-1

I had an example in book with GDB output of main function prolog:

0х08048357 <main+0> : push еbр
0х08048358 <main+l> : mov  ebp, esp
0х0804835а

But in my system (Manjaro linux) same code and same GDB provide me something like that:

   0x000000000000118e <+0>:     push   rbp
   0x000000000000118f <+1>:     mov    rbp,rsp
   0x0000000000001192 <+4>:     mov    ecx,0x4
   0x0000000000001197 <+9>:     mov    edx,0x3
   0x000000000000119c <+14>:    mov    esi,0x2
   0x00000000000011a1 <+19>:    mov    edi,0x1

I want to know what difference between "R" and "E" starting registers. "Newbie" explain is required.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
FLY FOX 2058
  • 13
  • 4
  • r = 64 bits, e = 32 bits [registers](https://en.wikibooks.org/wiki/X86_Assembly/X86_Architecture) – tttony Oct 03 '21 at 20:19
  • @tttony - note that a |mov ecx,0x4| will clear the upper 32 bits of rcx. – rcgldr Oct 03 '21 at 20:21
  • If you want to compile in a way that's more likely to somewhat match an old book, use `gcc -m32 -fno-pie -no-pie -fno-stack-protector`. But don't expect exact matches with different compiler versions. [Why I'm getting different result from tutorial](https://stackoverflow.com/q/67141783) – Peter Cordes Oct 03 '21 at 20:56
  • [gcc Assembly code output different than expected](https://stackoverflow.com/q/23586602) is the same basic question, but doesn't have any detailed answers – Peter Cordes Oct 03 '21 at 21:01

1 Answers1

2

Short answer: exx registers are 32-bit, rxx registers are 64-bit

Longer answer: The x86 architecture has evolved for decades from its initial 16-bit roots, when the 16-bit registers were called ax, bx, etc. When the 80386 was introduced, the registers were extended to 32 bits, and thus called eax, ebx etc. Referring to the old 16-bit register names on a 80386 accesses the lower 16 bits of these extended registers. When AMD extended the x86 instruction set architecture to 64 bits, they chose 'r' as the prefix of the 64-bit registers, extending the 32-bit registers again, to rax, rbx etc. In the process, they added a few new registers that didn't exist before, r8-r15.

John Källén
  • 7,551
  • 31
  • 64
  • 3
    We already have a canonical answer like this on [What do the E and R prefixes stand for in the names of Intel 32-bit and 64-bit registers?](https://stackoverflow.com/q/43933379). If you're going to answer this question specifically instead of closing as a duplicate, the relevant thing would be to mention that the book is obviously written for a 32-bit system, but the querent is using a modern x86-64 system where the GCC default is `-m64`, and that `gcc -m32 -fno-pie -no-pie -fno-stack-protector` might make asm closer to old systems with their GCC configs. – Peter Cordes Oct 03 '21 at 21:05