Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:02
Hello. This is Dr Miller, and this is Episode 1.3 of Assembly.
00:07
Today we're gonna be learning about computer organization registers
00:11
history in the different modes and paging and interrupts
00:16
computer organization.
00:18
So the way that a computer is organized is it has registers some flags that tell us information about the registers
00:26
memory, which is allows us to store data and memory addresses, which tell us where that data is.
00:32
Input output and then computational units.
00:36
So for memory, we have the basic unit of memory, which is eight bits, which is one bite.
00:42
And then, as we've talked about asking characters take up one bite and then Unicode characters take up either 12 or four bites
00:51
and then inside of assembly, we have these different units. So we have a word which is two bites. We have a double word, which is four bites, and then we have a quad word or Q word,
01:03
which is eight bytes.
01:06
So for the CPU, we have that the CPU executes machine code
01:11
The way that it does this is it fetches the information that it needs. It decodes the instruction in order to decide what it needs to do, then executes that instruction within itself, and then it stores the result of it either two registers or two main memory.
01:29
Additionally, we have the arithmetic Logic unit or a L. U.
01:33
And so the CPU might in decoding decide that in order to execute that command and has to send data to the L. U and the A. L, you will perform basic mathematical operations like multiplication and division, whereas some other operations looks you right on the CPU.
01:51
Additionally, we have the floating point unit, so the floating point unit will perform floating point math, and this will allow it to
01:59
do multiplication division. Addition on numbers that have a decimal point within themselves
02:07
registers.
02:08
So registers are very high speed memory. There are very small, so they do not use very much space. They don't have very much information within them, but we have a few of them,
02:22
and so each one of these registers is broken into multiple parts. The next slide will show a diagram of that, but be basically, E X is 32 bits and then a X is a low half of ea X. The low 16 bits A L is a low eight bits of a X and H is the high eight bits of X.
02:40
We have several general purpose registers, so these include yea x e b x e c x and e d X. As you can see, they didn't make a lot of effort into naming them fancy things. And we see a B C D.
02:55
So, for example, yea X again yea, exes. 32 bits and we can see that a X is the low half of that. H is the upper eight bits of a x A l is the lower a bits of a X.
03:10
And so if you move data into a l inherently right, that is modifying a X and E X as well, or if you modify Aah!
03:21
And the same is true for the B, C and D registers. So ebx ccx, Andy dx their split into these smaller parts.
03:30
Additionally, we have registers like, yes, I and e d i. And then es PSR stack pointer, Andy, BP is our base pointer
03:40
register usage. So generally registers have a particular usage that is typical for them. And for example, we have e x is our accumulator so it accumulates results. And then it's used for when a function returns,
03:55
we have Easy X, which is generally used as a counter. Yes, P is our stack pointer. So it's used for this stack.
04:02
Yes, I and E D I. Or the source and days destination for data transfers.
04:08
E V P is the extended base pointer or frame pointer, and we use that for functions that will call the stack in order to allow us to access parameters. In arguments,
04:19
E, d, X and E X are used when we do multiplication and division
04:25
and then e i p or I P is the current instruction that is going to be executed on the processor,
04:31
and generally this cannot be modified directly so you can directly set E i. P. But it it modifies itself as the program is executing, and then you can indirectly modify by using instructions like return and call.
04:47
So flags store information about what happened in a previous instruction,
04:54
and so you'll see them annotated with C f O. F. So this is the annotation, and then this is what they mean. So we have a carry flag and overflow flag a sign flag a zero flag. Each one of these means that a specific
05:06
action happened while the instruction is that executing. So, for example, in overflow, if we try to store the result of adding 2 32 bit numbers and it takes 33 bits to store that result, then we end up with an overflow. Or the sign flag means that it was either positive or negative or the zero flag, meaning that
05:27
the result was zero when we did the operation. So if I take a minus, a zero flag will be set because the result of that is zero
05:38
segment registers. These air used to store information about where different segments are located.
05:44
So, for example, we have a segment for the code data stack, and then we have additional ones. And so these got added on later on
05:53
in older architectures. They used to use the different segments to tell the processor where these different pieces of memory could be. And so we had a segmented architecture in previous iterations.
06:08
So it's a more history in the different modes that are processor can run in,
06:12
so there are a lot of different processor families. You'll hear people talk about the 80 88 or the 80 86. So these had 16 bit registers. They were named a X B xcx d x s I d I. So you can see names that we see kind of later and we'll see that in a bit.
06:30
Then we had the 80 to 86 or people just call it the to 86. So this introduce protected moon. We have the 3 86 which added 32 bit no mode. So now our registers need to be bigger.
06:42
So what they did is they just added an E in front of each one of them. So that way they could have more bits, and programmers could tell if they're using the 16 Big Register or if they've been using the 32 bit register.
06:54
We got the 46 which this was a bump faster. And then we have MX. So these added the multimedia instructions.
07:02
Now, modern processes have additional capabilities, including built in a AES encryption and decryption.
07:10
If you look at some of the phones produced by apple, they have a secure enclave which implements cryptography on another chip.
07:18
And then we have 64 bids, so most computers nowadays are a 64 bit enabled, and this allows them to address more memory.
07:29
So in the past we had a mode called real mode, so real mode used 20 bits for an address. So they had 16 bit
07:35
addresses for the registers, as we can see. All right, so we had 16 bit registers, but they wanted to be able to access more memory,
07:45
and so they would use to 16 bit enough numbers, and then they would shift them. So when was the selector and one was the offset.
07:51
They would shift them in order to get the address.
07:55
Now, this is not great because it does wastes a memory, and then addresses are unique. So there are multiple ways to come up with the same unique address
08:05
by picking different selectors or offsets. So here, an example as we might have. And this is in hex. Right? So we got 8000 in hex and 2 50 hex. And so we shift one of these four bits by adding another zero, and then we add the two together and this would give us a real address that we have
08:24
now. This is used when we had the different selector so the code segment data segment stack segment registers.
08:33
But what they did is they introduce another mode called Protected Moon, and so protected mode implements this notion called virtual memory.
08:41
08:50
Now, if it's in 16 that we still have the selector pointing to a descriptor table. But in 32 bit, we have a whole bunch of different segment registers that point to
08:58
a hierarchy of descriptor tables that we'll see in a little bit.
09:03
And then we also have 64 bit, so 64 bit protected mode would add 64 bed addresses. And so that means that we can access up to 16 exabytes of memory, which is quite a bit. It's a lot more than the four gigabyte. I remember
09:20
when I had a computer that had six gigabytes of memory and it would only be able to see four
09:24
because it was running a 32 bit os
09:28
and so are 32 better dresses go from zero to all efs right in hex, and that is four gigabytes,
09:35
and we have these segment registers, so the segment registers will point to descriptor tables, which then we have a global descriptor table, which describes globally. And then we have local ones
09:46
for different processes. And so this is a memory hierarchy. You don't need to know a lot about it, but you just need to know that it exists,
09:58
paging and interrupts.
09:58
So paging is is the notion that not all memory is loaded and some memory can be page or swapped out to disk. So if you have a program that might need four gigabytes of or 10 gigabytes of memory and you only have four gigabytes, it only load the parts that it's actually using at any one given time
10:18
and other parts might get swapped out to this, and this allows you to
10:22
run a program that wouldn't fit all in ram.
10:26
And so when you try and access a page that isn't in memory, it generates. So it's called a page fault. And so that process is then suspended. The page that it was trying to request is unloaded, and then the process is resumed, and it continues as though nothing ever happened. So the process never sees the fact that
10:45
it was suspended. But that's what happens when a page is not in memory
10:50
and then interrupts are a way of interrupting the flow of our program So you can think of it as we could have done one way, which is called polling, Which was where we asked something If
11:01
and we ask a device if something happened. So you go to the keyboard and say, Did they press a key to the press? A key to the press? A key.
11:09
But a computer is running very quickly. It's running at several gigahertz, and so had spent a lot of time asking the keyboard if anything happened. So what we have is when Ah, hardware device has some information that the processor might want. It generates an interrupt so we can have that for a keyboard,
11:26
a timer, a disk, a network traffic or a sound card.
11:31
Additionally, we have software interrupts. There's two different categories, so some are for, like illegal memory access or a software timer. Where is where you set a timer and then you want your software to wake up when that occurs,
11:45
or we have heirs. So heir's heir called traps. So you try and do something that's totally illegal. Gonna break the computers. So, for example, if you try and divide by zero, the computer will
11:56
run forever, doing nothing, trying to divide by zero.
12:01
So that will generate a trap. And it'll stop the processor from doing that
12:07
or we have illegal instructions. So, for example, you're trying to run instruction that
12:11
is
12:13
reserved for the colonel or you're trying to access memory that doesn't belong to you, belongs to some other process. This helps both protect programs from each other and gives us security inside of the system.
12:28
So today we talked about computer organization. We talked about some of the registers that we will see later on. We talked about a little bit of the history of computers and different models and when features were introduced and then we talked about memory, paging and interrupts.
12:46
Looking forward, we're going to talk about two's complement in more detail and additionally, Hexi Decimal.
12:54
If you have questions, you can email me at Miller MJ at you and Kate Ie to you, or you can find me on Twitter at Milhouse 30

Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

Instructed By

Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor