Last time I covered registers in my Reverse Engineering series & I will be continuing with Flags this time.
If you are reading this article as a starter / for the first time & have missed the last one, I highly recommend you to read the previous one to get an idea of what is going on. Even you have read the last one; I would recommend one fresh read to continue as reversing needs dedication & clarity of thinking. The series is newbie friendly; you just need to follow it carefully. Ah well...Coming back to the topic...
A matter of FLAGS
A flag is a true/false, on/off or open/closed indicator or in layman terms, it’s a Boolean variable. Consider it as a traffic light signal where green means ‘OK’ to go & red means ‘STOP’. A flag is a single bit field that indicates the status of something, stores a binary value with an assigned meaning. On a modern 32 bit wintel CPU, the flag register is 32bit large. And to tell the truth :P there are 32 different flags & you need to know about each of them. Just kidding...In reversing, you will mostly mess with only 3 Flags
The Z-Flag/ Zero Flag:
The Zero Flag is your best buddy in cracking & is most commonly used in reversing. It can be either set (1) or cleared (0) by several opcodes when the last instruction that was performed has 0 as net result. Take it as an example, you compare 2 values -
The O-Flag/Overflow Flag:
Contrary to Z flag, Overflow flag is quite less used in cracking. It is set to 1 when the last operation has cleared the most significant bit or has changed the highest bit of the register that gets the result of an operation. For example let’s suppose:
The flag which you will use the least, the C-Flag (Carry flag) is set, if we add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.
Now you know your way around flags, we will be continuing with Memory basics, segments, stack & instructions in the coming issue.
Like this post ? "Join AlertPay"
If you are reading this article as a starter / for the first time & have missed the last one, I highly recommend you to read the previous one to get an idea of what is going on. Even you have read the last one; I would recommend one fresh read to continue as reversing needs dedication & clarity of thinking. The series is newbie friendly; you just need to follow it carefully. Ah well...Coming back to the topic...A matter of FLAGS
A flag is a true/false, on/off or open/closed indicator or in layman terms, it’s a Boolean variable. Consider it as a traffic light signal where green means ‘OK’ to go & red means ‘STOP’. A flag is a single bit field that indicates the status of something, stores a binary value with an assigned meaning. On a modern 32 bit wintel CPU, the flag register is 32bit large. And to tell the truth :P there are 32 different flags & you need to know about each of them. Just kidding...In reversing, you will mostly mess with only 3 Flags
- Z-Flag,
- O-Flag
- C-Flag.
The Z-Flag/ Zero Flag:
The Zero Flag is your best buddy in cracking & is most commonly used in reversing. It can be either set (1) or cleared (0) by several opcodes when the last instruction that was performed has 0 as net result. Take it as an example, you compare 2 values -
ABC = 1010 & XYZ=1010If the comparison was success & the values are matched & we get 1 as result (lets suppose), then if Z flag was initially having value of 0, it will be set to 1. Converse is also true.
The O-Flag/Overflow Flag:
Contrary to Z flag, Overflow flag is quite less used in cracking. It is set to 1 when the last operation has cleared the most significant bit or has changed the highest bit of the register that gets the result of an operation. For example let’s suppose:
EAX holds the value 6FFFFF & we increase EAX by 1 & we get 700000, which will set the O-Flag as the operation has changed the highest bit of EAXThe C-Flag/Carry Flag:
The flag which you will use the least, the C-Flag (Carry flag) is set, if we add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.
Now you know your way around flags, we will be continuing with Memory basics, segments, stack & instructions in the coming issue.
Like this post ? "Join AlertPay"
(This is a series in which I will be describing what I learnt from tuts by lena51,orc,icezillion. True credits goes to them only.)
Thanks For this Post. I'm really waiting for this for a Long Time.
ReplyDeleteI'm interested in assembly but it is not in my syllabus.
So Please Post the next Part (Part-3) as soon as possible.
By the way, Thanks for Such a Nice post on assembly.