The Intel 32-bit Register Set
 

eFlags

31 21 16 15 8 7 0
Reserved ID  VIP  VIF  AC  VM  RF  NT  IOPL OF  DF  IF  TF  SF  ZF  AF  PF CF 

 

BitNameDescription
8 Trap Flag (TF) Single-step mode active when set.
9 Interrupt Flag (IF) Interrupts allowed when set.
10 Direction Flag (DF) Auto-increment string operatings when clear, auto-decrement when set.
12-13 I/O Privilege Level (IOPL) Privilege level needed to do I/O instructions.
14 Nested Task (NT) If set, IRET back-switches.
16 Resume Flag (RF) Flag to ensure single-step only happens once per instruction.
17 Virtual 8086 Mode (VM) When set, CPU operates in pseudo-real mode.
18 Alignment Check (AC) If set and CR0[AM] = 1, alignment checks are made.
19 Virtual Interrupt Flag (VIF)  
20 Virtual Interrupt Pending (VIP)  
21 CPU Identification (ID) Modifiable if CPU supports CPUID instruction.

Control Register 0 (CR0)

31 30 29 28...19 18 17 16 15...6 5 4 3 2 1 0
PG CD NW 0 AM 0 WP 0 NE ET TS EM MP PE

 

BitNameDescription
0 Protection Enable (PE) If set, operates in protected-mode.
1 Math Present (MP) Set if coprocessor present.
2 Emulate Numeric Extension (EM) When set, FP instructions may be emulated in software.
3 Task Switched (TS) Set after a task-switch.
4 Extension Type (ET) Set if 387 or higher coprocessor.
5 Numeric Error Enable (NE) If set, generates exception 16 on coprocessor error.
16 Write Protect (WP) When set, enforces read-only pages for the kernel.
18 Alignment Mask (AM) When set, can generate AC exception.
29 Not Write-Through (NW)  
30 Cache Disable (CD)  
31 Paging Enable (PG) When set, operates in paged mode

Segment Registers

The 6 segment registers are all loaded with a segment selector, which is an offset into either the GDT or the current LDT. A segment selector is only 16 bits long and looks like this:

15 ... 3 2 1 .. 0
index into GDT or LDTTIRPL

The Table Indicator (TI) bit indicates to the processor where to look for the specified selector. If this bit is set, the processor checks the LDT (Local Descriptor Table); if clear, the processor looks in the GDT (Global Descriptor Table).

The Requested Privilege Level (RPL) for a selector is checked when it is loaded into a segment register. The CPL must be at least as privileged as the RPL, which must be at least as privileged as the DPL. For instance, an application (CPL 3) can load a data segment with a DPL of 3, as long as it sets the lowest 2 bits, setting the RPL to 3 also. It cannot load a data segment with DPL 0. The kernel (CPL 0) can load any data segment (from DPL 0 to DPL 3), as long as it correctly sets the RPL. For DPL 3, this means an RPL of 3; for DPL 0, either RPL 0 or RPL 3 could be used.

CS is short for the Code Segment and must be set to an executable segment.  The privilege level set in CS is the privilege level of the running program (also called the CPL, or current privilege level).

The segment registers DS, ES, FS, GS are all meant for data and should all be set to a data segment (most likely writable). The privilege levels requested by each of these selectors (the RPL, or requested privilege level) must be greater (less privileged) than the CPL.

SS is short for the Stack Segment and must be set to a writable data segment. 

General Purpose Registers

The i386 has 8 registers which are referred to as the general purpose registers, even though all of them have some specialized purpose for some instructions. This is their story:

  • EAX: the accumulator
  • EBX: the base register
  • ECX: the count register
  • EDX: the data register
  • ESI: the source index
  • EDI: the destination index
  • EBP: the base pointer
  • ESP: the stack pointer

Instruction Pointer and CR3