Reverse Engineering & Basics of Assembly – Part 2

Last time I covered registers in my Reverse Engineering series & I will be continuing with Flags this time.Reverse Engineering & Basics of Assembly – Part 2If you are  reading this article as a starter / for the first time & have missed the last one, I highly recommend you to read the previous one to get an idea of what is going on. Even you have read the last one; I would recommend one fresh read to continue as reversing needs dedication & clarity of thinking. The series is newbie friendly; you just need to follow it carefully. Ah well...Coming back to the topic...

A matter of FLAGS

A flag is a true/false, on/off or open/closed indicator or in layman terms, it’s a Boolean variable. Consider it as a traffic light signal where green means ‘OK’ to go & red means ‘STOP’. A flag is a single bit field that indicates the status of something, stores a binary value with an assigned meaning. On a modern 32 bit wintel CPU, the flag register is 32bit large. And to tell the truth :P there are 32 different flags & you need to know about each of them. Just kidding...In reversing, you will mostly mess with only 3 Flags
  • Z-Flag,
  • O-Flag
  • C-Flag.
These flags will be telling you how the code is executing, the jumps, loops & stuff.

The Z-Flag/ Zero Flag:
The Zero Flag is your best buddy in cracking & is most commonly used in reversing. It can be either set (1) or cleared (0) by several opcodes when the last instruction that was performed has 0 as net result. Take it as an example, you compare 2 values -
ABC = 1010 & XYZ=1010
If the comparison was success & the values are matched & we get 1 as result (lets suppose), then if Z flag was initially having value of 0, it will be set to 1. Converse is also true.

The O-Flag/Overflow Flag:
Contrary to Z flag, Overflow flag is quite less used in cracking. It is set to 1 when the last operation has cleared the most significant bit or has changed the highest bit of the register that gets the result of an operation. For example let’s suppose:
EAX holds the value 6FFFFF & we increase EAX by 1 & we get 700000, which will set the O-Flag as the operation has changed the highest bit of EAX
The C-Flag/Carry Flag:
The flag which you will use the least, the C-Flag (Carry flag) is set, if we add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.

Now you know your way around flags, we will be continuing with Memory basics, segments, stack & instructions in the coming issue.

Like this post ? "Join AlertPay"

(This is a series in which I will be describing what I learnt from tuts by lena51,orc,icezillion. True credits goes to them only.)

1 comment:

  1. Thanks For this Post. I'm really waiting for this for a Long Time.
    I'm interested in assembly but it is not in my syllabus.
    So Please Post the next Part (Part-3) as soon as possible.
    By the way, Thanks for Such a Nice post on assembly.


Need to say something ? Spell it out :)