Part – 1 System Organization

Assembly language knowledge will be helpful in exploitation techniques like buffer overflow, format string as well as for reverse engineering. If you drive into topics like exploitation techniques, reverse engineering without having prior knowledge of assembly language then it will be next to impossible to understand these topics. If you don’t have any knowledge then these tutorials will help you to get start with assembly language very fast.
System Organization Basics :- CPU, Memory, I/O devices are the basic building block of a computer and all these 3 communicate using system bus.
1. CPU :- Broadly CPU consists of 3 parts.
a. Control Unit – It retrieve/decode instructions and retrieve/store data while CPU actually executing instructions.
b. Execution Unit – In this actual execution happens.
c. Registers – For execution, execution unit needs to access internal memory locations(addresses), registers are used to access the memory address so work as variables.
d. Flags – Indicate various events when execution happens. For example – Zero bit flag is set whenever any instruction results in a zero.

CPU Registers are of mainly 4 types : –
1. General Purpose Registers – Use during calculations in C.P.U. Mainly of 8 types –

a. EAX – Its call Accumulator register. Use for storing operands and result data.
b. EBX – Its call Base register. Use to store pointers to data.
c. ECX – Its call Counter register. Use in loop, string operations.
d. EDX – its call Data register. Used as I/O pointer.
e. ESI – SI stands for Source index. It is a data pointer register and use for memory operations and string operations.
f. EDI – DI stands for Data index. It is a data pointer register and use for memory operations and string operations.
g. ESP – Its call Stack pointer register. It always point to the top of the stack.
h. EBP – Its call Stack data pointer register.

A 32 bit Intel or compatible processor has three native data sizes BYTE, WORD, DWORD corresponds to 8-bit, 16-bit and 32-bit.
In hexadecimal
BYTE 00
WORD 0000
DWORD 0000
In 32 bit processor EAX, EBX, ECX, EDX is of size 32-bit pointing form 0 to 31.
These 4 registers allow selective access to their lower order bits by using a different name. For example AH, AL, BH, BL etc.
Registers
These 4 can be divided in two parts of 16-bit each. Further the right 16-bit may be divided into 8-bit each. Right most 16-bits are called AX in EAX and right most 8 bits form 0 to 7 are called AL(L stands for lower) and 8 to 15 bits are called AH(H stands for higher).In similar way we can divide the bits in EBX, ECX, EDX.

2. Segment Registers : – Mainly of 6 types –
a. CS – Code segment
b. DS – Data segment
c. SS – Stack segment
d. ES
e. FS
f. GS
d, e, f used as pointers to point other segments.

3. Instruction Pointer Register : – It consist of only EIP register. EIP points to the instruction CPU is executing at that point of time.

4. Control Registers : – These registers are internal to the CPU for various calculations. Mainly consists of 5 types –
a. CR0
b. CR1
c. CR2
d. CR3
e. CR4

2. Memory : – For our concern we need to understand the virtual memory model. Few key points about Virtual memory model are –
i. In computer every new program is laid out as a new process.
ii. Every process laid out in same virtual memory space, it means every process believe that entire system is for itself and it is running in entire space.
iii. Operating System and processor together maintain the abstraction, it means they abstract out all these complicated memory layouts from process itself.

Program Memory

– – – – – – – – – – – – –
| Stack | → Store function argument and local variables
– – – – – – – – – – – – –
| Unused memory |
– – – – – – – – – – – – –
| Heap | → Dynamic memory
– – – – – – – – – – – – –
| .bss | → Uninitialized data
– – – – – – – – – – – – –
| .data | → Initialized data
– – – – – – – – – – – – –
| .text | → Actual program code, consist of executable instructions
– – – – – – – – – – – – –
i. Stack points to the highest memory location and .text points to the lowest memory location.
ii. Stack grows down to memory.
iii. Stack if LIFO(last in first out), it means the element comes last goes out first.
iv. ESP points to the top of stack.

Higher memory – – – – – – – – – – – – –
| 0xAAAAA…1 | |
– – – – – – – – – – – – –
ESP –> | 0x120….. |
– – – – – – – – – – – – –
| |

Lower Memory

These were the some basic terms related to System Organization. If you have any doubts or queries, feel free to comment 🙂

Next Part -2 ==> Virtual Memory Organization

Leave a Reply

Your email address will not be published. Required fields are marked *