well, I know that CLD clears direction flag and STD sets direction flag. but what\'s the point in setting and clearing direction flag?
The direction flag is used to influence the direction in which string instructions offset pointer registers. These are the same instructions that can be used with the REP prefix to repeat the operation.
(Although lods
isn't very useful with rep
).
The string instructions are: MOVS (copy mem to mem), STOS
(store AL/AX/EAX/RAX), SCAS
(scan string), CMPS
(compare string), and LODS
(load string). There's also ins
/outs
for copying between memory and an IO port. Each of these instructions is available in byte, word, dword, and qword operand sizes.
In a nutshell, when the direction flag is 0, the instructions work by incrementing the pointer to the data after every iteration (until ECX
is zero or some other condition, depending on the flavour of the REP
prefix), while if the flag is 1, the pointer is decremented.
For example, movsd copies a dword from [ds:esi]
to [es:edi]
(or rdi in 64-bit mode), and does this: (See the "Operation" section in the linked ISA reference manual entry extracted from Intel's PDFs)
dword [es:edi] = dword [ds:esi] // 4-byte copy memory to memory
if (DF == 0)
esi += 4;
edi += 4;
else // DF == 1
esi -= 4;
edi -= 4;
fi
With a REP prefix, it does this ECX times, and modern x86 CPUs have optimized "fast strings" microcode that does the copying (or stos
storing) with 16-byte or 32-byte internal operations. See also this Q&A about memory bandwidth and the ERMSB feature. (Note that only rep stos
and rep movs
are optimized this way, not repne/repe scas
or cmps
).
CLD CLears the Direction flag, data goes onwards. STD SeTs the Direction flag, data goes backwards.
CLD: Clears the DF flag in the EFLAGS register. When the DF flag is set to 0, string operations increment the index registers (ESI and/or EDI).
here is a simple example:
section .text
global main
main:
mov ecx, len
mov esi, s1
mov edi, s2
cld ; redundant because DF is already guaranteed to be 0 on function entry
; but included for illustration purposes
loop_here:
lodsb ; AL=[esi], ESI+=1 (because DF=0, otherwise ESI-=1)
add al, 02
stosb ; [edi]=AL, EDI+=1 (because DF=0, otherwise EDI-=1)
loop loop_here ; like dec ecx / jnz but without setting flags
; ECX=0, EDI and ESI pointing to the end of their buffers
mov edx, len-1 ;message length, not including the terminating 0 byte
mov ecx,s2 ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel
mov eax,1 ;system call number (sys_exit)
xor ebx,ebx
int 0x80 ;call kernel: sys_exit(0)
section .data
s1: db 'password', 0 ; source buffer
len equ $-s1
section .bss
s2: resb len ; destination buffer
(assemble and link with nasm -felf32 caesar.asm && gcc -no-pie -m32 caesar.o -o caesar
. Or link it into a static executable with this as _start
instead of main
if you like.)
(this example tried to implement Caesar cipher.)
If using Windows, then as per the STDCALL calling convention -
Under STDCALL, the direction flag is clear on entry and must be returned clear.
So if you set DF, then before an API call you must clear it.
CLD: clear direction flag so that string pointers auto increment after each string operation
STD: std is used to set the direction flag to a 1 so that SI and/or DI will automatically be decremented to point to the next string element when one of the string instruction executes.If the direction flag is set SI/DI will be decremented by 1 for byte strings and 2 for word strings.
This answer can be helpful for you.