flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > Extract EFlags and print it ?
Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 19:46
Hi, I'm currently working on small debugger program, I'm trying to extract EFlags and display it as decimal values like 0 or 1. What's the simplest way to print out flag values ? I'm using pushfd/pop ax for accessing flags but I don't know how to convert that bits to decimal.
Thanks.
Post 26 Aug 2012, 19:46
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 26 Aug 2012, 20:28
Code:
stdcall NumToStr, eax, ntsDec + ntsUnsigned
push   eax
stdcall FileWriteString, [STDOUT], eax
stdcall StrDel
Post 26 Aug 2012, 20:28
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 20:48
Huh ? I have never seen such code before. What the NumToStr/FileWriteString/StrDel functions does ?
Post 26 Aug 2012, 20:48
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 26 Aug 2012, 21:02
They are from FreshLib. You can download it with Fresh IDE (the above link) but you can use it with every version of FASM. The reference manual is included in Fresh IDE package.

Anyway: NumToStr converts number to string. FileWriteString writes the string to the file (STDOUT in the example) and StrDel destroys the string.
Post 26 Aug 2012, 21:02
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 21:26
duh.. I need to translate these things in C-s inline ASM, I don't like dependencies Sad I'm aiming to pure ASM code, that will set (e.g. EAX to 1 if CF = 1) and so on..
Thanks ! Smile
Post 26 Aug 2012, 21:26
View user's profile Send private message Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1417
Location: Piraeus, Greece
Picnic 26 Aug 2012, 21:31
Hi,
Try this way,

Code:
        format PE CONSOLE
        include "win32ax.inc"

.data
        buf rb 33

.code
main:
        call flags
        invoke MessageBox, 0, buf, "", MB_OK
        ret

flags:
        pushad
        pushfd

        pushfd
        pop ebx
        mov edi,buf
        mov ecx,32
        cld
            @@:
        xor al,al
        shl ebx,1
        adc al,'0'
        stosb
        loop @B
        xor al, al
        stosb

        popfd
        popad
        ret

.end main
Post 26 Aug 2012, 21:31
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 21:35
I don't understand, AFAIK there is only 8 flags, but that displayed much more than 8.. Why or what I don't know yet ? Very Happy
Post 26 Aug 2012, 21:35
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 21:46
as I guess, they have different offsets according to this ? -> http://www.c-jump.com/CIS77/ASM/Instructions/I77_0070_eflags_bits.htm
Post 26 Aug 2012, 21:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20628
Location: In your JS exploiting you and your system
revolution 26 Aug 2012, 21:53
Overflowz wrote:
as I guess, they have different offsets according to this ? -> http://www.c-jump.com/CIS77/ASM/Instructions/I77_0070_eflags_bits.htm
I can't understand why one wants to get information from third party sources when the original manuals from AMD and/or Intel have the latest detailed and correct information.
Post 26 Aug 2012, 21:53
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 21:55
Because I don't have time for searching in manuals because of hard job, isn't it enough ?..
Post 26 Aug 2012, 21:55
View user's profile Send private message Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1417
Location: Piraeus, Greece
Picnic 26 Aug 2012, 21:57
Code converts a double word to binary.
Suppose you want to display only 16 bits of eflags register,
Code:
   ;
   ;
        pushfd
        pop ebx
        shl ebx,16
        mov edi,buf
        mov ecx,16
        ;
        ;
Post 26 Aug 2012, 21:57
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1044
Overflowz 26 Aug 2012, 22:07
I did some tests and SHL was not successful. Instead, SHR did job starting from carry flag to end. Am I doing everything right ? I need only status and control flags to be extracted, so I should check positions of each bits right ?
Post 26 Aug 2012, 22:07
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.