Skip to Main Content
x86 Software Reverse-Engineering, Cracking, and Counter-Measures
book

x86 Software Reverse-Engineering, Cracking, and Counter-Measures

by Stephanie Domas, Christopher Domas
February 2024
Intermediate to advanced content levelIntermediate to advanced
320 pages
6h 45m
English
Wiley
Content preview from x86 Software Reverse-Engineering, Cracking, and Counter-Measures

CHAPTER 5Understanding Condition Codes

Assembly instructions commonly include destination registers where the result of an operation will be stored. However, some instructions can have effects beyond those recorded in this destination register.

x86 uses condition codes to track these effects. This chapter explores these condition codes and describes the main ones you need to understand to effectively reverse engineer x86 applications.

Condition Codes

Most architectures, including x86, need a means of tracking the basic properties of previous operations. For example, when evaluating an if statement, the program needs to evaluate the condition and then act on its result. The ability to track state information across instructions is essential to the ability to perform this and similar operations.

To store this state information, the computer has a special-purpose register (SPR) called flags. On a 32-bit system, this is called the eflags register, while the 16-bit and 64-bit versions are called flags and rflags, respectively.

eflags

The eflags register is composed of a set of flags, each of which is represented by a single bit. Each bit can be set to true (1) or false (0).

The eflags register is broken up into three types of flags.

  • Status flags: Status flags represent the status of some operation such as whether the previous operation evaluated to zero.
  • Control flags: Control flags affect how the processor operates, such as enabling and disabling interrupts.
  • System flags: ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse

Publisher Resources

ISBN: 9781394199884Purchase Link