WEBVTT

1
00:00.860 --> 00:02.690
Hello and welcome to a new section.

2
00:02.690 --> 00:07.700
In this section, we are going to study the 64-bit instructions.

3
00:08.150 --> 00:12.440
So let's take a look at the introduction to x64 instructions.

4
00:13.610 --> 00:19.910
The Intel CPU is capable of two modes: the compatibility mode and the 64-bit mode.

5
00:20.450 --> 00:23.660
The compatibility mode is also known as 32-bit mode.

6
00:24.860 --> 00:31.970
In the compatibility mode, which we have been doing, it is capable of running 32-bit programs.

7
00:32.480 --> 00:42.080
It has got eight general-purpose registers: -, -, -, -, -, -, -, and -.

8
00:43.040 --> 00:45.680
It is also capable of 32-bit addressing.

9
00:45.950 --> 00:50.510
It has got 32-bit flags and 32-bit - registers.

10
00:51.110 --> 00:55.790
On the other hand, in the 64-bit mode, it can run 64-bit programs.

11
00:56.540 --> 01:10.520
It has got 16 general-purpose registers, denoted as -, -, -, -, -, -, -, and also it

12
01:10.520 --> 01:22.880
has got new registers -, - -, all the way to -, and also it has got - and - which refers to the

13
01:22.880 --> 01:25.070
- and - in 32-bit mode.

14
01:25.430 --> 01:32.510
It is capable of addressing 48-bit addresses. Although it has got 64-bit address space, the higher

15
01:32.510 --> 01:34.520
16 bits are not being used for addressing.

16
01:35.420 --> 01:40.610
It has also got 64-bit flags and 64-bit - instruction register.

17
01:42.380 --> 01:48.110
To address the various parts of the register, we can study this table.

18
01:48.110 --> 01:53.840
The first column is the quad word, which refers to the 64-bit registers.

19
01:54.500 --> 01:56.570
Each register is a quad word.

20
01:56.900 --> 01:59.240
In the second column, we have the D word.

21
02:00.290 --> 02:05.510
The last two rows refer to the stack pointer and stack frame.

22
02:06.560 --> 02:16.880
If we are going to address part of the 64-bit addresses, then we can use -, -, -, - all the way to -

23
02:16.880 --> 02:17.210
-.

24
02:17.960 --> 02:26.870
Note that for - to -, we have to add the "d" suffix at the back. - refers to the D word,

25
02:26.900 --> 02:35.360
the lower half of the quad word. - refers to the lower half of -, - refers to the lower half

26
02:35.360 --> 02:36.680
of -, and so on.

27
02:37.040 --> 02:48.230
Similarly, for the stack pointer, top of stack pointer, we will use - for the D word and - for

28
02:48.230 --> 02:55.610
the stack frame pointer. And if we are going to address the lower half of -, we will use -, -,

29
02:55.610 --> 02:57.620
-, -, -, -, -, and so on.

30
02:57.620 --> 03:08.150
And then for the - to -, we will put -. "w" stands for word: -, -, -, and so on.

31
03:09.560 --> 03:12.830
And for the stack pointer, we will denote it as - and -.

32
03:14.420 --> 03:20.840
If we are going to address the bytes, the lower half of the lowermost byte, it will be addressed as

33
03:20.870 --> 03:25.070
-. "l" refers to the lower half of - register.

34
03:25.640 --> 03:29.090
"h" refers to the higher upper half of - register.

35
03:30.440 --> 03:43.310
Similarly, we have -, -, -, -, and so on. And for the -, we will use - and - for the -.

36
03:44.030 --> 03:52.520
For - to -, we will put a "b" suffix at the back: - for the lowermost byte of the - register,

37
03:52.730 --> 03:58.310
- for - and all the way to - for the stack pointer.

38
03:58.310 --> 04:00.260
We will put - and -.

39
04:01.250 --> 04:02.720
Take a look at this example.

40
04:02.720 --> 04:07.400
Now, - here refers to quad word, the entire 64-bit.

41
04:08.390 --> 04:09.920
This is the quad word: eight bytes.

42
04:11.120 --> 04:16.640
Half of it will be -, which is a D word, which is four bytes or 32 bits.

43
04:18.480 --> 04:20.730
And half of - will be -.

44
04:21.060 --> 04:22.620
The lower half will be -.

45
04:22.830 --> 04:32.640
- is a word, also known as two bytes or 16 bits. And half of - will be the lower half, -, eight bits,

46
04:32.640 --> 04:36.300
"l," and "h" is the upper half of -.

47
04:36.330 --> 04:38.430
Let's take a look at x64dbg now.

48
04:38.550 --> 04:42.120
We have two debuggers: x32 and x64.

49
04:42.270 --> 04:47.400
We need to use x64dbg to study 64-bit programs.

50
04:47.730 --> 04:49.350
So open x64dbg.

51
04:50.100 --> 04:53.790
And let's take a look at an example of a 64-bit program.

52
04:54.090 --> 04:59.160
And here on the right, you will see the registers: -, -, and so on.

53
04:59.400 --> 05:00.870
They are all now eight bytes.

54
05:01.140 --> 05:07.050
F0 is one byte, 14 is another byte, 40 is the third byte,

55
05:07.410 --> 05:11.490
and so on, all the way. There are eight bytes or 64 bits.

56
05:12.600 --> 05:15.540
And on the address as well, you will see the same thing happening.

57
05:15.540 --> 05:16.470
There are eight bytes here.

58
05:16.500 --> 05:21.270
F0 is one byte, F14 is another byte, 40 is another byte, and so on.

59
05:21.270 --> 05:22.440
All together, eight bytes.

60
05:23.460 --> 05:27.780
And you can see -, -, -, all the way to -,

61
05:27.810 --> 05:34.920
and then we have the new registers: -, -, -, all the way to -, and the instruction pointer,

62
05:34.920 --> 05:38.040
-, is also eight bytes or quad word.

63
05:39.270 --> 05:42.630
And the instruction flags are also eight bytes or 64 bits.

64
05:44.560 --> 05:50.320
So this is what it looks like for the 64-bit address and also registers.

65
05:51.520 --> 05:52.960
That's all for this video.

66
05:53.380 --> 05:55.120
Thank you for watching.