001b) blocks all interrupts with a priority class of 9 or less, while allowing all interrupts with a priority class of 10 or more to be recognized. Loading TPR with 0 enables all external interrupts. Loading TPR with 15 (1111b) disables all external interrupts.
The TPR is cleared to 0 on reset.
Segment Registers
These registers are not used for segment info as they were on previous models.
CS :
DS :
SS :
ES :
FS :
GS : Used by a process to point to the TEB/TIB (Thread Execution Block) on Windows. You are able to get the PEB (Process execution Block) from a pointer in the TEB on Windows
Debugging Registers
These registers allow you to set up to four (for x86, this is highly platform specific) addresses that, when either read, read/written, or executed, will cause the processor to throw a special exception that causes execution to stop and control to be transferred to the debugger.
Note that when paging is enabled, different tasks may have different linear-to-physical address mappings. When this is the case, an address in a debug address register may be relevant to one task but not to another. For this reason the x86 has both global and local enable bits in DR7. These bits indicate whether a given debug address has a global (all tasks) or local (current task only) relevance.
DR6 :The debug status register permits the debugger to determine which debug conditions have occurred. When the processor detects an enabled debug exception, it sets the low-order bits of this register (0,1,2,3) before entering the debug exception handler.
Note that the bits of DR6 are never cleared by the processor. To avoid any confusion in identifying the next debug exception, the debug handler should move zeros to DR6 immediately before returning.
Bits 16-17 (DR0), 20-21 (DR1), 24-25 (DR2), 28-29 (DR3), define when breakpoints trigger. Each breakpoint has a two-bit entry that specifies whether they break on execution (00b), data write (01b), data read or write (11b). 10b is defined to mean break on IO read or write but no hardware supports it. Bits 18-19 (DR0), 22-23 (DR1), 26-27 (DR2), 30-31 (DR3), define how large an area of memory is watched by breakpoints. Again each breakpoint has a two-bit entry that specifies whether they watch one (00b), two (01b), eight (10b) or four (11b) bytes.
Test Registers
Not sure if these are still in the x86_x64 processor
TR3 &TR7 : Usually to do a self-test. Most of these registers were undocumented, and used by specialized software. The test registers were named TR3 to TR7. Regular programs don't usually require these registers to work. With the Pentium, the test registers were replaced by a variety of model-specific registers (MSRs).
TR6 & TR7 : . TR6 was the test command register, and TR7 was the test data register. These registers were accessed by variants of the MOV instruction. A test register may either be the source operand or the destination operand. The MOV instructions are defined in both real-address mode and protected mode. The test registers are privileged resources. In protected mode, the MOV instructions that access them can only be executed at privilege level 0. An attempt to read or write the test registers when executing at any other privilege level causes a general protection exception. Also, those instructions generate invalid opcode exception on any CPU newer than 80486.
Registers to support the SSE. It extends the earlier SSE instruction set, and is intended to fully replace MMX. SIMD (Single Instruction, Multiple Data) instructions can greatly increase performance when exactly the same operations are to be performed on multiple data objects. Typical applications are digital signal processing and graphics processing.
Because these 128-bit registers are additional machine states that the operating system must preserve across task switches, they are disabled by default until the operating system explicitly enables them. This means that the OS must know how to use the FXSAVE and FXRSTOR instructions, which is the extended pair of instructions which can save all x86 and SSE register states all at once. This support was quickly added to all major IA-32 operating systems.
XMM0-XMM7 : 128 bits wide.
XMM8-XMM15 : Only on x86_64 processor. 128 bits wide.
MXCSR : Control/status register
Streaming SIMD Extension Registers(SSE, SSE2, SSE3 and SSSE3)
Registers to support the SSE. It extends the earlier SSE instruction set, and is intended to fully replace MMX. SIMD (Single Instruction, Multiple Data) instructions can greatly increase performance when exactly the same operations are to be performed on multiple data objects. Typical applications are digital signal processing and graphics processing.
Because these 128-bit registers are additional machine states that the operating system must preserve across task switches, they are disabled by default until the operating system explicitly enables them. This means that the OS must know how to use the FXSAVE and FXRSTOR instructions, which is the extended pair of instructions which can save all x86 and SSE register states all at once. This support was quickly added to all major IA-32 operating systems.
XMM0-XMM7 : 128 bits wide.
XMM8-XMM15 : Only on x86_64 processor. 128 bits wide.
MXCSR : Control/status register
No comments:
Post a Comment