MediaWiki API result
This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.
Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.
See the complete documentation, or the API help for more information.
{
"batchcomplete": "",
"continue": {
"gapcontinue": "Rp",
"continue": "gapcontinue||"
},
"warnings": {
"main": {
"*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
},
"revisions": {
"*": "Because \"rvslots\" was not specified, a legacy format has been used for the output. This format is deprecated, and in the future the new format will always be used."
}
},
"query": {
"pages": {
"1734": {
"pageid": 1734,
"ns": 0,
"title": "References (Hacking)",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "* [http://www.sans.org/resources/tcpip.pdf?ref=3871 Protocol cheat sheet]\n* [http://windbg.info/doc/1-common-cmds.html Windbg commands]\n* [http://pauldotcom.com/WindowsFileObfuscation%20Techniques.pdf Windows filename obfuscation cheat sheet]\n* [http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf Nmap cheat sheet]"
}
]
},
"10": {
"pageid": 10,
"ns": 0,
"title": "Registers",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "{{Infobox assembly}}\n\nThis section is the first section specific to assembly. So if you're reading through the full guide, get ready for some actual learning! \n\nA register is like a variable, except that there are a fixed number of registers. Each register is a special spot in the CPU where a single value is stored. A register is the only place where math can be done (addition, subtraction, etc). Registers frequently hold pointers which reference memory. Movement of values between registers and memory is very common. \n\nIntel assembly has 8 general purpose 32-bit registers: eax, ebx, ecx, edx, esi, edi, ebp, esp. Although any data can be moved between any of these registers, compilers commonly use the same registers for the same uses, and some instructions (such as multiplication and division) can only use the registers they're designed to use. \n\nDifferent compilers may have completely different conventions on how the various registers are used. For the purposes of this document, I will discuss the most common compiler, Microsoft's. \n\n== Volatility ==\nSome registers are typically volatile across functions, and others remain unchanged. This is a feature of the compiler's standards and must be looked after in the code, registers are not preserved automatically (although in some assembly languages they are -- but not in x86). What that means is, when a function is called, there is no guarantee that volatile registers will retain their value when the function returns, and it's the function's responsibility to preserve non-volatile registers. \n\nThe conventions used by Microsoft's compiler are:\n* '''Volatile''': ecx, edx\n* '''Non-Volatile''': ebx, esi, edi, ebp\n* '''Special''': eax, esp (discussed later)\n\n== General Purpose Registers ==\nThis section will look at the 8 general purpose registers on the x86 architecture.\n\n=== eax ===\neax is a 32-bit general-purpose register with two common uses: to store the return value of a function and as a special register for certain calculations. It is technically a volatile register, since the value isn't preserved. Instead, its value is set to the return value of a function before a function returns. Other than esp, this is probably the most important register to remember for this reason. eax is also used specifically in certain calculations, such as multiplication and division, as a special register. That use will be examined in the instructions section. \n\nHere is an example of a function returning in C:\n return 3; // Return the value 3\n\nHere's the same code in assembly:\n mov eax, 3 ; Set eax (the return value) to 3\n ret ; Return\n\n=== ebx ===\nebx is a non-volatile general-purpose register. It has no specific uses, but is often set to a commonly used value (such as 0) throughout a function to speed up calculations. \n\n=== ecx ===\necx is a volatile general-purpose register that is occasionally used as a function parameter or as a loop counter. \n\nFunctions of the \"__fastcall\" convention pass the first two parameters to a function using ecx and edx. Additionally, when calling a member function of a class, a pointer to that class is often passed in ecx no matter what the calling convention is. \n\nAdditionally, ecx is often used as a loop counter. ''for'' loops generally, although not always, set the accumulator variable to ecx. ''rep-'' instructions also use ecx as a counter, automatically decrementing it till it reaches 0. This class of function will be discussed in a later section. \n\n=== edx ===\nedx is a volatile general-purpose register that is occasionally used as a function parameter. Like ecx, edx is used for \"__fastcall\" functions. \n\nBesides fastcall, edx is generally used for storing short-term variables within a function. \n\n=== esi ===\nesi is a non-volatile general-purpose register that is often used as a pointer. Specifically, for \"rep-\" class instructions, which require a source and a destination for data, esi points to the \"source\". esi often stores data that is used throughout a function because it doesn't change. \n\n=== edi ===\nedi is a non-volatile general-purpose register that is often used as a pointer. It is similar to esi, except that it is generally used as a destination for data. \n\n=== ebp === \nebp is a non-volatile general-purpose register that has two distinct uses depending on compile settings: it is either the frame pointer or a general purpose register. \n\nIf compilation is not optimized, or code is written by hand, ebp keeps track of where the stack is at the beginning of a function (the stack will be explained in great detail in a later section). Because the stack changes throughout a function, having ebp set to the original value allows variables stored on the stack to be referenced easily. This will be explored in detail when the stack is explained. \n\nIf compilation is optimized, ebp is used as a general register for storing any kind of data, while calculations for the stack pointer are done based on the stack pointer moving (which gets confusing -- luckily, IDA automatically detects and corrects a moving stack pointer!)\n\n=== esp ===\nesp is a special register that stores a pointer to the top of the stack (the top is actually at a lower virtual address than the bottom as the stack grows downwards in memory towards the heap). Math is rarely done directly on esp, and the value of esp must be the same at the beginning and the end of each function. esp will be examined in much greater detail in a later section.\n\n== Special Purpose Registers ==\nFor special purpose and floating point registers not listed here, have a look at the [http://en.wikipedia.org/wiki/IA-32 Wikipedia Article] or other reference sites. \n=== eip ===\n\n''eip'', or the instruction pointer, is a special-purpose register which stores a pointer to the address of the instruction that is currently executing. Making a jump is like adding to or subtracting from the instruction pointer. \n\nAfter each instruction, a value equal to the size of the instruction is added to eip, which means that eip points at the machine code for the next instruction. This simple example shows the automatic addition to eip at every step:\n\n eip+1 53 push ebx\n eip+4 8B 54 24 08 mov edx, [esp+arg_0]\n eip+2 31 DB xor ebx, ebx\n eip+2 89 D3 mov ebx, edx\n eip+3 8D 42 07 lea eax, [edx+7]\n .....\n\n=== flags ===\nIn the flags register, each bit has a specific meaning and they are used to store meta-information about the results of previous operations. For example, whether the last calculation overflowed the register or whether the operands were equal. Our interest in the flags register is usually around the ''cmp'' and ''test'' operations which will commonly set or unset the zero, carry and overflow flags.\nThese flags will then be tested by a conditional jump which may be controlling program flow or a loop.\n\n== 16-bit and 8-bit Registers ==\n\nIn addition to the 8 32-bit registers available, there are also a number of 16-bit and 8-bit registers. The confusing thing about these registers it that they use the same storage space as the 32-bit registers. In other words, every 16-bit register is half of one of the 32-bit registers, so that changing the 16-bit also changes the 32-bit. Furthermore, the 8-bit registers are part of the 16-bit registers. \n\nFor example, eax is a 32-bit register. The lower half of eax is ax, a 16-bit register. ax is divided into two 8-bit registers, ah and al (a-high and a-low). \n\n* There are 8 32-bit registers: eax, ebx, ecx, edx, esi, edi, ebp, esp.\n* There are 8 16-bit registers: ax, bx, cx, dx, si, di, bp, sp.\n* There are 8 8-bit registers: ah, al, bh, bl, ch, cl, dh, dl. \n\nThe relationships of these registers is shown in the table below:\n\n<table border='1px' cellspacing='0' cellpadding='0' width='485'>\n\t<tr>\n\t\t<td colspan='1' width='25' align='left'>32-bit</td>\n\n\t\t<td colspan='4' width='100' align='center'>eax</td>\n\t\t<td colspan='1' rowspan='3' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>ebx</td>\n\t\t<td colspan='1' rowspan='3' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>ecx</td>\n\t\t<td colspan='1' rowspan='3' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>edx</td>\n\t</tr>\n\t<tr>\n\t\t<td colspan='1' width='25' align='left'>16-bit</td>\n\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>ax</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>bx</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>cx</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>dx</td>\n\t</tr>\n\t<tr>\n\t\t<td colspan='1' width='25' align='left'>8-bit</td>\n\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'>ah</td>\n\t\t<td colspan='1' width='25' align='center'>al</td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'>bh</td>\n\t\t<td colspan='1' width='25' align='center'>bl</td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'>ch</td>\n\t\t<td colspan='1' width='25' align='center'>cl</td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'> </td>\n\t\t<td colspan='1' width='25' align='center'>dh</td>\n\t\t<td colspan='1' width='25' align='center'>dl</td>\n\t</tr>\n\n\t<tr>\n\t\t<td colspan='20'> </td>\n\t</tr>\n\n\t<tr>\n\t\t<td colspan='1' width='25' align='left'>32-bit</td>\n\n\t\t<td colspan='4' width='100' align='center'>esi</td>\n\t\t<td colspan='1' rowspan='2' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>edi</td>\n\t\t<td colspan='1' rowspan='2' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>ebp</td>\n\t\t<td colspan='1' rowspan='2' width='15'> </td>\n\t\t<td colspan='4' width='100' align='center'>esp</td>\n\t</tr>\n\t<tr>\n\t\t<td colspan='1' width='25' align='left'>16-bit</td>\n\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>si</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>di</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>bp</td>\n\t\t<td colspan='2' width='50' align='center'> </td>\n\t\t<td colspan='2' width='50' align='center'>sp</td>\n\t</tr>\n</table>\n\nHere are two examples:\n<table border='1px' cellspacing='0' cellpadding='0'>\n\t<tr>\n\t\t<td width='50'>eax</td>\n\t\t<td width='100'>0x12345678</td>\n\t</tr>\n\t<tr>\n\t\t<td>ax</td>\n\t\t<td>0x5678</td>\n\t</tr>\n\t<tr>\n\t\t<td>ah</td>\n\t\t<td>0x56</td>\n\t</tr>\n\t<tr>\n\t\t<td>al</td>\n\t\t<td>0x78</td>\n\t</tr>\n</table>\n\n\n\n<table border='1px' cellspacing='0' cellpadding='0'>\n\t<tr>\n\t\t<td width='50'>ebx</td>\n\t\t<td width='100'>0x00000025</td>\n\t</tr>\n\t<tr>\n\t\t<td>bx</td>\n\t\t<td>0x0025</td>\n\t</tr>\n\t<tr>\n\t\t<td>bh</td>\n\t\t<td>0x00</td>\n\t</tr>\n\t<tr>\n\t\t<td>bl</td>\n\t\t<td>0x25</td>\n\t</tr>\n</table>\n\n== 64-bit Registers ==\n\nA 64-bit register is made by concatenating a pair of 32-bit registers. This is shown by putting a colon between them. \n\nThe most common 64-bit register (used for operations such as division and multiplication) is edx:eax. This means that the 32-bits of edx are put in front of the 32-bits of eax, creating a double-long register, so to speak. \n\nHere is a simple example:\n<table border='1px' cellspacing='0' cellpadding='0'>\n\t<tr>\n\t\t<td width='80'>edx</td>\n\t\t<td width='200'>0x11223344</td>\n\t</tr>\n\t<tr>\n\t\t<td>eax</td>\n\t\t<td>0xaabbccdd</td>\n\t</tr>\n\t<tr>\n\t\t<td>edx:eax</td>\n\t\t<td>0x11223344aabbccdd</td>\n\t</tr>\n</table>\n\n== Questions ==\nFeel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists."
}
]
}
}
}
}