Geek Answers Handbook

How to change the value of the eflags register in GDB?

set $eflags does not change the value of eflags .

The old eflags value remains after eg. =>$set $eflag=0x243 [this is just an example of input].

Alternatively, is there a way to set individual eflags flags?

I am looking for something like: set ZF[zero flag] . Is there a gdb command for this?

+6
source share
4 answers
 set ($eflags)=0x243

worked in my tests for any hex value.

+6
source

set $eflags without brackets in GDB 7.7.1

To set an individual flag, use its index. For example, ZF is the 6th bit, so we can set it with:

 set $ZF = 6 set $eflags |= (1 << $ZF)

The same applies to all other bitwise operations: How do you set, clear and switch one bit?

 # Clear set $eflags &= ~(1 << $ZF) # Toggle set $eflags ^= (1 << $ZF)

What causes confusion is that many bits are reserved, cannot be changed directly by any instruction, or cannot be changed from user mode, see also: Register flags - Can we read or write them directly? and therefore GDB does not touch them.

For instance:

 (gdb) set $eflags = 0 (gdb) ir eflags eflags 0x202 [ IF ] (gdb) set $eflags = 0xFFFFFFFF (gdb) ir eflags eflags 0x54fd7 [ CF PF AF ZF SF TF IF DF OF NT RF AC ]

0x202 in binary format:

 0010 0000 0010

0x54fd7 in binary format:

 0101 0100 1111 1101 0111

TODO understand why each of these bits was set or not by looking at the manual http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software -developer-vol-1-manual.pdf and GDB source code.

I understand:

  • all reserved registers remained with a fixed value: 1 for bits 1 and 0 for bits 3, 5, 15 and 22-31
+9
source 
 eflags [ ZF ]

And if you want to set an arbitrary value, use this

eflags 0x42

0
source

It is incorrect to set all flags in the eflags register. Thus, some bits are reserved and must be equal to 0. (3,5,15,22 and higher) bit 1 must be 1. There are also rflags. But hello jerome. Therefore, there is no need to use rflags instead of eflags for all operations with modified flags. But I know people who use free bits for their own use. More suitable rflags hi dword. Thus, in a 64-bit architecture there are enough free registers to use. But there is no 32-bit arch. Therefore, it is highly recommended that you do this. Since future arches may use some of these bits. But these flags do not relate to changing the shape of the 32-bit arc to 64. This is the only register that cannot be changed at all. Thus, all possible reasons for any case are already being used. I do not think that any situation that can be used, some additional flag is still not used. This may be due to a change in the architecture of the cardinal processor. I do not think that some decided to do this for an obvious reason, all soft ones should be discarded and rewritten from the very beginning. This is an extremely difficult and huge job ...

0
source

More articles:


All Articles