Once you understand the concepts of x86 architecture, it's much easier to understand x64 architecture. The x64 architecture was designed as an extension to x86 and has a strong resemblance with x86 instruction sets, but there are a few differences that you need to be aware of from a code analysis perspective. This section covers some of the differences in the x64 architecture:
- The first difference is that the 32-bit (4 bytes) general purpose registers
eax
,ebx
,ecx
,edx
,esi
,edi
,ebp
, andesp
are extended to 64 bits (8 bytes); these registers are namedrax
,rbx
,rcx
,rdx
,rsi
,rdi
,rbp
, andrsp
. The eight new registers are namedr8
,r9
,r10
,r11
,r12
,r13
,r14
, andr15
. As you might expect, a program can access the register as 64-bit (RAX
,RBX
, and so on), 32-bit (eax
,ebx
, etc), 16-bit (ax
,bx
, and so on), or 8-bit (al
,bl
, and so on). For example, you can access the lower half of theRAX
register asEAX
and the lowest word asAX.
You can access the registersr8-r15...