This article talks about intel IA32 eflags register & some interesting things that i found out while studying more about these flags. This article would be using gnu debugger(gdb) to show the status of eflags register.
First the theory about eflags registers:
eflags register in an IA32 processor stores various flags corresponding to the result of last instruction executed.
Not all instructions use eflags register like mov, bswap, xchg, but instructions like “inc” (increment), add (addition), mul, div instructions use eflags register.
First before we go further in to eflags, there are few points to remember.
- We cannot examine the whole eflags register
- There is no instruction that can be used to modify this register directly.
- There are some instructions that can be used to modify certain bits of the register, but they are beyond the scope of this article.
We will be looking at some of the flags of the register using simple examples:
- Carry Flag
- Keeps the status of the final carry-out while computing the result of the last instruction set.
- While adding 2-numbers the carry flag contains the carry-out of the most significant bit.
- Example :
- Adding 253 & 4, For this example, we will use “al” register , which is lower 8-bits of EAX register
I choose this example specifically to view the Carry flag. Since our number is less than 255 we will use lower 8 bits of eax register which is al and will be adding 4 to 253 . Below is the sample code
We assemble the above code using Gnu Assembler and loader.
we will use Gnu Debugger(gdb) to view the contents of the registers.
We will set the break point to line 4 and run the program , Type “n” to execute the line 4
Type “info registers” at the gdb prompt to view the current value in registers
as we can see from the above figure, Register al is actually storing -3, instead of 253, this is because the range of numbers that can be stored in al is not from 0 to 255 but instead -128 to 127.
Type “n” or next to execute the line 5 of the program which adds 4 to register al.
when we do addition of 4 to -3 , the result is +1 , so the final value of register al is 0x01 which sets the Carry Flag (CF). We can see from the above figure that eflags shows CF to be set as expected.
To check eflags register only we could type “info reg eflags” on gdb prompt.
2. Zero Flag
- Zero flag is set to 1 if the result of the last flag-modifying instruction is 0
In the above code we set 0xfd, which is -3 value set in register al, and then we add +3 to it. So when processor executes line 5 , the resultant value is 0. So processor sets ZF in the eflags register. We can view this when we run the above program through gdb.
I will cover the rest of the eflags in next article.