RFLAGS

The register RFLAGS - also known as register of flags - is a specific register processors of the family X86-64 (64 bits). It is compatible with registers EFLAGS and FLAGS inherited the families X86 (32 bits) and the preceding one (16 bits).

It makes it possible to constantly fix and know the state of the processor thanks to different the bits which composes it. This register thus makes it possible to have at any moment the state resulting from an instruction having been carried out by the processor, the majority of the instructions of the processors x86 affecting this register.

The state of the various bits (flags) of register RFLAGS allows the processor to make decisions, for example on the level of the conditional connections (jumps and loops) or after an arithmetic operation (retained or overflow, etc).

Overall picture of register RFLAGS

Register RFLAGS consists of 64 bits and is available only under the processors 64 bits (X64-86. It is however compatible retroactively with the registers EFLAGS (available on the processors x86 32 bits) and FLAGS (available on processors 16 and 32 bits). It is composed as follows:

  • RFLAGS : 64 bits, bits 63 to 0.

  • EFLAGS: 32 bits, bits 31 to 0.
  • FLAGS: 16 bits, bits 15 to 0.

In the event of execution in mode of compatibility 32 bits (when the processor 64 bits carries out code 32 bits) only EFLAGS and FLAGS are accessible.

Nota Bene: Bits 63 to 32,31 to 22,15,5,3,1 (in gray on the table) are reserved bits, their use and operation is unknown. Bits 15,5,3,1 have a value fixes given in the table above.

It will be noted that one says of a flag that it is armed when it to 1 and is disarmed when it is to 0.

Categories of flags

One distinguishes three categories different of flags inside register RFLAGS.

  • flags of state.

  • the flag of control.
  • the flags system.

Flags of state

Bits 0,2,4,6,7 and 11 of register RFLAGS indicate the arithmetic results of operations resulting from instructions such as ADD, DIV, MUL, SUB, etc

  • CF (bit 0) Curry Flag (Flag of reserve): This flag is armed if an arithmetic operation generates a reserve on the most significant bit (bit of strong weight). The flag is disarmed in the other cases. This flag thus indicates a condition of overflow into arithmetic whole not signed. It is also used for the arithmetic one in multiple precision.

  • PF (bit 2) Parity Flag (Flag of parity): Armed if the weak Octet of weight (the least significant byte) of the result generated after an arithmetic operation contains an even number of bits with 1. The flag is disarmed in the other cases.

  • AF (bit 4) Adjust Flag (Flag of adjustment): Armed if the result of an arithmetic operation generates a result causing a reserve on the third bit. The flag is disarmed in the other cases. This flag is useful only in the use of coding BCD.

  • ZF (bit 6) Zero Flag (Flag zero): Armed if the résulat of a arihmetic operation is worth zero. The flag is disarmed in the other cases.

  • SF (bit 7) Sign Flag (Flag of sign): Armed if the result of an arithmetic operation has a bit of strong weight (the most significant bit) with 1, thus indicating a signed number. The flag is disarmed in the other cases (possibly indicating a résulat not signed, i.e. positive).

  • OFF (bit 11) Overflow Flag (Flag of overflow): Armed if the result constitutes a positive or negative number (by excluding the bit from sign) not being able to hold in the operand of destination. The flag is disarmed in the other cases. This flag indicates a condition of overflow for the arithmetic operations signed on the entireties.

Instructions affected by the flags of state

The following conditional instructions use one or more flags of state like condition for the conditional connections, the armament of bytes or the conditions of end of loop:
  • J DC : Jump one condition codes DC (for example instructions I, OJ, JNC, etc).
  • SET DC : Set one condition codes DC (for example instructions SETNE, SETNO, etc).
  • LOOP DC : Loop one condition codes DC (for example instructions LOOPE, LOOPNZ, etc)
  • CMOV DC : Conditional move one condition codes DC (for example instructions CMOVNZ, CMOVNO, etc)

Instructions modifying the flags of state

Only the flag CF can be modified directly via certain instructions. The instructions aptent to modify it are the following instructions:
  • CMC
  • CLC
  • STC

The following instructions, working on bits, can copy a specific bit directly in the flag CF :

  • BT
  • BTC
  • BTR
  • BTC

Flag of control

Bit 10 of register RFLAGS is the only flag of control (also called flag of direction).

  • DF (bit 10) Direction Flag (Flag of direction): This flag is used jointly with the instructions operating on the character strings. When flag DF is armed, the addresses of the character strings are car décrémentées (thus going from the highest addresses towards the lowest addresses). When the flag is disarmed, the addresses of the character strings are car incremented (energy of the lowest addresses towards the highest addresses. No result of operation makes it possible to arm or disarm the flag of direction. Only two instructions make it possible to specify its state explicitly.

Instructions affected by the flag of control

The instructions working on the character strings are the only instructions affected by the flag of direction. These instructions are the following ones:

  • CMPS

  • LODS
  • MOVS
  • SCAS
  • STOS

Instructions modifying the flag of control

The instructions making it possible to modify the flag of direction directly are the following instructions:
  • STD (for S e' you D irection Flag): The flag arms with direction.
  • CLD (for C lear D irection Flag): Disarm the flag of direction.

The flags system

The flags system of register RFLAGS are controlled by the Operating system or the operations of monitoring system. In normal weather a applicatif program should not modify the state of these flags. It will be noted that bits 12 and 13 are not to regard a flag but as a field (field IOPL).

  • TF (bit 8) Trap Flag (Flag of trap door): When it is armed, this flag allows the Débogage in mode step by step, i.e. instruction by instruction. When it is disarmed, the mode step by step is inoperative (normal functioning).

  • IF (bit 9) Interrupt Flag (Flag of interruption): This flag controls the way in which the processor answers the requests of maskable interruptions (i.e. désactivables). When it is armed, the processor can answer the interruption masked, in the contrary case (flag disarmed IF), the processor will not be able to answer the masked interruptions.

  • IOPL (bits 12 and 13) Input/Output privilege level field (Field of level of privilege of entry and exit): This field indicates the level of privilege in input/output (E/S) of the program or the current task. The level of current privilege of the program or the task in court must be equal or lower than the level of privilege of i/o to reach the space of addressing. This field can be modified only with one level of privilege equal to 0 (level of privilege highest). This concept of levels of privileges is implemented through the rings of protection.

  • NT (bit 14) Nested task Flag (Flag of chained task): This flag controls the stopped and called task sequencing. It indicates thus, when it is armed, if the current task is related to a task relative (the task which was carried out before) via the instruction CAL or by the means of an interruption. When it is disarmed, this flag states simply that the current task does not have a task relationship.

  • RF (bit 16) Summarized Flag (Flag of restarting): This flag controls the response of the processor to the exceptions of debugging. It ensures in particular that debugging in step by step (see flag TF) intervenes only once by instruction.

  • VM (bit 17) Virtual-8086 mode Flag (Flag of virtual mode 8086): When this flag is armed the processor is in virtual mode 8086. When it is disarmed, the processor returns in protected mode.

  • AC (bit 18) Alignment Check Flag (Flag of checking of alignment): This flag, when it is armed, ensures a checking of alignment of the references memory. When it is disarmed, no checking of alignment is carried out. This flag requires to jointly arm the bit AM with the check register CR0.

  • SHARP (bit 19) Virtual Interrupt Flag (Flag of virtual interruption): This flag is a virtual image of the flag IF. It is used in conjunction with flag VIP (bit 20).

  • VIP (bit 20) Virtual Interrupt Pending Flag (Flag of virtual interruption on standby): When it is armed this flag indicates that an interruption is on standby. When it is disarmed this flag indicates that no interruption is on standby. Only the programs can arm or to disarm this flag, the processor does nothing but read it. To use jointly with the SHARP flag (bit 19).

  • ID (bit 21) Identification Flag (Flag of indentification): If a program with the possibility of armed or with disarmed this flag, that indicates that the processor supports the use of instruction CPUID.

Instructions affected by the flags system

Generally the flags system does not change the way in which is carried out the instructions, they affect only the operation general of the operating system. However, field IOPL can for example make it possible to use certain instructions at various levels of protections.

Instructions modifying the flags system

Only field IOPL (bits 12 and 13) can be affected directly by instructions. These instructions are usable only if the level of privilege is highest (level 0):

  • IRET

  • POPF

Instructions affecting RFLAGS

In addition to the instructions making it possible to arm or disarm only one bit (see two for fields IOPL) register RFLAGS, certain instructions make it possible to read to see to write whole or part of register RFLAGS. These instructions are:

  • LAHF : bits 0 to 15 of RFLAGS (i.e. FLAGS) are put in register AH (operation of reading).

  • SAHF: the contents of register AH are placed in bits 0 to 15 of RFLAGS (operation of writing).
  • POPF: the word of 16 bits currently on the top of the pile is placed in bits 0 to 15 of RFLAGS (operation of writing) - in mode 64 bits, the instruction behaves like POPFQ.
  • POPFD: the double word (32 bits) currently in top of the pile is placed in RFLAGS (operation of writing) - in mode 64 bits, the instruction behaves like POPFQ.
  • POPFQ: the quadruple word (64 bits) currently in top of the pile is placed in RFLAGS (operation of writing).
  • PUSHF: bits 0 to 15 of RFLAGS are thorough on the pile (operation of reading) - in mode 64 bits, the instruction behaves like PUSHFQ.
  • PUSHFD: the contents of RFLAGS (32 bits) are thorough on the pile (operation of reading) - in mode 64 bits, the instruction behaves like PUSHFQ.
  • PUSHFQ: the contents of RFLAGS (64 bits) are thorough on the pile (operation of reading).

Example of use of RFLAGS

Different N.B: These code are achievable only on one processor of the family X86-64 (64 bits).

Languages C or C++

  • Microsoft Visual C++ 

 
      
  1.  include  
 
 
 
int hand (void)
{
	unsigned long length var_RFLAGS = 0;
 
 
	__asm {
		PUSHFQ; // pushes the 64 bits of RFLAGS on the pile
		POP var_RFLAGS; // puts RFLAGS in the variable var_RFLAGS
	}
 
 
	std:: cost << std:: hex << " Value of register RFLAGD: 0x" << var_RFLAGS;
 
 
	return 0;
}

Random links:Précy-under-Thil | End of Eternity | Saber Japanese | Dinky Toy | Rue du Marché- with-Coal | L'eau_de_Grafham