CS:IP 练习
- 段地址与偏移地址寄存器
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
段地址: DS ES SS CS
偏移地址:SP BP SI DI (IP BX 也可以)
原因:
8086 CPU 有20位总线, 寻址能力是 2^20 1MB, 但是 8086CPU 是16位结构,
最多一次性处理 2^16 64KB, 那么要怎么令16位结构到达 20位的寻址?
基础地址(段地址 * 16(10H)) + 偏移地址 = 物理地址
1230H + C8H = 1230H * 10H + C8H = 123C8H
123C8 构成了 20bit
举例:
目的地 = 2826H, 目前只有两张能写三位的卡片
第一张 约法三章 第二张 结果
200H *10H + 826H = 2826H
280H *10H + 26H = 2826H
计算:
0DAB:0100 C3 26 82 89 C3 01 D8 00-00 00 00 00 00 00 00 08 .&..............
0DAB:0110 08 00 00 00 01 00 00 00-00 00 00 00 00 7E 81 A5 .............~..
0DAB:0120 81 BD 99 81 7E 7E FF DB-FF C3 E7 FF 7E 6C FE FE ....~~......~l..
0DAB:0130 FE 7C 38 10 00 10 38 7C-FE 7C 38 10 00 38 7C 38 .|8...8|.|8..8|8
0DAB:0140 FE FE D6 10 38 10 38 7C-FE FE 7C 10 38 00 00 18 ....8.8|..|.8...
0DAB:0150 3C 3C 18 00 00 FF FF E7-C3 C3 E7 FF FF 00 3C 66 <<............<f
0DAB:0160 42 42 66 3C 00 FF C3 99-BD BD 99 C3 FF 0F 07 0F BBf<............
0DAB:0170 7D CC CC CC 78 3C 66 66-66 3C 18 7E 18 3F 33 3F }...x<fff<.~.?3?
冒号左边: 段地址
冒号右边: 偏移地址,能表示的最大值 FFFF
物理地址:0DAB * 10H + 0100H = DBB0H
物理地址:0DAB * 10H + 0110H = DBC0H
DBC0H - DBB0H = 10H = 0-15 = 16 * 1Byte = 8word
1KB = 1024Byte = 64H = 6*16^1 + 4*16^0 = 100(10)
- 检测点
Q1:
段地址为001H, 只通过偏移地址的变化来寻址, 那么CPU的寻址范围是
解:
偏移地址的范围是 0 ~ FFFF
0001H * 10H + 0H = 10H
0001H * 10H + FFFFH = 1000FH
Q2:
有一数据存放在20000H单元中,现在给段地址A, 如果只用偏移地址找到20000H,
那么段地址的范围是?
解:
A * 10H + (0H ~ FFFFH) = 20000H
A * 10H + 0H = 20000H, A = 2000H (最大)
A * 10H + FFFFH = 20000H, A = 1000H
反过来检验下
1000H * 10H + FFFFH = 1FFFFH, 少了1
那么
1001H * 10H + FFFFH = 2000FH, A = 1001H(最小)
- CS:IP
CS 为代码段寄存器, IP 为指令指针寄存器
你想让 CPU 执行哪行指令, 你就让 CS:IP 指向保存有指令的那块内存即可
Z:\>DEBUG
-a
0DAB:0100 mov ax,0100
0DAB:0103 mov bx,0100
0DAB:0106
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 B80001 mov AX,0100
-d
0DAB:0100 B8 00 01 BB 00 01 D8 00-00 00 00 00 00 00 00 08 ................
0DAB:0110 08 00 00 00 01 00 00 00-00 00 00 00 00 7E 81 A5 .............~..
0DAB:0120 81 BD 99 81 7E 7E FF DB-FF C3 E7 FF 7E 6C FE FE ....~~......~l..
0DAB:0130 FE 7C 38 10 00 10 38 7C-FE 7C 38 10 00 38 7C 38 .|8...8|.|8..8|8
0DAB:0140 FE FE D6 10 38 10 38 7C-FE FE 7C 10 38 00 00 18 ....8.8|..|.8...
0DAB:0150 3C 3C 18 00 00 FF FF E7-C3 C3 E7 FF FF 00 3C 66 <<............<f
0DAB:0160 42 42 66 3C 00 FF C3 99-BD BD 99 C3 FF 0F 07 0F BBf<............
0DAB:0170 7D CC CC CC 78 3C 66 66-66 3C 18 7E 18 3F 33 3F }...x<fff<.~.?3?
# 修改其他三个段地址寄存器的值, CS:IP没有改变
Z:\>DEBUG
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-r ds
DS 0DAB :0
-r es
ES 0DAB :0
-r ss
SS 0DAB :0
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-d
0DAB:0100 C3 00 01 BB 00 01 D8 00-00 00 00 00 00 00 00 08 ................
0DAB:0110 08 00 00 00 01 00 00 00-00 00 00 00 00 7E 81 A5 .............~..
0DAB:0120 81 BD 99 81 7E 7E FF DB-FF C3 E7 FF 7E 6C FE FE ....~~......~l..
0DAB:0130 FE 7C 38 10 00 10 38 7C-FE 7C 38 10 00 38 7C 38 .|8...8|.|8..8|8
0DAB:0140 FE FE D6 10 38 10 38 7C-FE FE 7C 10 38 00 00 18 ....8.8|..|.8...
0DAB:0150 3C 3C 18 00 00 FF FF E7-C3 C3 E7 FF FF 00 3C 66 <<............<f
0DAB:0160 42 42 66 3C 00 FF C3 99-BD BD 99 C3 FF 0F 07 0F BBf<............
0DAB:0170 7D CC CC CC 78 3C 66 66-66 3C 18 7E 18 3F 33 3F }...x<fff<.~.?3?
# 跳回去重新执行
-r
AX=9C40 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0107 OV UP EI NG NZ NA PO NC
0DAB:0107 0000 add [BX+SI],AL
-u 0DAB:0100
0DAB:0100 B8204E mov AX,4E20
0DAB:0103 89C3 mov BX,AX
0DAB:0105 01D8 add AX,BX
0DAB:0107 0000 add [BX+SI],AL
-r ip
IP 0107 :0100
-r
AX=9C40 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 OV UP EI NG NZ NA PO NC
0DAB:0100 B8204E mov AX,4E20
-t
AX=4E20 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0103 OV UP EI NG NZ NA PO NC
0DAB:0103 89C3 mov BX,AX
- 指令和数据的区别:
在内存中指令和数据是没有区别的, 只有它们被读入到 CPU 中才会区分数据和地址.
8086CPU 中, 在任意时刻, CPU 将 CS:IP 所指向的内容, 全部当作指令来执行.
Z:\>DEBUG
-a
0DAB:0100 mov ax,4e20
0DAB:0103 mov bx,ax
0DAB:0105 add ax,bx
0DAB:0107
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 B8204E mov AX,4E20
-d 0DAB:0100
0DAB:0100 B8 20 4E 89 C3 01 D8 00-00 00 00 00 00 00 00 08 . N.............
0DAB:0110 08 00 00 00 01 00 00 00-00 00 00 00 00 7E 81 A5 .............~..
0DAB:0120 81 BD 99 81 7E 7E FF DB-FF C3 E7 FF 7E 6C FE FE ....~~......~l..
0DAB:0130 FE 7C 38 10 00 10 38 7C-FE 7C 38 10 00 38 7C 38 .|8...8|.|8..8|8
0DAB:0140 FE FE D6 10 38 10 38 7C-FE FE 7C 10 38 00 00 18 ....8.8|..|.8...
0DAB:0150 3C 3C 18 00 00 FF FF E7-C3 C3 E7 FF FF 00 3C 66 <<............<f
0DAB:0160 42 42 66 3C 00 FF C3 99-BD BD 99 C3 FF 0F 07 0F BBf<............
0DAB:0170 7D CC CC CC 78 3C 66 66-66 3C 18 7E 18 3F 33 3F }...x<fff<.~.?3?
-u 0DAB:0100
0DAB:0100 B8204E mov AX,4E20
0DAB:0103 89C3 mov BX,AX
0DAB:0105 01D8 add AX,BX
0DAB:0107 0000 add [BX+SI],AL
-t
AX=4E20 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0103 NV UP EI NG NZ NA PO NC
0DAB:0103 89C3 mov BX,AX
-t
AX=4E20 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0105 NV UP EI NG NZ NA PO NC
0DAB:0105 01D8 add AX,BX
-t
AX=9C40 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0107 OV UP EI NG NZ NA PO NC
0DAB:0107 0000 add [BX+SI],AL DS:4E20=7B
- 指令的执行过程
指令是有长度的, 执行过程:
a: CPU 从 CS:IP 所组成的地址中读取指令存到指令缓存器中
b: IP = IP + 所读取的指令字节数
c: CPU 执行指令缓存器中的内容, 回到步骤 a 继续
Z:\>DEBUG
-a
0DAB:0100 mov ax,1000
0DAB:0103 mov bx,1000
0DAB:0106 mov dl,10
0DAB:0108
-u
0DAB:0100 B80010 mov AX,1000
0DAB:0103 BB0010 mov BX,1000
0DAB:0106 B210 mov DL,10
0DAB:0108 0000 add [BX+SI],AL
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 B80010 mov AX,1000 (指令长度3个字节)
-t
AX=1000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0103 NV UP EI NG NZ NA PO NC
0DAB:0103 BB0010 mov BX,1000
-t
AX=1000 BX=1000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0106 NV UP EI NG NZ NA PO NC
0DAB:0106 B210 mov DL,10 (指令长度2个字节)
-t
AX=1000 BX=1000 CX=0000 DX=0010 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0108 NV UP EI NG NZ NA PO NC
0DAB:0108 0000 add [BX+SI],AL DS:1000=38
- 转移指令 jmp: 能够(同时)修改 CS、IP
Z:\>DEBUG
-e 2000:0
2000:0000 EF.B8 EF.00 EF.10 EE.BB EE.00 EF.10 EF.B2 EE.10
2000:0008 EF.
-a
0DAB:0100 jmp 2000:0
0DAB:0105
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 EA00000020 JMP 2000:0000
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=2000 IP=0000 NV UP EI NG NZ NA PO NC
2000:0000 B80010 mov AX,1000
-u
2000:0000 B80010 mov AX,1000
2000:0003 BB0010 mov BX,1000
2000:0006 B210 mov DL,10
2000:0008 EF OUT DX,AX
2000:0009 FE0F DEC BYTE PTR [BX]
2000:000B 0E push CS
2000:000C 0000 add [BX+SI],AL
# jmp ax写法
Z:\>DEBUG
-a
0DAB:0100 mov ax,2000
0DAB:0103 jmp ax
0DAB:0105
-a 2000
0DAB:2000 mov bx,4e20
0DAB:2003 add ax,bx
0DAB:2005
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 B80020 mov AX,2000
-t
AX=2000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0103 NV UP EI NG NZ NA PO NC
0DAB:0103 FFE0 JMP AX
-t
AX=2000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=2000 NV UP EI NG NZ NA PO NC
0DAB:2000 BB204E mov BX,4E20
-t
AX=2000 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=2003 NV UP EI NG NZ NA PO NC
0DAB:2003 01D8 add AX,BX
-t
AX=6E20 BX=4E20 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=2005 NV UP EI PL NZ NA PO NC
0DAB:2005 1818 SBB [BX+SI],BL DS:4E20=7B
- 监测点
执行下面指令, CPU 几次修改了 IP? 最后值是?
mov ax,bx => 1
sub ax,ax => 1
jmp ax => 1 + 1 次
Z:\>DEBUG
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 C3 RET
-a
0DAB:0100 mov ax,bx
0DAB:0102 sub ax,ax
0DAB:0104 jmp ax
0DAB:0106
-r
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0100 NV UP EI NG NZ NA PO NC
0DAB:0100 89D8 mov AX,BX
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0102 NV UP EI NG NZ NA PO NC
0DAB:0102 29C0 sub AX,AX
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0104 NV UP EI PL ZR NA PE NC
0DAB:0104 FFE0 JMP AX
-t
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0DAB ES=0DAB SS=0DAB CS=0DAB IP=0000 NV UP EI PL ZR NA PE NC
0DAB:0000 CD20 int 20