2. Memory Addressing
• Refers to how operands are given instructions (instructions need
operands)
• Has two categories:-
(a) Non Memory Addressing, which is the simplest form of
addressing.
- It takes either predefined data or a register (name).
- It is the fastest way to address operands.
(b) Memory Addressing, which allows access to data in memory.
- Can be as fast as non-memory addressing only if the memory
being accessed exists in the cache that is on the CPU otherwise
several cycles are required to directly read / write to RAM.
NOTE:
When accessing memory, the operand is surrounded by square brackets.
Otherwise, without these brackets, either a memory address is being
stored to be used later or data is to be retrieved from the memory to be
worked on.
3. x86 Memory Segmentation
Memory Segmentation
• It is the division of a computer's primary memory into segments or
sections. In a computer system using segmentation, a reference to a
memory location includes a value that identifies a segment and an
offset within that segment.
• It refers to the implementation of memory segmentation in the Intel
x86 computer instruction set architecture.
X86 Segmentation
• It was introduced on the Intel 8086 in 1978 as a way to allow
programs to address more than 64 KB (65,536 bytes) of memory.
• Intel 80286 introduced a second version of segmentation in 1982 that
added support for virtual memory and memory protection.
• At this point, the original model was renamed real mode, and the new
version was named protected mode.
• The x86-64 architecture, introduced in 2003, has largely dropped
support for segmentation in 64-bit mode.
4. • In both real and protected modes the system uses 16-bit
segment registers to derive the actual memory address.
• In real mode, the registers CS, DS, SS, and ES point to
the currently used program code segment (CS), the
current data segment (DS), the current stack segment
(SS), and one extra segment determined by the
programmer (ES).
• Intel 80386, introduced in 1985, adds two additional
segment registers, FS and GS, with no specific uses
defined by the hardware.
• The way in which the segment registers are used differs
between the two modes.
x86 Memory Segmentation …
5. x86 Memory Segmentation …
• The choice of segment is normally defaulted by the
processor according to the function being executed.
• Instructions are always fetched from the code segment.
• Any stack push or pop or any data reference referring to
the stack uses the stack segment. All other references to
data use the data segment.
• The extra segment is the default destination for string
operations (for example MOVS or CMPS). FS and GS
have no hardware-assigned uses.
6. Real mode
• Is also called real address mode or v86 mode.
• It is an operating mode of all x86-compatible CPUs.
• In real mode or V86 mode, a segment is always
65,536 bytes in size (using 16-bit offsets).
• It is characterized by a 20-bit segmented memory address
space (giving exactly 1 MB of addressable memory) and
unlimited direct software access to all memory, I/O
addresses and peripheral hardware.
• It provides no support for memory protection, multitasking,
or code privilege levels.
• Before the release of the 80286, which introduced
Protected mode, real mode was the only available mode
for x86 CPUs.
• In the interests of backwards compatibility, all x86 CPUs
start in real mode when reset.
7. • Intel 8086, the predecessor to the 286, was originally
designed with a 20-bit address bus for its memory.
• This allowed the processor to access 220 bytes of
memory, equivalent to 1 megabyte.
• At the time, 1 megabyte was considered a relatively large
amount of memory, so the designers of the IBM Personal
Computer reserved the first 640 kilobytes for use by
applications and the operating system and the remaining
384 kilobytes for the BIOS (Basic Input/Output System)
and memory for add-on devices.
• As the cost of memory decreased and memory use
increased, the 1 MB limitation became a significant
problem.
• Intel intended to solve this limitation along with others with
the release of the 286.
Real mode …
8. Real mode …
• PC BIOS (IBM) and DOS operating systems (MS-DOS, DR-DOS, etc.)
operate in real mode.
• Early versions of Microsoft Windows ran in real mode, until Windows
386, which ran in protected mode.
• Windows 3.0 could run in either real or protected mode. It could actually
run in two "flavours" of protected mode: "standard mode", which ran
using protected mode, and "386-enhanced mode", which is a virtualized
version of standard mode and thus would not run on a 286.
• Windows 3.1 removed support for real mode, and it was the first
mainstream operating environment which required at least an 80286
processor.
• Almost all modern x86 operating systems (Unix, Linux, OS/2, Windows
95 and later, etc.) switch the CPU into protected mode at startup.
• 64-bit operating systems may use this only as another stepping stone to
get to long mode.
• It is worth noting that the protected mode of the 80286 is considerably
more primitive than the improved protected mode introduced with the
80386; the latter is sometimes called 386 protected mode, and is the
mode most modern 32-bit x86 operating systems run in.
9. Protected mode
• It is also called protected virtual address mode.
• It is an operational mode of x86-compatible central processing units (CPUs).
• It allows system software to use features such as virtual memory, paging and
safe multi-tasking designed to increase an operating system's control over
application software.
• When a processor that supports x86 protected mode is powered on, it begins
executing instructions in real mode, in order to maintain backwards
compatibility with earlier x86 processors.
• Protected mode was first added to the x86 architecture in 1982, with the
release of Intel's 80286 (286) processor, and later extended with the release
of the 80386 (386) in 1985.
• Due to the enhancements added by protected mode, it has become widely
adopted and has become the foundation for all subsequent enhancements to
the x86 architecture, although many of those enhancements, such as added
instructions and new registers, also brought benefits to the real mode.
• 386 had additional features to protected mode:- Paging, 32-bit physical and
virtual address space (the 32-bit physical address space is not present on the
80386SX, and other 386 processor variants which use the older 286 bus) ,
32-bit segment offsets, ability to switch back to real mode without resetting
and Virtual 8086 mode.
10. • The 286 architecture introduced protected mode, allowing
for (among other things) hardware-level memory
protection. Using these new features.
• However, this required a new operating system that was
specifically designed for protected mode.
• Since a primary design specification of x86
microprocessors is that they are fully backwards
compatible with software written for all x86 chips before
them, the 286 chip was made to start in 'real mode' – that
is, in a mode which turned off the new memory protection
features, so that it could run operating systems written for
the 8086 and the 80186.
• As of 2014, even the newest x86 CPUs (including x86-64
CPUs) start in real mode at power-on and can run
software written for almost any previous x86 chip.
Protected mode …
11. Addressing Modes
• An addressing mode is an aspect of the instruction set
architecture in most central processing unit (CPU) designs.
• The various addressing modes that are defined in a given
instruction set architecture define how machine language
instructions in that architecture identify the operand (or
operands) of each instruction.
• x86 processor has many different addressing modes that can be used
for a multitude of different purposes.
• All addressing modes take the same amount of time to execute,
however some modes require more work to be done with instructions
in order to use them effectively making them slower than other
modes.
• The addressing modes in 16 bits are slightly different than the
addressing modes in 32 bits.
• Addressing is simply how we give an instruction its operands.
• There are two types of addressing: non memory addressing and
memory addressing.
12. Non memory addressing & memory addressing
• Non memory addressing is the simplest form of addressing because
it either takes predefined data or a register name.
It is also the fastest way to address operands.
• Memory addressing allows us to access data in memory.
It can be as fast as non memory addressing modes only if the
memory being accessed exists in a cache that is on the CPU chip.
If the memory does not exist in any cache it will be directly read from
or written to RAM which can take several cycles. The processor will
stall the instruction in order to wait for a memory read or a memory
write to be completed.
When accessing memory the operand will always be surrounded by
square brackets ("[" and "]").
NOTE THAT:-
• The square brackets mean that the operand points to a memory
location and that data should be read from or written to that memory
location.
• If the operand is not surrounded by square brackets either a memory
address is being stored to be used later on or data is to be retrieved
from memory to be worked on.
13. Size of the Operation
• Sometimes when accessing memory the assembler will not know if
you want to read or write one byte, two bytes, four bytes, or more.
• mov [0x500],5
;move the number 5 into memory at the location 0x500
;without specifying if the size of number 5 to be one byte
;or two bytes, etc long.
MASM will not guess as that will lead to unpredictable behavior so
instead MASM requires you specify the size of the data you whish
to move.
This is called specifying the size of the operation;
• mov word [0x500],5
; The operation moves a word into the memory location 0x500
• mov [0x500],AX
;the size of the operation is a word because we specify to move
;the register AX (a 16 bit register) into the memory location 0x500.
14. 32-bit Protected Mode Addressing
(A) Non Memory Addressing Modes
These modes do not access memory.
These modes will work with either static data or registers.
Register addressing mode
• Is used to move data to and from registers and to manipulate the data
in a register.
• The data may be a numeric value, memory address, or general data.
• It is one of the most common and is almost always used in
conjunction with memory addressing modes.
• cmp EAX,EBX
Immediate addressing mode
• The operand's value is specified at compile time.
• This operand is usually a numeric value or the compiler can place the
offset of a label or variable from the compiler's symbol table as the
immediate operand.
15. • The operand is than compiled into the actual instruction that
the operand is a part of.
mov EAX,100
add ECX,22
(B) Memory Addressing Modes
• These perform memory operations such as reading from and
writing to memory.
• Because of the memory access, they are often slower than
using the non memory addressing modes.
• Of course a program could not rely on immediate and register
addressing modes alone.
• The processor to access memory in many different ways.
• Most instructions will only allow one operand to use a memory
addressing mode while the other operand must use either the
immediate or register addressing mode.
16. • Memory addresses are composed of several different components.
• The table below lists the components that can make up a memory address.
Direct memory addressing mode - [disp] – is the most straight forward way
to access memory.
• It is used when the exact address of the memory to access is known.
• The most common use is for the compiler to replace a label name with the
label's offset from the compiler's symbol table.
• Can also use numeric addresses.
var dd 150
var dd 150
mov EAX, [var] ;Moves the value of var (150) into EAX
add EAX,[100h] ;Adds the value of the variable at 100h (100 in hex) to EAX
cmp dword [var],150 ;Compares the value of var (150) to the value 150
Displacement Base Index Scale
no disp EAX EAX 1
16-bit disp EBX EBX 2
32-bit disp ECX ECX 4
EDX EDX 8
ESI ESI
EDI EDI
EBP EBP
ESP
17. Register Indirect addressing - [base] - allows to specify
the address of the memory to access in a register.
• This mode is especially useful when the address to a
parameter is passed to a procedure.
var dd 12
mov EAX,dd
;Moves the address of var into EAX
mov EBX,100h
mov EDX,[EAX]
;Moves the value of var into EDX
;EAX holds the memory address of var
add word [EBX],4
;Adds the value 4 (as a word) to the value
;at the memory address 100h (100 in hex)
18. Based addressing - [base + disp] - allows the use of a
base register and a displacement to access memory.
• It is possible to emulate this mode by adding the
displacement to the base register using the add
instruction.
• However using the based mode will save instruction
space as well as CPU cycles.
var dw 2
var2 dw 17
mov EAX,var
mov EBX,var2
sub word ECX,[EAX+2]
;Subtracts the value of var2 from the ECX register
mov word [EBX-2],10
;Moves 10 into the value of var
19. Indexed addressing - [(index * scale) + disp] – allows to specify
an index register, a scale factor, and a displacement.
• This mode is extremely useful when accessing elements of an
array when the element size is 1, 2, 4, or 8 bytes big.
• However, if the element size is not one of the scale sizes than,
you have to manually adjust the index according to the element
size.
array resd 10
;Creates an array who's elements are 4 bytes big mov
ESI,4
mov EDI,9
mov EBX,[ESI*4+array]
;Moves the value of the 5th element of array into EBX
inc dword [EDI*4+array]
;Increments the value of the 10th element of array
20. Based-Indexed with no scale factor addressing - [base + index +
disp] – it exists to more easily support high level language constructs.
• For example, if you had an array of structs you could use this
addressing mode to access a specific variable of an element in the
array.
• The displacement would be the address of the beginning of the
array, the base could be the element you wish to access (element
size * element number), and the index could be the variable offset
inside the struct of the element.
array resd 10 * 2 ;Creates an array of structs
;each struct consists of two dwords
mov ESI,5*8 ;Set ESI to point to the 6th element
mov EAX,4
;Set EAX to point to the second dword of our struct mov
dword [EAX+ESI+array],120
;Sets the second dword of the 6th element
;of our array to 120
21. Based-Indexed with scale factor - [base + (index * scale)
+ disp] - is exactly like the based-Indexed with no scale
factor addressing mode except that it contains a scale
factored multiplied by index.
array resd 10 * 2
;Creates an array of structs
;each struct consists of two dwords
mov ESI,5
;Set ESI to point to the 6th element
mov EAX,4
;Set EAX to point to the second dword of our struct
mov dword [EAX+(ESI*8)+array],120
;Sets the second dword of the 6th element
;of our array to 120
22. 16-bit Real Mode Addressing
(A) Non Memory Addressing Modes
• These are the same as 32-bit non memory addressing
modes except that you can only use 16-bit registers or
smaller.
• The largest displacement in 16-bit addresses can be at
most 16 bits.
(B) Memory Addressing Modes
• In 16-bit real mode we can address memory using 16-bit
or 8-bit registers.
• The addressing modes in 16 bits are much more
restrictive than in 32 bits.
• The table below lists the components that can make up a
16-bit address.
23. • All of possible operands are listed using register names.
Direct addressing - [disp]
var dw 16
mov AX,[var]
add CX,[100h]
Register Indirect addressing - [BX], [BP], [SI], [DI]
var dw 150
mov BX,var
mov SI,0x500
mov word [BX],12
add SI,[100h]
24. Based addressing - [BX + disp], [BP + disp]
var dw 2
var2 dw 17
mov BX,var
mov BP,var2
sub CX,[BX+2]
mov word [BP-2],10
Indexed addressing - [SI + disp], [DI + disp]
var dw 2
var2 dw 17
mov SI,var
mov DI,var2
sub DX,[SI+2]
mov word [DI-2],4
25. Based-Indexed with no displacement addressing - [BX + SI],
[BX + DI], [BP + SI], [BP + DI]
mov BX,0x1000
mov BP,0x250
mov SI,0x100
mov DI,0x500
sub DX,[BP+DI]
mov word [BX-SI],64
Based-Indexed with displacement addressing - [BX+SI+disp],
[BX+DI+disp], [BP+SI+disp], [BP+DI+disp]
mov BX,0x1000
mov BP,0x300
mov SI,0x100
mov DI,0x750
sub DX,[BP+DI-0x50]
mov word [BX-SI-0x200],32