$S@g·, g@S$$$ $$$$$$+-ł ś. `@g, .ś- -+g@ ½üżų^_ +-Ä- - $$$$$$-- -Ä-$b,`$-- --- y '-- Ä- -$$ g@S$$$-Ä- ---+ «¬¬«¬ $$$$$$ ¬¬«« $$l $ ¬¬«¬« $ «¬«¬¬«¬ $$ $$$$$$ «¬«¬¬« ¬¬«¬« $$$$$$ ¬«¬¬ $$$ l «¬«¬« $ ¬«¬¬«¬« $$ $(dt)$ ¬«¬¬«¬ +-- Ä -l$$ü$$-Ä-- -$$$ $Ä- --- $`+,._ _,$l $$$$$$-- Ä- -+ $$$y$$ Sü',$ ü $$,ųż½SQ$ ½üżų^~ ,g@$$ ,g@S@, $$$l `żÓ*S,_ _`*S$$b._ ,SSü' This article comes from Hugi issue 16 ś Released on July 29th, 1999 ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ THE CPUID INSTRUCTION RAWHED ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ THE CPUID INSTRUCTION ÄÄÄ( Rawhed / Sensory Overload )ÄÄÄ Introduction Ever needed to know what processor your program/demo was running on? I did. After looking at these lengthy hacks people wrote long ago (before the CPUID instruction) to identifty rudimentary processor information, I was very glad when I did stumble into CPUID. I didn't touch the instruction for months as I didn't know how to use it, thought that all it did was output 1 for p5, 2 for p6, 3 for ppro etc. Hehe, luckily that's NOT the case! So here I am, a little wiser, about to tell you about this actually quite cool instruction. Some of you might be wondering why a demo would be wanting to know what processor it's running on? I'm not sure. But initially I thought it would be really cool for the demo to show specs about the machine it was running on, just before the demo began. Now that I think about it, that was a rather silly reason. Later on (after my cousin got his AMD machine), I wanted to create a demo which had 3DNow! and MMX support. So I needed the CPUID instruction to identify whether the chip could handle MMX/3DNow!. So far my MMX & 3DNow! enabled demo is going very well, and I'll probably write a tutorial about it soon. I'd like to see some more demos which support these technologies, as they are actually quite good. MMX didn't recieve a HUGE round of applause when it was released - even I thought it was just another one of Intel's gimmicks - but actually (surprisingly) after coding it a bit, I've found it to be actually very cool. So anyways, enough jaw-gyration - here is how it's all done. CPUID Intro CPUID is an assembler instruction, just like MOV or ADD is. It was implimented from late 486s and up. With cool new assemblers like NASM you can just type the instruction in straight, but with others you'll have to use the opcode which is: 0fh, 0a2h (two bytes). Instruction: CPUID Description: Used to return information about the processor type, family model and many other things. The amount of information that this instruction can return is growing all the time. Chip features can be returned, even L1/L2/L3 cache sizes. Input: Set EAX to the relivant level number. Output: Varies according to which level number you ask it for. Example: mov eax, 1 CPUID EFLAGS To Detect CPUID The first step is to check whether the computer actually supports the CPUID instruction! This can be done by looking at the EFLAGS register. Only 32 bit processors support the EFLAGS register. EFLAGS is just the 32 bit version of the 16 bit FLAGS register. The EFLAGS register is a 32 bit number, and each number is either set/unset (1/0) for certain things. Let's have a look: (Remember 16 bit machines will only have the 1st 16 bits.) (Remember you won't need most of this - it's mostly for interest's sake.) ----------------------------- Bit 00 : Carry flag Bit 01 : Always 1 Bit 02 : Parity flag Bit 03 : Always 0 Bit 04 : Auxilary Carry flag Bit 05 : Always 0 Bit 06 : Zero flag Bit 07 : Sign flag Bit 08 : Trap flag Bit 09 : Interupt flag Bit 10 : Direction flag Bit 11 : Overflow flag Bit 12 : I/O Privelage level Bit 13 : I/O Privelage level Bit 14 : Nested Task flag Bit 15 : Always 0 ----------------------------- Bit 16 : Resume flag Bit 17 : Virtual Mode flag Bit 18 : Alignment Check flag Bit 19 : Virtual Interupt flag Bit 20 : Virtual Interrupt Pending flag Bit 21 : Identification flag Bit 21->31 : Unspecified, so 0 ----------------------------- All we are interested in is Bit 21, the ID flag. But how do we get it? Let's consult our good ol' Intel.doc file we have lying in PCGPE. PUSHF/PUSHFD - Push Flags onto Stack Usage: PUSHF PUSHFD (386+) Modifies flags: None Transfers the Flags Register onto the stack. PUSHF saves a 16 bit value while PUSHFD saves a 32 bit value. Clocks Size Operands 808x 286 386 486 Bytes none 10/14 3 4 4 1 none (PM) - - 4 3 1 Cool! There you go. One thing interesting is that PUSHF & PUSHFD both have the same opcode, but it's supposed to figure out if its to parse 16 bit/32 bit depending on the destination operand. So here is how we would test for Bit 21: NOTE! Some processors support the CPUID instruction, but you have to turn the feature on, so this code tries to turn Bit 21 on and if successful, then CPUID works. ;cpuid supported? pushfd ;push the flags onto the stack pop eax ;pop them back out, into EAX mov ebx, eax ;keep original xor eax, 00200000h ;turn bit 21 on. push eax ;put altered EAX on stack popfd ;pop stack into flags pushfd ;push flags back onto stack pop eax ;put them back into EAX cmp eax, ebx jnz @CPUID_SUPPORTED ;COOL!! ;blah ;booo @CPUID_SUPPORTED: Returned Data - Standard Level 0 There are many levels that CPUID works at. You need to set these levels by setting EAX to the level number you want info about. New levels are being added to the CPUID instruction all the time, so I'll just introduct the most common and useful ones. There are also two types of levels: standard levels and extended levels. Standard levels go from 0 --> 7FFFFFFFh and extended goes from 8000000h --> FFFFFFFFh. EAX=0 Output: [EAX] - Maxiumum supported standard level [EBX-EDX-ECX] - CPU vendor ID string The maximum supported standard level is the maxiumum level you can take EAX up to in the CPUID instruction, supported by the current CPU. The CPU vendor string is really neat. Concatinate (join) EBX, EDX and ECX reading them as strings. This should return either: GenuineIntel (Intel processor) UMC UMC UMC (UMC processor) AuthenticAMD (AMD processor) CyrixInstead (Cyrix processor) NexGenDriven (NexGen processor) CentaurHauls (Centaur/IDT processor) RiseRiseRise (Rise Technology processor) So that's how you find out what make the chipset is. Apparently in some of the earlier implimentations of CPUID, you were able to change the value of the vendor ID string. This resulted in companies changing a lot of "CyrixInstead" to "GenuineIntel". Returned Data - Standard Level 1 Now it's time to get more details on the CPU. On level 1 we can find out if the CPU is a primary/secondard processor, what family it is, its model, and its stepping values. We can also find out what CPU features it supports, such as MMX, 3DNow! and a ton more. EAX=1 Output: [EAX] - Processor type/family/model/stepping [EDX] - CPU "Feature flags" For EAX, only the 1st 16 bits are used, so it's really AX that you need to use. It's structured like this: EAX FEDCBA9876543210 00TTFFFFMMMMSSSS T - Processor type (2bits) F - Processor family (4bits) M - Processor model (4bits) S - Processor stepping (4bits) Processor type: 11b = reserved 10b = secondary processor (for MultiProcessing) 01b = Overdrive processor 00b = primary processor Processor family: 4 = most 80486s, AMD 5x86, Cyrix 5x86 5 = Intel P5, P54C, P55C, P24T NexGen Nx586, Cyrix M1 AMD K5, K6, Centaur/IDT C6, C2 Rise mP6 6 = Intel P6, P2, P3, Cyrix M2 This family data may seem messy (and it is), but things are made easier when you combine this information with the VENDOR ID returned from level 0. And again this cummulative data must be combined to use the value returned in the "processor model" properly. Processor model: Intel 80486 0 i80486DX-25/33 1 i80486DX-50 2 i80486SX 3 i80486DX2 4 i80486SL 5 i80486SX2 7 i80486DX2WB 8 i80486DX4 9 i80486DX4WB UMC 80486 1 U5D 2 U5S AMD 80486 3 80486DX2 7 80486DX2WB 8 80486DX4 9 80486DX4WB E 5x86 F 5x86WB Cyrix 5x86 9 5x86 Cyrix MediaGX 4 GX, GXm Intel P5-core 0 P5 A-step 1 P5 2 P54C 3 P24T Overdrive 4 P55C 7 P54C 8 P55C (0.25µm) NexGen Nx586 0 Nx586 or Nx586FPU (only later ones) Cyrix M1 2 6x86 Cyrix M2 0 6x86MX AMD K5 0 SSA5 (PR75, PR90, PR100) 1 5k86 (PR120, PR133) 2 5k86 (PR166) 3 5k86 (PR200) AMD K6 6 K6 (0.30 µm) 7 K6 (0.25 µm) 8 K6-2 9 K6-III Centaur/IDT 4 C6 8 C2 Rise 0 mP6 Intel P6-core 0 P6 A-step 1 P6 3 P2 (0.28 µm) 5 P2 (0.25µm) 6 P2 with on-die L2 cache 7 P3 This list is NOT complete, for a better one, check INTEL/AMD/CYRIX. EDX contains 32bits, each one a flag indicating what features the chip supported. For my program I just used it to see if MMX was supported, then I just counted up the features and displayed how many features the chip had. EDX bit 00 - FPU on-chip bit 01 - Virtual mode extension (V86 Mode Extensions) bit 02 - Debugging extension bit 03 - Page size extension (4 MB pages) bit 04 - Time stamp counter & RDTSC instruction bit 05 - RDMSR / WRMSR instructions bit 06 - Physical address extension (36-bit address, 2MB pages) bit 07 - Machine check exception bit 08 - CMPXCHG8B instruction bit 09 - On-chip APIC hardware (multiprocesssor operation support) bit 10 - undefined bit 11 - SYSENTER / SYSEXIT instructions bit 12 - Memory type range registers bit 13 - Page global enable bit 14 - Machine check architecture bit 15 - Conditional move instruction (CMOV) bit 16 - Page attribute table bit 17 - 36 bit Page Size Extenions bit 18 - undefined bit 19 - undefined bit 20 - undefined bit 21 - undefined bit 22 - undefined bit 23 - MMX instructions bit 24 - Fast FPU save & restore (FXSAVE and FXRSTOR) bit 25 - SSE, MXCSR, CR4.OSXMMEXCPT, #XF bit 26 - undefined bit 27 - undefined bit 28 - undefined bit 29 - undefined bit 30 - undefined bit 31 - undefined I'm not sure what most of the above means, although I'd love to know. Anybody know? Returned Data - Standard Level 2 and 3 I'm not gonna talk much about levels 2 and 3 because my processor doesn't support them so I haven't tested them. Basically level 2 allows you to get details on the processor CACHE (L1 & L2). Level 3 allows you to get the processor's SERIAL number (if it has one). I wanna find out how to disable serial number on the PIIIs. Visit http://www.sandpile.org for more info on these levels. Returned Data - Extended Level 0 AMD introduced extended level for the CPUID instruction. The extended level is not supported by all processors, but is definately supported by: AMD K6, K6-2 Cyrix (starting with GXm - a successor of MediaGX, but not on MII) IDT C6-2. I'm not sure why this extended level was made, but level 0 starts with EAX being 80000000h, and so level 1 would be 80000001h. Not all CPUs support this extended level, so you need to test if it's supported. It's easy though. Just let EAX=80000000h, call CPUID and test the retured EAX value. If EAX >= 80000000h then the extended level is supported. This is works because, just like standard level 0, EAX = the maximum supported level. EBX, ECX & EDX return (just like standard level 0) the Vendor ID of the processor. There is a lot of fields which are duplicated in the extended levels from the standard levels. I think it is because the details for things such as VendorID, cpu model, family, type etc. had been fulled in the standard level so newer device details are stored in the extended level. But I'm not sure about this. EAX=80000000h Output: [EAX] - Maximum extended level supported [EBX-EDX-ECX] - VendorID Returned Data - Extended Level 1 Here again, it's VERY similar to the standard level 1. Although again it's still different. For instance to detect for 3DNow!, you can only use extended level 1. EAX=80000001h Output: [EAX] - Processor family/model/stepping [EDX] - CPU "Feature flags" EAX FEDCBA9876543210 0000FFFFMMMMSSSS F - Processor family(4bits) M - Processor model(4bits) S - Processor stepping(4bits) Processor family: 5 = AMD K5, Centaur/IDT C2 6 = AMD K6 Processor model: AMD K5 1 = 5k86 (PR120 or PR133) 2 = 5k86 (PR166) 3 = 5k86 (PR200) AMD K6 6 = K6 (0.30 µm) 7 = K6 (0.25 µm) 8 = K6-2 9 = K6-III Centaur/IDT 8 = C2 Most of the details in the extended features flag is the same, here are some main differences: EDX bit 15 - Integer conditional move instruction(CMOV) bit 16 - FPU conditional move instruction(FCMOV) bit 24 - Cyrix Extended MMX bit 31 - 3DNow! Returned Data - Extended Level 2 and 3 and 4 Cool, here is something very different from the standard level. These three levels are used in conjunction with eachother to return an ASCII string name of the processor. This sort of kills all those standard levels before which were a pain in the butt to use to find the processor type, family, model etc. But not all processors support this instruction. EAX=80000002h Output: [EAX] - Processors name string 01 [EBX] - Processors name string 02 [ECX] - Processors name string 03 [EDX] - Processors name string 04 EAX=80000003h Output: [EAX] - Processors name string 05 [EBX] - Processors name string 06 [ECX] - Processors name string 07 [EDX] - Processors name string 08 EAX=80000004h Output: [EAX] - Processors name string 09 [EBX] - Processors name string 10 [ECX] - Processors name string 11 [EDX] - Processors name string 12 Just concatinate all the values to form a 48 character string. If the string doesn't use all 48 characters, it just fills the rest of the space with NULL (zero) values. Some examples of strings are: "AMD-K6tm w/ multimedia extensions", "AMD K6-2 AMD-K6(tm) 3D processor", "AMD-K6(tm)-III Processor", "IDT WinChip 2-3D". Returned Data - Extended Level 5 This level is cool, it returns data about your level 1 cache. Unfortunately Cyrix doesn't adhere to its return value format, so you have to write a special function for the Cyrix ext level 5. Or just leave this level out if a cyrix is detected. Here is how everybody else (except Cyrix) handle things: EAX=80000005h Output: [EBX] - TLB data [ECX] - L1 DATA Cache data [EDX] - L1 CODE Cache data EBX bits 31..24 DATA TLB associativity (FFh=full) 23..16 DATA TLB entries 15..08 CODE TLB associativity (FFh=full) 07..00 CODE TLB entries ECX bits 31..24 DATA L1 cache size in KBs 23..16 DATA L1 cache associativity (FFh=full) 15..08 DATA L1 cache lines per tag 07..00 DATA L1 cache line size in bytes EDX bits 31..24 CODE L1 cache size in KBs 23..16 CODE L1 cache associativity (FFh=full) 15..08 CODE L1 cache lines per tag 07..00 CODE L1 cache line size in bytes Quite handy don't you think? Returned Data - Extended Level 6 This level is very cool, returns data about your level2 cache! EAX=80000006h Output: [ECX] - L2 Cache data ECX bits 31..16 L2 cache size in KBs 15..12 L2 cache associativity (Fh=full) 11..08 L2 cache lines per tag 07..00 L2 cache line size in bytes Quick Example Some quick very simple code, just to get you going: struct { long max_std_lvl; //maximum standard level supported char vendorID[13]; //13th for NULL char char mmx; //MMX supported? char _3dnow; //3DNow! supported? long max_ext_lvl; //maximum exteneded level supported }; mov edi,[ptr_to_cputable] ;Get VendorID mov eax,0 CPUID ;CPUID! mov [edi+0],eax ;max standard level supported add edi,4 mov [edi+0],ebx mov [edi+4],edx mov [edi+8],ecx mov [edi+12],byte 0 ;vendor ID string+padding add edi,16 ;Check for MMX mov EAX,1 CPUID mov ebx,edx and ebx,0x800000 shr ebx,23 mov [edi+0],bl ;MMX support? add edi,1 ;Check for 3DNow! mov [edi+0],byte 0 mov eax, 0x80000001 ;extended level 1 CPUID test edx, 0x80000000 jz @no_3dnow mov [edi+0],byte 1 ; 3DNow! technology supported @no_3dnow: add edi,1 ;Check maximum extended levels mov eax, 0x80000000 CPUID mov [edi+0],eax Closing Words The CPUID instruction is growing all the time, so the ammount of information you can extract from it is increasing! You can get seriously low-down-'n-dirty details about the CPU. For more information check out: http://www.sandpile.org Does anybody know where to find details on the PIII SSE/KNI/MMX2 instructions? -Rawhed/Sensory Overload -Mailto:andrew@overload.co.za -Http://www.overload.co.za -Andrew Griffiths -South Africa -05-07-1999