The default value of Direction Flag (DF) at runtime x86

Question

The default value of Direction Flag (DF) at runtime x86

When disassembling, I often see that string manipulation instructions are used without regard to the state of the direction flag (DF), for example:

or ecx, 0FFFFFFFFh xor eax, eax mov edi, ebp repne scasb

No CLD or STD instructions were found because the function starts, nor other instructions that may affect the DF flag.
So, does the compiler accept the predefined state of this flag from the moment the program starts, kindly provided by the loader and remains unchanged during program execution?

+5

assembly x86 cpu-registers flags

def Dec 11 '16 at 19:37

source share

2 answers

This is indicated by the ABI platform that you are using. System V Intel386 ABI (chapter "Registers" and "Stack Structure") states that:

The direction flag must be set to “forward” (that is, zero) before entering and after exiting the function.

The same requirement is preserved in AMD64 ABI (Dropbox link, since x86-64.org does not work) (section 3.2.1 Registers and frame stack):

The DF direction flag in the %rFLAGS register must be clear (set to "forward") to enter and return the function.

So yes, userland code can safely assume that DF set to zero.

+3

Daniel Kamil Kozar Jan 17 '17 at 10:52

source share

Bo persson · Accepted Answer · 2017-01-17T19:50:29+0000

The compiler runtime, including code compiled for the operating system, expects the flag to be in a certain state. Other code may also use this assumption and should not constantly clear the flag.

MSDN as directed

The default value of Direction Flag (DF) at runtime x86

More articles: