Overview of the x64 Disassembly
Explore the essentials of x64 disassembly within Linux core dump analysis. Understand CPU registers like RAX and RIP, instruction formats, memory and stack addressing, and function prologues. This lesson equips you to reconstruct stack traces and interpret assembly code relevant to diagnosing process and kernel failures.
Now, we come to a brief overview of relevant x64 disassembly. We only cover what we would see in the exercises.
CPU registers
The names of the usual 32-bit CPU registers, such as EAX, are extended to 64-bit versions, such as RAX. Most of the registers are traditionally specialized, such as ALU, counter, and memory copy registers. Although, now they all can be used as general-purpose registers.
There is, of course, a stack pointer, RSP, and, additionally, a frame pointer, RBP, that is used to address local variables and saved parameters. It can be used for backtrace reconstruction.
In some compiler code generation implementations, RBP is also used as a general-purpose register, with RSP taking the role of a frame pointer. An instruction pointer RIP is saved in the stack memory region with every function call, which is then restored on returning from the called function.
In addition to these registers, the x64 platform features another eight general-purpose registers, from R8 to R15.
Note: The ...