Reversing : The Hacker's Guide to Reverse Engineering

Figure 2.3 General-purpose registers in IA-32.

Flags

IA-32 processors have a special register called EFLAGSthat contains all kinds

of status and system flags. The system flags are used for managing the various

processor modes and states, and are irrelevant for this discussion. The status

flags, on the other hand, are used by the processor for recording its current log-

ical state, and are updated by many logical and integer instructions in order to

record the outcome of their actions. Additionally, there are instructions that

operate based on the values of these status flags, so that it becomes possible to

EDX

32 Bits

DX

16 Bits

DH DL

8 Bits 8 Bits

EAX

32 Bits

AX

16 Bits

AH AL

8 Bits 8 Bits

ECX

32 Bits

CX

16 Bits

CH CL

8 Bits 8 Bits

EBX

32 Bits

BX

16 Bits

BH BL

8 Bits 8 Bits

ESP

32 Bits

SP

16 Bits

EBP

32 Bits

BP

16 Bits

ESI

32 Bits

SI

16 Bits

EDI

32 Bits

DI

16 Bits

46 Chapter 2