2

Stepping through instructions I can see the result of rflags change,

rflags C1PSI rflags 1PZI

Is there anything that expands this into the appropriate flags. I know Z is Zero-flag, and P is Parity, but I forget some of the more esoteric ones. And, what does the 1 stand for? What I would like is something like this

rflags 1P - [P]arity Flag ON k - [k]whatever Flag On Z - [Z]ero Flag On I - [I]whatever Flag On

So I can find out what k and I are without going to wikipedia.

Improve this question

2 Answers 2

Reset to default
4

You can use the command dr 1 to see every flag's value.

dr 1

Improve this answer
1

doesn't google give you that i see a million hits :( https://en.wikipedia.org/wiki/FLAGS_register CPAZSTID carry , parity , adjust , zero, sign , trap , interrup , direction

radare can tell what they mean

only interrupt flag cant be disabled 0x200 [0x77d570d8]> dr cf=0;dr pf=0 ;dr af=0;dr zf=0;dr sf=0;dr tf=0; dr df=0; dr of=0; dr= eflags I esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=0 ;dr af=0;dr zf=0;dr sf=0;dr tf=0; dr df=0; dr of=0; dr= eflags CI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=0;dr zf=0;dr sf=0;dr tf=0; dr df=0; dr of=0; dr= eflags CPI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=0;dr sf=0;dr tf=0; dr df=0; dr of=0; dr= eflags CPAI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=1;dr sf=0;dr tf=0; dr df=0; dr of=0; dr= eflags CPAZI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=1;dr sf=1;dr tf=0; dr df=0; dr of=0; dr= eflags CPAZSI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=1;dr sf=1;dr tf=1; dr df=0; dr of=0; dr= eflags CPAZSTI esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=1;dr sf=1;dr tf=1; dr df=1; dr of=0; dr= eflags CPAZSTID esp 0x001efa90 [0x77d570d8]> dr cf=1;dr pf=1 ;dr af=1;dr zf=1;dr sf=1;dr tf=1; dr df=1; dr of=1; dr= eflags CPAZSTIDO esp 0x001efa90

and radare can print the name of flags also 

C:\> radare2 - -Q -c drl | tail -n 15 eflags flags cf pf af zf sf tf if df of nt rf vm C:\>
Improve this answer
4
  • Yes, I found that with Google. However, most of the time when I use Google and Radare together, I find out later that I'm simply not using Radare right. I'll even upvote you -- Clearly I can open the Intel manual though. I half expect there to be a visual command that tells me what they all mean though. Commented Apr 17, 2018 at 21:03
  • radare can tell what which flag means Commented Apr 17, 2018 at 22:22
  • dr doesn't show me that, it just shows rflags = 0x00000200 Commented Apr 17, 2018 at 22:25
  • it is dr= not plain dr dr= shows it in column and interpretes the flag values Commented Apr 17, 2018 at 22:27

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.