The Intel x86 processor uses complex instruction set computer (CISC) architecture, which means there is a modest number of special-purpose registers instead of large quantities of general-purpose registers. It also means that complex special-purpose instructions will predominate.
The x86 processor traces its heritage at least as far back as the 8-bit Intel 8080 processor. Many peculiarities in the x86 instruction set are due to the backward compatibility with that processor (and with its Zilog Z-80 variant).
Microsoft Win32 uses the x86 processor in 32-bit flat mode. This documentation will focus only on the flat mode.
Registers
The x86 architecture consists of the following unprivileged integer registers.
eax
ebx
ecx
edx
Data register — can be used for I/O port access and arithmetic functions
esi
Source index register
edi
Destination index register
ebp
Base pointer register
esp
All integer registers are 32 bit. However, many of them have 16-bit or 8-bit subregisters.
ax
Low 16 bits of eax
bx
Low 16 bits of ebx
cx
Low 16 bits of ecx
dx
Low 16 bits of edx
si
Low 16 bits of esi
di
Low 16 bits of edi
bp
Low 16 bits of ebp
sp
Low 16 bits of esp
al
Low 8 bits of eax
ah
High 8 bits of ax
bl
Low 8 bits of ebx
bh
High 8 bits of bx
cl
Low 8 bits of ecx
ch
High 8 bits of cx
dl
Low 8 bits of edx
dh
High 8 bits of dx
Operating on a subregister affects only the subregister and none of the parts outside the subregister. For example, storing to the ax register leaves the high 16 bits of the eax register unchanged.
When using the ? (Evaluate Expression) command, registers should be prefixed with an «at» sign ( @ ). For example, you should use ? @ax rather than ? ax. This ensures that the debugger recognizes ax as a register rather than a symbol.
However, the (@) is not required in the r (Registers) command. For instance, r ax=5 will always be interpreted correctly.
Two other registers are important for the processor’s current state.
eip
flags
The instruction pointer is the address of the instruction being executed.
The flags register is a collection of single-bit flags. Many instructions alter the flags to describe the result of the instruction. These flags can then be tested by conditional jump instructions. See x86 Flags for details.
Calling Conventions
The x86 architecture has several different calling conventions. Fortunately, they all follow the same register preservation and function return rules:
Functions must preserve all registers, except for eax, ecx, and edx, which can be changed across a function call, and esp, which must be updated according to the calling convention.
The eax register receives function return values if the result is 32 bits or smaller. If the result is 64 bits, then the result is stored in the edx:eax pair.
The following is a list of calling conventions used on the x86 architecture:
Win32 (__stdcall)
Function parameters are passed on the stack, pushed right to left, and the callee cleans the stack.
Native C++ method call (also known as thiscall)
Function parameters are passed on the stack, pushed right to left, the «this» pointer is passed in the ecx register, and the callee cleans the stack.
Function parameters are passed on the stack, pushed right to left, then the «this» pointer is pushed on the stack, and then the function is called. The callee cleans the stack.
__fastcall
The first two DWORD-or-smaller arguments are passed in the ecx and edx registers. The remaining parameters are passed on the stack, pushed right to left. The callee cleans the stack.
__cdecl
Function parameters are passed on the stack, pushed right to left, and the caller cleans the stack. The __cdecl calling convention is used for all functions with variable-length parameters.
Debugger Display of Registers and Flags
Here is a sample debugger register display:
In user-mode debugging, you can ignore the iopl and the entire last line of the debugger display.
x86 Flags
In the preceding example, the two-letter codes at the end of the second line are flags. These are single-bit registers and have a variety of uses.
The following table lists the x86 flags:
Flag Code Flag Name Value Flag Status Status Description of
0 1 nvov
No overflow Overflow df
0 1 updn
Direction up Direction down if
0 1 diei
Interrupts disabled Interrupts enabled sf
0 1 plng
Positive (or zero) Negative zf
0 1 nzzr
Nonzero Zero af
Auxiliary Carry Flag
0 1 naac
No auxiliary carry Auxiliary carry pf
0 1 pepo
Parity even Parity odd cf
0 1 nccy
No carry Carry tf
If tf equals 1, the processor will raise a STATUS_SINGLE_STEP exception after the execution of one instruction. This flag is used by a debugger to implement single-step tracing. It should not be used by other applications.
iopl
I/O Privilege Level
This is a two-bit integer, with values between zero and 3. It is used by the operating system to control access to hardware. It should not be used by applications.
When registers are displayed as a result of some command in the Debugger Command window, it is the flag status that is displayed. However, if you want to change a flag using the r (Registers) command, you should refer to it by the flag code.
In the Registers window of WinDbg, the flag code is used to view or alter flags. The flag status is not supported.
Here is an example. In the preceding register display, the flag status ng appears. This means that the sign flag is currently set to 1. To change this, use the following command:
This sets the sign flag to zero. If you do another register display, the ng status code will not appear. Instead, the pl status code will be displayed.
The Sign Flag, Zero Flag, and Carry Flag are the most commonly-used flags.
Conditions
A condition describes the state of one or more flags. All conditional operations on the x86 are expressed in terms of conditions.
The assembler uses a one or two letter abbreviation to represent a condition. A condition can be represented by multiple abbreviations. For example, AE («above or equal») is the same condition as NB («not below»). The following table lists some common conditions and their meaning.
Condition Name
Flags
Meaning
Result of last operation was zero.
Result of last operation was not zero.
Last operation required a carry or borrow. (For unsigned integers, this indicates overflow.)
Last operation did not require a carry or borrow. (For unsigned integers, this indicates overflow.)
Result of last operation has its high bit set.
Result of last operation has its high bit clear.
When treated as a signed integer operation, the last operation caused an overflow or underflow.
When treated as signed integer operation, the last operation did not cause an overflow or underflow.
Conditions can also be used to compare two values. The cmp instruction compares its two operands, and then sets flags as if subtracted one operand from the other. The following conditions can be used to check the result of cmpvalue1, value2.
What is x86 Architecture and its difference between x64?
Have you ever come across x86 and x64 but do not know what they mean? No worries, as this blog will cover everything you need to know about x86 and its architecture together with x64 and their differences between each other.
What is x86 Architecture?
x86 is a family of instruction set architectures (ISA) for computer processors initially developed by Intel. They refer to the way a computer processor (CPU) handles information.
What is an instruction set architecture?
It is an abstract model of a computer that is also referred to as computer architecture. It is part of a computer that pertains to programming which specifies the behaviour of machine code. The instruction set is the language that a computer’s brain is designed to understand which provides commands to the computer processor and tells it what to do.
Back to the x86…
The x86 is developed based on the Intel 8086 microprocessor and its 8088 variant where it started out as a 16-bit instruction set for 16-bit processors where many additions and extensions have been added to the x86 where it grew to 32-bit instruction sets over the years with almost entirely full backward compatibility.
The bit in both 32-bit and 16-bit is shorthand for a number. For example, for 32-bit, the number will contain 32 bits which are binary digits that are either 0 or 1. For a 32-bit number, it will look like something like this 10101010101010101010101010101010.
Today, the term x86 is used generally to refer to any 32-bit processor compatible with the x86 instruction set. x86 microprocessor is capable of running almost any type of computer from laptops, servers, desktops, notebooks to supercomputers.
What is x64?
Similar to the x86, the x64 is also a family of instruction set architectures (ISA) for computer processors. However, x64 refers to a 64-bit CPU and operating system instead of the 32-bit system which the x86 stands for.
But why does x64 refers to a 64-bit system while x86 refers to a 32-bit system?
That was the question I asked myself too at first. However, this is because as when the processor was first being created, it was called 8086. The 8086 was well designed and popular which can understand 16-bit machine language at first. It was later improved and expanded the size of 8086 instructions to a 32-bit machine language. As they improve the architecture, they kept 86 at the end of the model number, the 8086. This line of processors was then known as the x86 architecture.
On the other hand, x64 is the architecture name for the extension to the x86 instruction set that enables 64-bit code. When it was initially developed, it was named as x86-64. However, people thought that the name was too length where it was later shortened to the current x64.
What is the difference between x86 and x64?
As you guys can already tell, the obvious difference will be the amount of bit of each operating system. x86 refers to a 32-bit CPU and operating system while x64 refers to a 64-bit CPU and operating system.
Does having more amount of bits in each operating system have any benefits?
Of course! This is one of the main reason the number of bits keeps increasing over the years from 16-bits to 64-bits currently. As mentioned above, the bits are shorthand for a number which can only be 1 or 0. This causes the 32-bit CPUs not being able to use a lot of RAM as 1 and 0, the total number of combinations is only 2^32 which equals to 4,294,967,295. This means the 32-bit processor has 4.29 billion memory locations each storing one byte of data which equates to approx. 4GB of memory which the 32-bit processor can access without workarounds in software to address more.
Today, 4GB is enough for basic tasks but if you wish to run multiple programs and other more heavy load tasks, 4GB is not sufficient. In addition, with a 64-bit system, it will be more efficient as it can process data in 64-bit chunks compared to 32-bit chunks. Your 64-bit system can also run 32-bit programs as they are backwards compatible. But, it doesn’t work the other way where a 32-bit computer cannot run 64-bit programs.
Example of x86 Single Board Computer (SBC)
ODYSSEY – X86J4105
ODYSSEY – X86J4105 redefines the SBC (Single Board Computer) with pre-installed Windows 10 Enterprise and Arduino Coprocessor onboard, enabling IoT (Internet of Things) easier than before.
With the fast development of IoT, more and more Edge Computing devices are connected to the Internet. Nowadays, a computer is not just a big rectangular black box under the desk, or a small portable device working on your knees. Computers are devices lying everywhere that doing calculating, communicating, and data storing. Based on this definition, we would like to introduce our brand new product – ODYSSEY – X86J4105.
ODYSSEY is a series of SBC (Single Board Computer), allowing you to build Edge Computing applications with ease. The ODYSSEY – X86J4105, is based on Intel Celeron J4105, a Quad-Core 1.5GHz CPU that bursts up to 2.5GHz. It has all the great features that a standard Computer needs, including an 8GB LPDDR4 RAM, 64GB eMMC Storage(optional), onboard Wi-Fi/BLE, Dual Gigabyte Ethernet Ports, Audio Input and Output, USB Ports, HDMI, SATA Connectors, PCIe, etc.
With simple connections to Mouse, Keyboard and Monitor to ODYSSEY – X86J4105, you will get a Desktop Mini PC right away. With eMMC versions, you even have the Windows 10 Enterprise pre-installed!
What can you do with the Odyssey other than building a mini PC?
With ODYSSEY – X86J4105, you can build your own NAS (Network-Attached Storage), your high-performance Virtual Router, or a 4G LTE Gateway in your IoT applications. There is an onboard ATSAMD21 Core, an ARM Cortex-M0+ MCU that allows you to program Arduino on the x86 platform. The Raspberry Pi compatible 40-Pin allows you to use hundreds of Pi HATs in the market. All of these features providing endless possibilities of using the ODYSSEY – X86J4105.
The ODYSSEY – X86J4105 is more than just a computer, with the Arduino Co-processor onboard, it can be used to connect with sensors, gyroscope, and much more. You can also use the ODYSSEY for your robotics projects, media center, server cluster, IoT Gateway, router, etc. Why don’t you start exploring your IoT journey with the ODYSSEY today!
How to determine if your Windows OS is 32-bit (x86) or 64-bit (x64)?
Now you know what is the difference between the x86 architecture and a x64 bit architecture how do you check whether your computer is an x86 or x64 system?
Well, Here is how to check if your computer is running a 32-bit system or 64-bit system for Windows OS with just one step
All you need to do is:
Press the Windows Key + X to open the power user menu and click on system.
Scroll down and you should be able to see your system type under device specifications
Summary
And that’s all on the differences between x86 and x64! Hope that you have learnt more about each of their architecture and how you can determine whether your windows OS is x86 or x64!
