EIP和其他寄存器在x86进程中的位置 [英] The location of EIP and other Registers in x86 Process
问题描述
我正在使用x86指令,但现在我对此感到困惑:
I am working with x86 instructions and now I confused about :
x86寄存器(例如:EIP,ESP等)存储在哪里? 例如,当我使用ollydbg时,我可以看到实际的EIP寄存器值是什么以及它如何变化.
Where do x86 Registers (Like :EIP,ESP and etc.) stores ?! For example when I use ollydbg I could see what is the actual EIP register value and how it changes.
如果它存储在内存中,实际位置在哪里? (例如,在.data .text或.bss中)
If it stores in memory where is the actual location ? (For example in .data .text or .bss)
我可以手动更改另一个进程的EIP吗?怎么样?!
And can I change the EIP of another process manually ?! How ?!
推荐答案
您对寄存器是什么有严重的误解.
You have a severe misconception about what a register is.
注册实际上是实际上一个注册,即处理器中很小的一块内存,可以包含操作数,也可以成为CPU指令的目标.它在内存中没有地址-确实可以访问寄存器.
A register is actually a register, ie. a really small piece of memory in the processor that can contain the operands or can be the target of a CPU instruction. It doesn't have an address in memory - it's really adressable as the register it is.
RAM完全不同– x86程序可以在没有RAM的情况下完全运行,但是没有对寄存器不起作用的操作.例如,要在RAM中的某个位置添加两个数字,可以使用LOAD指令将这两个数字加载到两个寄存器中,然后使用ADD指令将一个数字添加到另一个中,以一个寄存器为目标,然后使用一些STORE指令获取寄存器值并将其写入RAM中的某个地址.
RAM is something totally different – an x86 program can work completely without RAM, but there's no operation that doesn't work on registers. For example, to add two numbers that are somewhere in RAM, you use LOAD instructions to load these two numbers into two register, and then some ADD instruction to add one number to the other, targeting a register, and then there's some STORE instruction that takes the register value and writes it to some address in RAM.
因此,没有特定于进程"的寄存器.每个CPU内核只有一组寄存器(尽管有一些特殊功能,例如虚拟化),并且有一些机制可以将寄存器存储在RAM中,以及从RAM中恢复寄存器,例如在调用函数或切换上下文时.
So, there's no "process-specific" registers. Every CPU core has exactly one set of registers (some specialities like virtualization nonwithstanding), and there's mechanisms to store registers in RAM, and restore them from RAM, for example when calling a function or switching contextes.
这篇关于EIP和其他寄存器在x86进程中的位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
