What Is A X86 Cpu – Android Consejos
A Hacker’s Tour of the X86 CPU Architecture
Overview
The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU architecture for modern computer systems, barring embedded and mobile devices. This architecture supports 64-bit, 32-bit, and 16-bit.
First, to have it documented here so that future blog posts that require this information as a prerequisite can simply link to this page. Second, this is just an interesting topic. The x86 architecture is an older architecture that has a lot of interesting history to it, and a lot of backward compatibility remains in it today.
This guide is not a comprehensive guide to the features of the x86 architecture, and some of this might be oversimplified, but the idea is to make this a primer to the x86 CPU architecture for future lessons that will expect you to know these basics.
The X86 CPU Architecture – Instruction Lengths
The X86 instruction set allows for dynamic lengths for instructions. This is interesting as this means the offset for instructions is not fixed, unlike ARM where it would need to be an offset of 2 or 4 increments, depending on if you are in Thumb mode or not. This is also interesting because this means that if you have an instruction that is 5-bytes long and you land at the second byte into the instruction, it may very well take on an entirely new meaning!
As an example, the screenshot below shows we can make an instruction that will move a dword value into EAX, which creates a 5-byte long instruction. However, if we jump 1 byte into the instruction, it instead translates into 4 separate instructions.
This is extremely helpful when looking for ROP gadgets for memory corruption bugs on X86 targets and means that the instructions leading up to a return may produce more ROP gadgets.
The X86 CPU Architecture – Registers
Registers are small amounts of data storage on the CPU that can be used to store data that is currently being processed. These registers on 32-bit x86 are in fact 32 bits or 4 bytes in size. That’s what makes it a 32-bit architecture. The x86 architecture is capable of 64-bit as well, which would add 64-bit registers, with backwards-compatible support for the 32-bit and below registers.
When writing assembly, you will generally see a preference for using registers for data as it is much faster than using RAM since it never leaves the CPU. But you need to be mindful that these registers do serve purposes built into the instruction set itself.
For example, the instruction MUL, which only takes one operand, will multiply a register against EAX and store the result as a 64-bit value across EDX and EAX. That would mean that EAX was read and used, and EDX and EAX were overwritten by calling the MUL instruction. Keep that in mind when using these registers for storage. But if you think things through, this can be used however you see fit. This can also be used for quick neat tricks. For example, we could zero out EAX, EBX, & EDX registers with 2 instructions rather than using 3 separate instructions to accomplish this with the following assembly code.
XOR EBX, EBX ; XOR EBX by itself, resulting in the register being zero MUL EBX ; Multiply EAX by EBX (zero). The values are stored in ; EAX and EDX. Anything multiplied by zero is zero.
Depending on the OS that is using this architecture, these registers may take on other meanings and uses as well. For example, in Linux, these registers can be used to set up syscalls before invoking the interrupt.
Registers – General Purpose
The table below shows a list of the 32-bit general-purpose registers on an x86 CPU:
Register Purpose EAX Accumulator RegisterUsed in arithmetic operationsWhere values are generally returned to EBX Base PointerUsed as a pointer to data ECX Counter RegisterUsed in shift or rotate instructions and as a loop counter EDX Data RegisterUsed in arithmetic operationsUsed in I/O operations ESI Source Index RegisterPointer to source in streams EDI Destination Index RegisterPointer to destination in stream operations ESP Stack PointerPointer to the top of the stack EBP Base PointerPointer to the bottom of the current stack frame EIP Instruction PointerPointer to the next instruction to execute
These purposes listed in the table are what they are intended to be used for, but they can be used to store random data as well. The x86 architecture is older and supports some interesting dynamics on registers. It now supports 64-bit, which supports 32-bit, which supports 16-bit, which supports 8-bit registers! This is actually useful as this means that we can in 32-bit mode make use of the 16-bit or 8-bit registers! For example, the accumulator register can be represented in the following forms:
Note the AH and AL registers. These let you access the High byte and Low byte of the 16-bit register AX. I wanted to point that out as these are High/Low 8-bit registers. Not all registers have that, but it’s worth mentioning because it will be featured in the table below which outlines the register naming conventions.
Register 64-Bit 32-Bit 16-Bit 8-Bit (High) 8-Bit (Low) Accumulator RAX EAX AX AH AL Base RBX EBX BX BH BL Counter RCX ECX CX CH CL Data RDX EDX DX DH DL Source RSI ESI SI SIL Destination RDI EDI DI DIL Stack RSP ESP SP SPL Stack Base RBP EBP BP BPL Program Counter RIP EIP IP
Registers – Segment Registers
Segment registers were intended to be base pointers to various segments of a program (code, data, etc.). For the most part, these aren’t used anymore by modern OSes for this purpose, but rather for their own purposes. For example in Linux, gs or fs are generally used to implement stack canary information to protect against buffer overflows. Below shows an example of using the GS segment register to implement the stack cookie being set up and checked at the end of a function to determine if a stack overflow has occurred.
The segment registers are listed below for what they were originally intended for:
Segment Register Purpose CS Code DS Data SS Stack ES Extra Data #1 FS Extra Data #2 GS Extra Data #3
Registers – EFLAGS Register
The EFLAGS register is a 32-bit register that is used to represent various bitwise “flags” in boolean context, either it’s set or not set. These flags are generally 1 bit in size, except for one flag IOPL, which we are not going to dive into in this post. Most of the flags in the 32-bit register aren’t super important. However, the ones that will apply the most to reverse engineering, shellcoding, or ASM programming efforts are as follows:
Bit Field Symbol Name Description 0 CF Carry Flag Set if the last arithmetic operation carried or borrowed a bit over the size of the register. 6 ZF Zero Flag Set if the result of an operation is zero 7 SF Sign Flag Set if the result of an operation is negative 8 TF Trap Flag Set if debugging step by step. 10 DF Direction Flag Controls the stream direction.
if set the stream operations will decrement the pointer rather than incrementing it.
This basically allows you to control the direction that a stream operation reads 11 OF Overflow Flag Set if signed arithmetic operations result in a value too large for the register to hold
Registers – 128, 256, and 512 Bit Registers
Various extensions over the years have required the addition of larger registers to support things such as floating points, large numbers and vectors, and AES. These registers, while larger, do require the CPU to have the support for that extension, as these registers require special instructions to access them.
Registers Size Registers Extension 128-Bit XMM0-XMM15 SSE (XMM0-XMM7)AMD64 (XMM8-XMM15) 256-Bit YMM0-YMM15 AVX (Advanced Vector Extensions) 512-Bit ZMM0-ZMM31 AVX-512
It is worth noting that support for the extensions that support these feature sets can be all over the place. If it is there then you can leverage these and their instructions, if not, expect the program to crash since the CPU will not understand the instruction. For details and support matrices, the Wikipedia article at is a good source or you can check Intel’s ARK at
The X86 CPU Architecture – Memory Model
The X86 CPU architecture uses little-endian ordering for memory storage. This means that when a sequence of bytes is stored in memory, the least significant byte comes first. To keep this simple, it means that the byte order of data is effectively reversed when being stored in memory.
For Example: The hex value 0xDEADBEEF would be stored in memory as 0xEF, 0xBE, 0xAD, 0xDE.
Conclusion
I hope you’ve enjoyed this blog post and learned something new today about the x86 architecture. Future posts will depend on this baseline knowledge and I hope this primer brings you up to speed comfortably. Ready for a challenge? We post Mystery Challenges on Facebook, Linkedin, and Twitter. If you’re interested in security fundamentals, we have a Professionally Evil Fundamentals (PEF) channel that covers a variety of technology topics. We also answer general basic questions in our Knowledge Center. Finally, if you’re looking for a penetration test, professional training for your organization, or just have general security questions please Contact Us.
Linux X86 Assembly Series Blog Post
Interested in more information about the X86 architecture and Linux shellcode/assembly? This blog is a part of a series and the full list of blogs in this series can be found below:
Definition from WhatIs.com
x86-64 is a 64-bit processing technology developed by AMD that debuted with the Opteron and Athlon 64 processor. x86-64 is also known as x64 and AMD64.
x86-64 enables 64-bit processing advantages such as increased memory space (up to 256TB) and processing more data per clock cycle. The technology is similar to Intel’s server-oriented IA-64. However, x86-64 made 64-bit computing more available to the mainstream consumer through its capacity to run 32-bit programs simultaneously without emulation or loss of performance.
Intel licenses x86-64 technology for use in their processors, much as AMD gets their x-86 from Intel.
What Is A X86 Cpu – Android Consejos
What is x86 in CPU?
x86 refers to a 32-bit CPU and operating system while x64 refers to a 64-bit CPU and operating system.
Are all CPU x86?
x86 is a term used to describe a CPU instruction set compatible with the Intel 8086 and its successors, including the Pentium and others made by Intel and other companies. All x86 CPUs (with the rare exception of some Intel CPUs used in embedded systems) start in 16-bit real mode.
Is my computer x86 or x64?
In the right pane, look at the System Type entry. For a 32-bit version operating system, it will say X86-based PC. For a 64-bit version, youll see X64-based PC.
Does x86 mean Intel?
(1) x86 primarily means definition #2 below; however, the term may also refer to 32-bits when contrasting 32-bit with 64-bit hardware for Windows PCs (see x64). The x86 line was developed by Intel and includes the Core, Xeon, Pentium, Atom and original 8086 family (hence the 86).
Can x86 run 64-bit?
x86-32 (and x86-16) were used for the 32 (and 16) bit versions. This was eventually shortened to x64 for 64 bit and x86 alone refers to a 32 bit processor. The 64 bit computers can run both 32bit programs and 64 bit programs.
Is x86 obsolete?
Since the newer processes has become more resource hungry & since there is a limit of what an x86 based processor can compute when compared to the x64 model,it would be suffice to say, that the x86 architecture has indeed become outdated & obsolete.
Why is x86 so popular?
The IBM train Its hard to shake 36 years of momentum, and thats the main reason x86 is so popular. The IBM PC became an industry standard. IBM intended to own and control it, and that didnt exactly work out for them. Within a couple of years, several companies sold IBM-compatible computers.
Is Ryzen a x86?
The AMD Ryzen family is an x86-64 microprocessor family from AMD, based on the Zen microarchitecture. The Ryzen lineup includes Ryzen 3, Ryzen 5, Ryzen 7, Ryzen 9, and Ryzen Threadripper with up to 64 cores.
Is a Mac x86?
Since Apples 20052006 transition to Intel processors, all Macintosh computers, until the transition to Apple silicon, have used Intels x86 CPU architecture.
Is Windows 10 x86 or 64?
Windows 10 x86 (32-bit) is limited to using 4GB of RAM or less on PCs. Windows 10 x64 (64-bit) can use more than 4GB of RAM and it does this by using the AMD64 standard for 64-bit instructions. This needs the system to be able to support 64bit.
Should I download x86 or x64?
If you use a CPU that supports x64, you should always install a x64 version of windows. A x64 Windows can run both 32 and 64 bit versions of software. But, a x86 can only run 32 bit software. You should download the x86 JDK.
Is Windows 10 x86 or x64 better?
x64 = 64 bit operating system allowing more than 4gb RAM to be installed, subject to limits imposed by motherboard and / or version of Windows. x86 operating system restricting RAM to be installed to no more than 4gb RAM, subject to limits imposed by motherboard and / or version of Windows.
Is i7 a x86?
Core i7 is a family of high-end performance 64-bit x86-64 processors designed by Intel for high-end desktops and laptops. Core i7 was introduced in 2008 following the retirement of the Core 2 Quad family.
Is the M1 x86?
The M1 is an ARM processor, not an x86 processor. It features Rosetta 2 dynamic binary translation that allows it to run x86 software. The chip boasts eight CPU cores, in addition to the integrated GPU. It is manufactured using the 5-nanometer process and has 16 billion transistors.
How can I upgrade my x86 PC to 64-bit?
How to upgrade from 32Bit (x86) to 64Bit (x64) Windows 7 Backup and save existing application settings and data to migrate to the new system with Windows Easy Transfer. Boot the computer using the 64-bit (x64) Windows 7 installation DVD disc media or a Windows 7 install USB key flash drive.
Can x86 based PC?
X86 based PC means the Windows currently installed is 32 bit. Right Click This PC and select Properties. Locate System Type. then your PC is capable of running 64 bit OS.
Where did x86 come from?
The term x86 came into being because the names of several successors to Intels 8086 processor end in 86, including the 80186, 80286, 80386 and 80486 processors. Many additions and extensions have been added to the x86 instruction set over the years, almost consistently with full backward compatibility.
Is x86 doomed?
First, contrary to what some have suggested, x86 is not doomed: it does not have any inherent disadvantage. In fact, the vast x86 software ecosystem (in both the PC and data center) could actually be seen as a competitive advantage, since Arm CPUs mostly cannot simply be used out-of-the-box.
What can x86 do that ARM can t?
The core difference between those in this aspect is that ARM instructions operate only on registers with a few instructions for loading and saving data from / to memory while x86 can operate directly on memory as well.
Does ARM surpass x86?
Apple just announced that Big Sur macOS will fully support the Arm-based PC in 2020, will ship a new high-end x86 PC in 2020. It indicated that the full migration to Big Sur and the Arm-based PC would be complete in 2021.
Is x86 a RISC?
One of the ideas of RISC was that any instruction can operate on any register. So, x86 is very un-RISCy here, clearly CISC. X86 instructions can be anything between 115 bytes long, and there are tens of different instruction formats.
Is x86 a bad architecture?
> x86 is a lousy architecture, but x86-64 isnt as bad; at least it has a good number of registers unlike x86. Youre still using the 32-128 physical registers on the core. Thats why x86_64 code isnt particularly faster (sometimes slower) than the same code compiled for x86_32 mode.