CHAPTER 5Understanding Condition Codes
Assembly instructions commonly include destination registers where the result of an operation will be stored. However, some instructions can have effects beyond those recorded in this destination register.
x86 uses condition codes to track these effects. This chapter explores these condition codes and describes the main ones you need to understand to effectively reverse engineer x86 applications.
Condition Codes
Most architectures, including x86, need a means of tracking the basic properties of previous operations. For example, when evaluating an if statement, the program needs to evaluate the condition and then act on its result. The ability to track state information across instructions is essential to the ability to perform this and similar operations.
To store this state information, the computer has a special-purpose register (SPR) called flags. On a 32-bit system, this is called the eflags register, while the 16-bit and 64-bit versions are called flags and rflags, respectively.
eflags
The eflags register is composed of a set of flags, each of which is represented by a single bit. Each bit can be set to true (1) or false (0).
The eflags register is broken up into three types of flags.
- Status flags: Status flags represent the status of some operation such as whether the previous operation evaluated to zero.
- Control flags: Control flags affect how the processor operates, such as enabling and disabling interrupts.
- System flags: ...
Get x86 Software Reverse-Engineering, Cracking, and Counter-Measures now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
