This article talks about intel IA32 eflags register & some interesting things that i found out while studying more about these flags.  This article would be using gnu debugger(gdb) to show the status of eflags register.

First the theory about eflags registers:

eflags register in an IA32 processor stores various flags corresponding to the result of last instruction executed.

Not all instructions use eflags register like mov, bswap, xchg, but instructions like “inc” (increment), add (addition), mul, div instructions use eflags register.

First before we go further in to eflags, there are few points to remember.

  • We cannot examine the whole eflags register
  • There is no instruction that can be used to modify this register directly.
  • There are some instructions that can be used to modify certain bits of the register,  but they are beyond the scope of this article.

We will be looking at some of the flags of the register using simple examples:

  1. Carry Flag
  • Keeps the status of the final carry-out while computing the result of the last instruction set.
  • While adding 2-numbers the carry flag contains the carry-out of the most significant bit.
  • Example :
  • Adding 253 & 4,  For this example, we will use “al” register , which is lower 8-bits of EAX register
  • General Purpose Registers

    General Purpose Registers

    I choose this example specifically to view the Carry flag.   Since our number is less than 255 we will use lower 8 bits of eax register which is  al and will be adding 4 to 253 . Below is the sample code

Adding 2 numbers

Assembly Language Program in AT&T style

We assemble the above code using Gnu Assembler and loader.

add1.s

add1.s

we will use Gnu Debugger(gdb) to view the contents of the registers.

Gnu Debugger

Gnu Debugger

We will set the break point to line 4 and run the program , Type “n” to execute the line 4

Set break point and run the program

Set break point and run the program

Type “info registers”  at the gdb prompt to view the current value in registers

info registers

info registers

as we can see from the above figure, Register al is actually storing -3, instead of  253, this is because the range of numbers that can be stored in al is not from 0 to 255  but instead -128 to 127.

Type “n” or next to execute the line 5 of the program which adds 4 to register al.

CF is seen in gdb

CF is seen in gdb

when we do addition of 4 to -3 , the result is +1 , so the final value of register al is 0x01 which sets the Carry Flag (CF).  We can see from the above figure that eflags shows CF to be set as expected.

To check eflags register only we could type “info reg eflags” on gdb prompt.

2. Zero Flag

  • Zero flag is set to 1 if the result of the last flag-modifying instruction is 0

Examples:

adding negative & positive number

adding negative & positive number

In the above code we set 0xfd, which is -3 value set in register al, and then we add +3 to it. So when processor executes line 5 , the resultant value is 0.  So processor sets ZF in the eflags register. We can view this when we run the above program through gdb.

I will cover the rest of the eflags in next article.

Advertisements