assemblyx86ddd-debugger

Interpreting eFlags in DDD

I am attempting to learn how to write and understand x86 Assembly as well as how to use GDB and related tools effectively. To do this, I am using DDD as a front-end for GDB.

I am having trouble understanding what the condition flags (eflags?) are given that they appear to all be stored in the same register. I will post the register, the assembly code, and the related C code. Thank you for any assistance.

The register is displayed as follows at the given breakpoint: 0x293 [CF AF SF IF]

The following is the C code being run. (This is not an example of my coding style. I am trying to force GCC to use the compl operation.)

int main( int argc, char* argv[] )
{
  int a = 0;
  int b = 2;
  if( a == b ) // There is a breakpoint here!
    goto EQUAL;
  else
    goto NEQUAL;

  EQUAL:
    return 3;

  NEQUAL:
    return 1;
}

The following is the assembly my machine broke it down into:

Dump of assembler code for function main:
0x0000000000400474 <+0>:     push   %rbp
0x0000000000400475 <+1>:     mov    %rsp,%rbp
0x0000000000400478 <+4>:     mov    %edi,-0x14(%rbp)
0x000000000040047b <+7>:     mov    %rsi,-0x20(%rbp)
0x000000000040047f <+11>:    movl   $0x0,-0x8(%rbp)
0x0000000000400486 <+18>:    movl   $0x2,-0x4(%rbp)
0x000000000040048d <+25>:    mov    -0x8(%rbp),%eax
0x0000000000400490 <+28>:    cmp    -0x4(%rbp),%eax
0x0000000000400493 <+31>:    jne    0x40049d <main+41> # Break point here
0x0000000000400495 <+33>:    nop
0x0000000000400496 <+34>:    mov    $0x3,%eax
0x000000000040049b <+39>:    jmp    0x4004a3 <main+47>
0x000000000040049d <+41>:    nop
0x000000000040049e <+42>:    mov    $0x1,%eax
0x00000000004004a3 <+47>:    leaveq 
0x00000000004004a4 <+48>:    retq   
End of assembler dump.
Solution

  • The eflags register is made up of single bits, each being a flag.

    When displaying the flags, they can be combined in a larger numeric entity (like 0x293 in your example), or each can have a symbol on its own (like in "[CF AF SF IF]" with the carry flag CF, adjust flag AF, sign flag SF and interrupt flag IF.

    The Intel 64 and IA 32 Architecture Software Developer's Manual Vol. 1 describes the flags in detail in chapter 3.4.3.

    The most important (for application developers) are:

    bit | sym | name
------------------
  0 |  CF | carry
  1 |  -- | (always 1)
  2 |  PF | parity
  3 |  -- | (always 0)
  4 |  AF | adjust
  5 |  -- | (always 0)
  6 |  ZF | zero
  7 |  SF | sign
  8 |  TF | trap
  9 |  IF | interrupt
 10 |  DF | direction
 11 |  OF | overflow

    Combining those in your example (CF AF SF IF) gives the binary value 1010010011, where the rightmost digit is the carry flag, and the leftmost the interrupt flag. Converted to hexadecimal it gives exactly 0x293.