Saving Registers

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Assembly

Course

Time

13 hours 15 minutes

Difficulty

Beginner

Video Transcription

00:01

Hello. This is Dr Miller, and this is Episode 6.8 of Assembly.

00:06

Today we're gonna talk about saving the register state,

00:11

so saving registers.

00:12

So when you are in a function, you might have a set of registers that are doing something.

00:19

And before you call another function, you will want to maybe save those right so that you don't ruin them while you're in the function.

00:27

And so there are a couple of different approaches to this. So the first is to basically push all of the registers that are modified,

00:34

So you keep track of which registered. Did I modify? If I didn't modify it, then I don't need to save it.

00:40

You also could push all of the registers. So just push all the general purpose ones, and then you don't have to worry about it in the end.

00:49

And then we can also push the flags.

00:53

So saving registers wanted a time. So what you want to do is you want to figure out rich registers that you want to save onto the stack, and then you pick a certain order. So here I Didier X and then EEC X and then ebx that order could be anyone that you choose.

01:07

You do your normal function stuff, so you modify the registers and then when you pop them off, one of the things to remember is that you need to go in the opposite order that you push them

01:18

right because they stack is a last in first out.

01:22

And so if the last thing that I pushed his e b X, then the first thing that I need to restore is ebx and then EEC X and then e x.

01:32

And so when you enter your function, you do your prologue as normal. And then you would save any registers that you need.

01:38

And then you do the function stuff, and at the end you'd restore them, and then you can exit using the epilogue.

01:47

Now, the second approach is to basically just save all of the registers. And so you can use a command like push a d.

01:53

So that stands for push and then a is for all and then d means d words. So we're using the extended registers

02:00

and so this will save all of them and it saves them in a weird order. It so yea x then e c x than e d x than e b X

02:08

then the yes p when it started. Um, E v P yes, I and e D i.

02:15

And then the opposite command for this is pop 80 right? So it goes in the reverse order. So Edie eyes first. Yes, I e bp ebx e d x, Easy X

02:23

and then find the X. And then e s p is restored back to the state that it was before this call was issued.

02:34

And then if you're worrying about flags So if you maybe set a flag using a command like a compare or something like that,

02:42

you could basically save all of them. And it uses the double word

02:45

and that you can use push f d to save all of the flags onto the stack and then pop FD to restore them from the stack.

02:52

And this is if you had had flags and you were worried about them being modified in the function. Or if you're near function, you are going to modify them, and you

03:00

don't want to mess up somebody else.

03:04

Now keep in mind all of the saving is taking extra space and taking extra time.

03:08

So it does take extra cycles for it to save the data to the stack. And the stack is stored in Ram and Ram is slower than the CPU. And so there comes a performance penalty when you save all of these registers.

03:23

So let's do some examples.

03:25

So first, we're going to save some of the registers, and then we're gonna save all of them and our 1st 1 we're actually going to go back to an example we've previously done

03:37

so. This is a function that we looked at previously,

03:40

and we can see this is the mod function. And so if I'm going to this function, I need to look in my body and see what registers do. I modify.

03:50

So it looks like I modify E, c, X and E x and E. D X. And then I do a divide, and that is also going to modify yea X and E. D X.

04:00

And then I save my result.

04:01

And so here the results of my function is going to be stored in E. X. So I don't want to save that in the restoring, because then all of the work that I didn't. My function will be useless,

04:12

but I do want to save maybe e c x and e d. X. So I come in here picking order that I want to and say push E c X

04:21

push DDX

04:25

And then at the end, I want to restore those so pop and then the reverse order e d x

04:31

pop e c x

04:35

and now I function should still work as normal. But now it hasn't modified those registers, right? It saved them and then restored them.

04:47

And so it should still work,

04:50

All right. And then the second example,

05:03

we're going to use the push a d. Now

05:08

it's kind of interesting, because inside of our function, we did use Push A and Pop, which are pneumonic Same new Monix, right? So push all of those registers.

05:16

Let's just look at what it does.

05:18

So if we give ourselves some values here,

05:24

so move one into yaks New

05:28

two and TVX

05:31

four into dcx

05:36

eight

05:42

05:45

just picking registers that are going to get saved.

05:54

Okay.

05:55

And then what I want to do is I want to save all of my registers so I can say push

06:00

a D and I'm gonna give this a label.

06:04

So that way, when I'm debugging Aiken just just set a break point for that label,

06:11

and then I could do some extra work so I can say something like movie X

06:15

20 Movie v X

06:19

30 movie, see Ex

06:24

40.

06:26

Move. Yes, I

06:29

06:34

80.

06:36

And then I'll go on all restore my registers So, pop e d.

06:48

All right,

06:49

And then we're just gonna run that a bugger so that we can kind of see what's gonna happen. So g d B

06:56

6.8

06:58

And then because I put that label and I can just say break and then here. So it's a nice, convenient way to do that.

07:04

So then I can start running type are.

07:09

And so we've issued all of the commands to modify e x e b excess. We can see that the values of our registers have been set. Right, So we set e x ebx ccx

07:19

e d x e v p yes, I and e d. I also different separate values

07:26

and then we're gonna issue the push function, so we should see all of those values Go here into this stack

07:33

so all

07:34

step my instruction. So now we can say see yea x, I think Ebx e c x e d x.

07:43

You got a stack pointer, E b P

07:46

um, yes, Size 10. And Edie eyes 20.

07:50

So you can see that those are saved onto the stack

07:54

and now we'll just go through and we're modifying all of these registers.

07:59

All right, so we got to the point where a modified each one of them, right? So now they're completely different values than we had before, and I left sort of gsp alone.

08:07

And then when I do the pop A,

08:11

we can see that our registers got reset back to what they were right. So we were able to save them, and it saved them in a particular order.

08:18

And then we were able to restore them using the pop function.

08:24

And then I can finish the program, which doesn't do anything.

08:33

So today we talked about saving registers in a function and either doing that by saving all of the registers or doing it by saving the ones that we modified. And generally the approach would be to save the ones you modify. If you know which ones are gonna be modified.

08:50

And then if you have flags, we learned how to save those flags in a function.

08:54

So looking forward, we're gonna have ah, more complicated example that uses the stack and parameters and then saves registers that we're modifying.

09:05

So here's our quiz. So what is the command that will save all of the general purpose registers?

09:13

Push a D.

09:15

What is the command that will restore the flags again? Assuming that you have saved them

09:22

pop F D.