incorrect EFLAGS value

[gyorokpeter]

>>> from triton import *
>>> setArchitecture(ARCH.X86)
>>> inst1 = Instruction('\xb8\xff\xff\x00\x00')
>>> inst2 = Instruction('\xbb\x80\x80\x00\x00')
>>> inst3 = Instruction('\x21\xd8')
>>> processing(inst1)
True
>>> processing(inst2)
True
>>> processing(inst3)
True
>>> inst1
0: mov eax, 0xffff
>>> inst2
0: mov ebx, 0x8080
>>> inst3
0: and eax, ebx
>>> getConcreteRegisterValue(REG.EFLAGS)
0L

When I check the EFLAGS value in a debugger I get 0x202.

[JonathanSalwan]

Actually, EFLAGS is never used. We separated each flag as single isolated register of 1-bit. Why? To avoid huge expressions of concat and extract and thus, reduce expressions complexity.

[gyorokpeter]

Could there be a specific function to fill the EFLAGS register with the concretized value of the concatenated flags?

[JonathanSalwan]

mmmh just checked right now and and 0xffff, 0x8080 defines no flags. Your 0x202 is probably defined by old flags.

>>> setArchitecture(ARCH.X86)
>>> inst1 = Instruction('\xb8\xff\xff\x00\x00')
>>> inst2 = Instruction('\xbb\xff\xff\x00\x00')
>>> inst3 = Instruction('\x21\xd8')
>>> processing(inst1)
True
>>> processing(inst2)
True
>>> processing(inst3)
True
>>> inst1
0: mov eax, 0xffff
>>> inst2
0: mov ebx, 0xffff
>>> inst3
0: and eax, ebx
>>> getConcreteRegisterValue(REG.EFLAGS)
4L

[JonathanSalwan]

Is it ok? Can we close?

[gyorokpeter]

Yes.

[gyorokpeter]

There are 2 bits that should always be set:
https://en.wikipedia.org/wiki/FLAGS_register
1 Reserved, always 1 in EFLAGS
9 IF Interrupt enable flag

These must always be 1. Theoretically bit 9 could be cleared with a CLI instruction but (at least in a user mode program) it results in a crash.

It's possible to manually set the correct value but maybe the default value in Triton should reflect this observation.