RAM - Random Access Memory
RAM is a "VOLATILE" memory
RAM loses all of its data when the system power goes off in a "decaying" manner
What is stack ?
Stack is a part of memory which used "Linear" data structure which follows LIFO (Last In First Out) / FILO (First In Last Out) order
A stack is a memory segment of computer's memory which stores temporary variables created by a function. In stack, variables are declared, stored and initialized during runtime
It is a temporary storage memory. When the computing task is complete, the memory of the variable will be automatically erased. The stack section mostly contains methods, local variable, and reference variables
Remember that stack is always "VOLATILE"
- Stack access "Local Variables"
- Stack variables "cannot be resized"
- Stack memory is allocated in "Linear Order"
- Stack need not to deallocate variables
- Stack allocation and deallocation is done by "Compiler"
What is heap ?
The heap is a memory segment used by programming languages to store global variables
By default, all global variable are stored in heap memory space
It supports Dynamic memory allocation
Heap is roughly a First In First Out (FIFO) Data Structure
The heap is not managed automatically for you and is not as tightly managed by the CPU
It is more like a free-floating region of memory
Garbage collection runs on the heap memory to free the memory used by the object
Heap method also used in the "Priority Queue"
- Heap access "Global Variables"
- Heap variables can be "Resized"
- Heap memory is allocated in "Random Order"
- Heap should perform deallocation
- Heap allocation and deallocation is coded by "Programmer"
Registers are memory storage which is fabricated inside processors designed for specific purposes
Registers can also be viewed as "hardcoded variables" in the memory
Cache is like a secondary data storage which is used to "quickly" access data from the memory
Cache acts like a "buffer" between processor and primary memory to fetch the data ASAP
Caches can have many levels(L1,L2,L3..so on depends on the need of processor)
Executable code segments are copied into "Instruction Cache"
Frequently accessed pages of memory are stored in "Translation Lookaside Buffer (TLB) Cache" which reduces the time for "Virtual-to-Physical Memory Translation Process"
TLBs are flushed during context switches
Kernel TLBs should not be flushed to avoid a performance hit
NOTE:
- CPU access RAM little bit slow when compared with Processor Registers and L1 & L2 Cache
For more detail about CPU registers
32bit General Purpose Registers
- EAX
- EBX
- ECX
- EDX
- ESI
- EDI
- EBP
- ESP
64bit General Purpose Registers
- RAX
- RBX
- RCX
- RDX
- RSI
- RDI
- RBP
- RSP
- R8-R15
A processor register is a local storage space on a processor that holds data that is being processed by CPU Processor registers generally occupy the top-most position in the memory hierarchy, providing high-speed storage space and fast access to data
A register may include the address of the memory location instead of the real data itself.These are used to process data for specific purposes
General purpose registers are used to perform arithmetic calculations within it to manipulate, retrieve or load the data from registers/memory with the help of these registers
x64 architecture systems have additional 8 general purpose registers (R8-R15)
Segment registers are used to store and keep a track to maintain the location of specific segments within the virtual memory while using Protected Mode Memory Addressing with "linear addressing"
Each 16bit segment registers can hold the value of the virtual memory segment in it
Protected Mode Memory Addressing is a mode in which a processor can access all data and programs beyond the 1M of memory and within the first 1M of memory
Segment Registers are,
- CS
- DS
- SS
- ES
- FS
- GS
CS(Code Segment) − It contains all the instructions to be executed. A 16-bit Code Segment register or CS register stores the starting address of the code segment.
DS(Data Segment) − It contains data, constants and work areas. A 16-bit Data Segment register or DS register stores the starting address of the data segment.
SS(Stack Segment) − It contains data and return addresses of procedures or subroutines. It is implemented as a 'stack' data structure. The Stack Segment register or SS register stores the starting address of the stack.
ES(Extra Segment)
FS & GS - Used to store additional segments
NOTE:
Segmentation is commonly used in x32bit processors,but when it comes to x64bit it initializes all segment registers to 0 (In Real Mode)
Segmentation in x64bit processors is unneccessary,but can be used to store while accessing large strucutal data
In processors flags represents "conditions"
Flag registers are used to maintain the state of the mathematical operation and the overall state of the processor
Each flag registers has their own condition
Some of the common flag registers are,
- Zero
- Carry
- Parity
- Auxiliary Carry
- Sign/Neg
- Overflow
- Interrupt
- Trap
EIP in 32bit
RIP in 64bit
This is an important register when it comes to exploit development
The Instruction Pointer (IP) is a register that holds the memory address of the next instruction to execute
The IP points to instructions in the code segment sequentially until it reaches a Jump (JMP), CALL, or other instruction, causing the pointer to jump to a new location in memory
The Instruction Pointer Register and the Flag Registers are combined to know as Control Registers
Many instructions involve comparisons and mathematical calculations and change the status of the flags and some other conditional instructions test the value of these status flags to take the control flow to other location
x32bit processors have 5 control registers(CR0-CR4)
x64bit processors have more than these control registers