Category Archives: Programming

Eflags Registers

20 Wednesday Jan 2016

Posted by in Assembly Language, gdb, General, Linux, Programming

Leave a comment

This article talks about intel IA32 eflags register & some interesting things that i found out while studying more about these flags.  This article would be using gnu debugger(gdb) to show the status of eflags register.

First the theory about eflags registers:

eflags register in an IA32 processor stores various flags corresponding to the result of last instruction executed.

Not all instructions use eflags register like mov, bswap, xchg, but instructions like “inc” (increment), add (addition), mul, div instructions use eflags register.

First before we go further in to eflags, there are few points to remember.

  • We cannot examine the whole eflags register
  • There is no instruction that can be used to modify this register directly.
  • There are some instructions that can be used to modify certain bits of the register,  but they are beyond the scope of this article.

We will be looking at some of the flags of the register using simple examples:

  1. Carry Flag
  • Keeps the status of the final carry-out while computing the result of the last instruction set.
  • While adding 2-numbers the carry flag contains the carry-out of the most significant bit.
  • Example :
  • Adding 253 & 4,  For this example, we will use “al” register , which is lower 8-bits of EAX register
  • General Purpose Registers

    General Purpose Registers

    I choose this example specifically to view the Carry flag.   Since our number is less than 255 we will use lower 8 bits of eax register which is  al and will be adding 4 to 253 . Below is the sample code

Adding 2 numbers

Assembly Language Program in AT&T style

We assemble the above code using Gnu Assembler and loader.

add1.s

add1.s

we will use Gnu Debugger(gdb) to view the contents of the registers.

Gnu Debugger

Gnu Debugger

We will set the break point to line 4 and run the program , Type “n” to execute the line 4

Set break point and run the program

Set break point and run the program

Type “info registers”  at the gdb prompt to view the current value in registers

info registers

info registers

as we can see from the above figure, Register al is actually storing -3, instead of  253, this is because the range of numbers that can be stored in al is not from 0 to 255  but instead -128 to 127.

Type “n” or next to execute the line 5 of the program which adds 4 to register al.

CF is seen in gdb

CF is seen in gdb

when we do addition of 4 to -3 , the result is +1 , so the final value of register al is 0x01 which sets the Carry Flag (CF).  We can see from the above figure that eflags shows CF to be set as expected.

To check eflags register only we could type “info reg eflags” on gdb prompt.

2. Zero Flag

  • Zero flag is set to 1 if the result of the last flag-modifying instruction is 0

Examples:

adding negative & positive number

adding negative & positive number

In the above code we set 0xfd, which is -3 value set in register al, and then we add +3 to it. So when processor executes line 5 , the resultant value is 0.  So processor sets ZF in the eflags register. We can view this when we run the above program through gdb.

I will cover the rest of the eflags in next article.

Using gdb layout when debugging Assembly Language Programs

28 Sunday Apr 2013

Posted by in Linux, Programming

3 Comments

Tags

, , , , , , ,

In my quest to learn programming, I have started my initial steps with assembly Language programming (ALP). I have been on this endeavour from quite some time.

This post is not about ALP though but about an important option of gdb called layout. layout helps all the newbies who are learning ALP a lot. Before i explain about this option , Consider the below program:

code

Figure-1

The above program calculates sum of two values (17 and 15) using sum function in alp. The output is saved in ebx register. Let us first assemble and link the program. We are assembling our source code using GNU Assembler with option -gstabs to debug the assembly code through gdb.

From man as:
–gstabs:Generate stabs debugging information for each assembler line. This may help debugging assembler code, if the debugger can handle it.

GNU Assembler

Figure-2

From the Figure-2 we could see that program “mysum” runs successfully. Let us Run the program through gdb. What we want to know is the following:

i) Values of registers while the code is being executed at each step
ii) Most importantly we want to see the code and registers at the same time.

To accomplish the above goals gdb provides a Text User interface using curses library to show source file. This feature is not limited to source file only but also shows assembly code(asm), registers(regs). In our case we would require to view assembly code and registers and that too at the same time. To view the registers as our asm code executes.

gdb

Figure-3

We first start with invoking the program mysum with gdb and setting the break point at the start function:

breakpoint

Figure-4

After setting the break point run the program by typing “run” (or just “r”) at the gdb prompt which will stop at the first break point , which in our case is the _start function. At this point lets invoke “asm” layout by typing “layout asm” at the gdb prompt:

asm layout would look like this:

layout asm

Figure-5

In Figure-5, we could see our asm code with more details, like address where the particular instruction resides, and the instruction. Our current program counter starts at 0x8048054 which is the start of our program. From here we will keep stepping through our code and view the register values.

To load the register layout type “layout regs” at the gdb prompt and gdb would automatically split the TUI to show both asm code and registers as shown below:

alp7

Figure-6

In Figure-6, Instruction to be executed is highlighted and also we could see the values of registers. We will step through the code by typing “step” (or in short “s”) command at gdb prompt which will execute the earlier instruction and the code to be executed next is highlighted:

alp8

Figure-7

In Figure-7,  we could see now our Program counter points to next instruction at address 0x8048056 which is to push 0xf (15 to stack). And also our register layout shows EIP is pointing to code to be executed and current ESP register value.

As we keep stepping through our code (use “s” at gdb prompt) and when our code enters sum function we should be able to see our base pointer  register value  (EBP) and if it’s saved with value of ESP register:

alp12

Figure-8

Our code has passed values 17 and 15 to the stack and in sum function we are copying these values to General puspose registers ecx and ebx. Figure-9 shows that ecx and edx registers have been loaded with 17 and 15 as mentioned in the code.

alp14

Figure-9

Keep stepping through the code and once code reaches to the end of sum function where we exit the function by popping the stack we could see the Register values at register layout Restore the stack pointer and returning back to _start):

alp17

Figure-10

Once we are back to _start function we see that the sum of 17 and 15 is stored in ebx register, load “1” to eax register and send the interrupt to call the exit system call. The output of the program i.e sum of values 17 and 15 can be viewed by check the status of exit system call which is value in ebx register.

alp20

Figure-11

I hope the above information would be useful for newbies while debugging assembly language code.

Note: “layout regs” doesn’t yet work on gdb version “gdb-7.2-51.el6.i686” on RHEL6 . It crashes gdb. Fedora 15 and latest rawhide has the fix . Hope later versions of the gdb on RHEL6 might have the fix.