The CPUID Instruction
Rawhed / Sensory Overload
Ever needed to know what processor your program/demo was running on? I did. After looking at these lengthy hacks people wrote long ago (before the CPUID instruction) to identifty rudimentary processor information, I was very glad when I did stumble into CPUID. I didn't touch the instruction for months as I didn't know how to use it, thought that all it did was output 1 for p5, 2 for p6, 3 for ppro etc. Hehe, luckily that's NOT the case!
So here I am, a little wiser, about to tell you about this actually quite cool instruction. Some of you might be wondering why a demo would be wanting to know what processor it's running on? I'm not sure. But initially I thought it would be really cool for the demo to show specs about the machine it was running on, just before the demo began. Now that I think about it, that was a rather silly reason. Later on (after my cousin got his AMD machine), I wanted to create a demo which had 3DNow! and MMX support. So I needed the CPUID instruction to identify whether the chip could handle MMX/3DNow!.
So far my MMX & 3DNow! enabled demo is going very well, and I'll probably write a tutorial about it soon. I'd like to see some more demos which support these technologies, as they are actually quite good. MMX didn't recieve a HUGE round of applause when it was released - even I thought it was just another one of Intel's gimmicks - but actually (surprisingly) after coding it a bit, I've found it to be actually very cool. So anyways, enough jaw-gyration - here is how it's all done.
CPUID is an assembler instruction, just like MOV or ADD is. It was implimented from late 486s and up. With cool new assemblers like NASM you can just type the instruction in straight, but with others you'll have to use the opcode which is: 0fh, 0a2h (two bytes).
Description: Used to return information about the processor type,
family model and many other things. The amount of
information that this instruction can return is
growing all the time. Chip features can be returned,
even L1/L2/L3 cache sizes.
Input: Set EAX to the relivant level number.
Output: Varies according to which level number you ask it for.
Example: mov eax, 1
EFLAGS To Detect CPUID
The first step is to check whether the computer actually supports the CPUID instruction! This can be done by looking at the EFLAGS register. Only 32 bit processors support the EFLAGS register. EFLAGS is just the 32 bit version of the 16 bit FLAGS register. The EFLAGS register is a 32 bit number, and each number is either set/unset (1/0) for certain things. Let's have a look:
(Remember 16 bit machines will only have the 1st 16 bits.)
(Remember you won't need most of this - it's mostly for interest's sake.)
Bit 00 : Carry flag
Bit 01 : Always 1
Bit 02 : Parity flag
Bit 03 : Always 0
Bit 04 : Auxilary Carry flag
Bit 05 : Always 0
Bit 06 : Zero flag
Bit 07 : Sign flag
Bit 08 : Trap flag
Bit 09 : Interupt flag
Bit 10 : Direction flag
Bit 11 : Overflow flag
Bit 12 : I/O Privelage level
Bit 13 : I/O Privelage level
Bit 14 : Nested Task flag
Bit 15 : Always 0
Bit 16 : Resume flag
Bit 17 : Virtual Mode flag
Bit 18 : Alignment Check flag
Bit 19 : Virtual Interupt flag
Bit 20 : Virtual Interrupt Pending flag
Bit 21 : Identification flag
Bit 21->31 : Unspecified, so 0
All we are interested in is Bit 21, the ID flag. But how do we get it? Let's consult our good ol' Intel.doc file we have lying in PCGPE.
PUSHF/PUSHFD - Push Flags onto Stack
Modifies flags: None
Transfers the Flags Register onto the stack. PUSHF saves a 16 bit
value while PUSHFD saves a 32 bit value.
Operands 808x 286 386 486 Bytes
none 10/14 3 4 4 1
none (PM) - - 4 3 1
Cool! There you go.
One thing interesting is that PUSHF & PUSHFD both have the same opcode, but it's supposed to figure out if its to parse 16 bit/32 bit depending on the destination operand. So here is how we would test for Bit 21:
NOTE! Some processors support the CPUID instruction, but you have to turn the feature on, so this code tries to turn Bit 21 on and if successful, then CPUID works.
pushfd ;push the flags onto the stack
pop eax ;pop them back out, into EAX
mov ebx, eax ;keep original
xor eax, 00200000h ;turn bit 21 on.
push eax ;put altered EAX on stack
popfd ;pop stack into flags
pushfd ;push flags back onto stack
pop eax ;put them back into EAX
cmp eax, ebx
jnz @CPUID_SUPPORTED ;COOL!!
Returned Data - Standard Level 0
There are many levels that CPUID works at. You need to set these levels by setting EAX to the level number you want info about. New levels are being added to the CPUID instruction all the time, so I'll just introduct the most common and useful ones. There are also two types of levels: standard levels and extended levels. Standard levels go from 0 --> 7FFFFFFFh and extended goes from 8000000h --> FFFFFFFFh.
Output: [EAX] - Maxiumum supported standard level
[EBX-EDX-ECX] - CPU vendor ID string
The maximum supported standard level is the maxiumum level you can take EAX up to in the CPUID instruction, supported by the current CPU. The CPU vendor string is really neat. Concatinate (join) EBX, EDX and ECX reading them as strings. This should return either:
GenuineIntel (Intel processor)
UMC UMC UMC (UMC processor)
AuthenticAMD (AMD processor)
CyrixInstead (Cyrix processor)
NexGenDriven (NexGen processor)
CentaurHauls (Centaur/IDT processor)
RiseRiseRise (Rise Technology processor)
So that's how you find out what make the chipset is. Apparently in some of the earlier implimentations of CPUID, you were able to change the value of the vendor ID string. This resulted in companies changing a lot of "CyrixInstead" to "GenuineIntel".
Returned Data - Standard Level 1
Now it's time to get more details on the CPU. On level 1 we can find out if the CPU is a primary/secondard processor, what family it is, its model, and its stepping values. We can also find out what CPU features it supports, such as MMX, 3DNow! and a ton more.
Output: [EAX] - Processor type/family/model/stepping
[EDX] - CPU "Feature flags"
For EAX, only the 1st 16 bits are used, so it's really AX that you need to use. It's structured like this:
T - Processor type (2bits)
F - Processor family (4bits)
M - Processor model (4bits)
S - Processor stepping (4bits)
11b = reserved
10b = secondary processor (for MultiProcessing)
01b = Overdrive processor
00b = primary processor
4 = most 80486s, AMD 5x86, Cyrix 5x86
5 = Intel P5, P54C, P55C, P24T
NexGen Nx586, Cyrix M1
AMD K5, K6, Centaur/IDT C6, C2
6 = Intel P6, P2, P3, Cyrix M2
This family data may seem messy (and it is), but things are made easier when you combine this information with the VENDOR ID returned from level 0. And again this cummulative data must be combined to use the value returned in the "processor model" properly.
Intel 80486 0 i80486DX-25/33
UMC 80486 1 U5D
AMD 80486 3 80486DX2
Cyrix 5x86 9 5x86
Cyrix MediaGX 4 GX, GXm
Intel P5-core 0 P5 A-step
3 P24T Overdrive
8 P55C (0.25Ám)
NexGen Nx586 0 Nx586 or Nx586FPU (only later ones)
Cyrix M1 2 6x86
Cyrix M2 0 6x86MX
AMD K5 0 SSA5 (PR75, PR90, PR100)
1 5k86 (PR120, PR133)
2 5k86 (PR166)
3 5k86 (PR200)
AMD K6 6 K6 (0.30 Ám)
7 K6 (0.25 Ám)
Centaur/IDT 4 C6
Rise 0 mP6
Intel P6-core 0 P6 A-step
3 P2 (0.28 Ám)
5 P2 (0.25Ám)
6 P2 with on-die L2 cache
This list is NOT complete, for a better one, check INTEL/AMD/CYRIX.
EDX contains 32bits, each one a flag indicating what features the chip supported. For my program I just used it to see if MMX was supported, then I just counted up the features and displayed how many features the chip had.
EDX bit 00 - FPU on-chip
bit 01 - Virtual mode extension (V86 Mode Extensions)
bit 02 - Debugging extension
bit 03 - Page size extension (4 MB pages)
bit 04 - Time stamp counter & RDTSC instruction
bit 05 - RDMSR / WRMSR instructions
bit 06 - Physical address extension (36-bit address, 2MB pages)
bit 07 - Machine check exception
bit 08 - CMPXCHG8B instruction
bit 09 - On-chip APIC hardware (multiprocesssor operation support)
bit 10 - undefined
bit 11 - SYSENTER / SYSEXIT instructions
bit 12 - Memory type range registers
bit 13 - Page global enable
bit 14 - Machine check architecture
bit 15 - Conditional move instruction (CMOV)
bit 16 - Page attribute table
bit 17 - 36 bit Page Size Extenions
bit 18 - undefined
bit 19 - undefined
bit 20 - undefined
bit 21 - undefined
bit 22 - undefined
bit 23 - MMX instructions
bit 24 - Fast FPU save & restore (FXSAVE and FXRSTOR)
bit 25 - SSE, MXCSR, CR4.OSXMMEXCPT, #XF
bit 26 - undefined
bit 27 - undefined
bit 28 - undefined
bit 29 - undefined
bit 30 - undefined
bit 31 - undefined
I'm not sure what most of the above means, although I'd love to know. Anybody know?
Returned Data - Standard Level 2 and 3
I'm not gonna talk much about levels 2 and 3 because my processor doesn't support them so I haven't tested them.
Basically level 2 allows you to get details on the processor CACHE (L1 & L2). Level 3 allows you to get the processor's SERIAL number (if it has one). I wanna find out how to disable serial number on the PIIIs.
Visit http://www.sandpile.org for more info on these levels.
Returned Data - Extended Level 0
AMD introduced extended level for the CPUID instruction. The extended level is not supported by all processors, but is definately supported by:
AMD K6, K6-2
Cyrix (starting with GXm - a successor of MediaGX, but not on MII)
I'm not sure why this extended level was made, but level 0 starts with EAX being 80000000h, and so level 1 would be 80000001h.
Not all CPUs support this extended level, so you need to test if it's supported. It's easy though. Just let EAX=80000000h, call CPUID and test the retured EAX value. If EAX >= 80000000h then the extended level is supported.
This is works because, just like standard level 0, EAX = the maximum supported level. EBX, ECX & EDX return (just like standard level 0) the Vendor ID of the processor. There is a lot of fields which are duplicated in the extended levels from the standard levels. I think it is because the details for things such as VendorID, cpu model, family, type etc. had been fulled in the standard level so newer device details are stored in the extended level. But I'm not sure about this.
Output: [EAX] - Maximum extended level supported
[EBX-EDX-ECX] - VendorID
Returned Data - Extended Level 1
Here again, it's VERY similar to the standard level 1. Although again it's still different. For instance to detect for 3DNow!, you can only use extended level 1.
Output: [EAX] - Processor family/model/stepping
[EDX] - CPU "Feature flags"
F - Processor family(4bits)
M - Processor model(4bits)
S - Processor stepping(4bits)
5 = AMD K5, Centaur/IDT C2
6 = AMD K6
AMD K5 1 = 5k86 (PR120 or PR133)
2 = 5k86 (PR166)
3 = 5k86 (PR200)
AMD K6 6 = K6 (0.30 Ám)
7 = K6 (0.25 Ám)
8 = K6-2
9 = K6-III
Centaur/IDT 8 = C2
Most of the details in the extended features flag is the same, here are some main differences:
EDX bit 15 - Integer conditional move instruction(CMOV)
bit 16 - FPU conditional move instruction(FCMOV)
bit 24 - Cyrix Extended MMX
bit 31 - 3DNow!
Returned Data - Extended Level 2 and 3 and 4
Cool, here is something very different from the standard level. These three levels are used in conjunction with eachother to return an ASCII string name of the processor. This sort of kills all those standard levels before which were a pain in the butt to use to find the processor type, family, model etc. But not all processors support this instruction.
Output: [EAX] - Processors name string 01
[EBX] - Processors name string 02
[ECX] - Processors name string 03
[EDX] - Processors name string 04
Output: [EAX] - Processors name string 05
[EBX] - Processors name string 06
[ECX] - Processors name string 07
[EDX] - Processors name string 08
Output: [EAX] - Processors name string 09
[EBX] - Processors name string 10
[ECX] - Processors name string 11
[EDX] - Processors name string 12
Just concatinate all the values to form a 48 character string. If the string doesn't use all 48 characters, it just fills the rest of the space with NULL (zero) values. Some examples of strings are:
"AMD-K6tm w/ multimedia extensions", "AMD K6-2 AMD-K6(tm) 3D processor",
"AMD-K6(tm)-III Processor", "IDT WinChip 2-3D".
Returned Data - Extended Level 5
This level is cool, it returns data about your level 1 cache. Unfortunately Cyrix doesn't adhere to its return value format, so you have to write a special function for the Cyrix ext level 5. Or just leave this level out if a cyrix is detected. Here is how everybody else (except Cyrix) handle things:
Output: [EBX] - TLB data
[ECX] - L1 DATA Cache data
[EDX] - L1 CODE Cache data
EBX bits 31..24 DATA TLB associativity (FFh=full)
23..16 DATA TLB entries
15..08 CODE TLB associativity (FFh=full)
07..00 CODE TLB entries
ECX bits 31..24 DATA L1 cache size in KBs
23..16 DATA L1 cache associativity (FFh=full)
15..08 DATA L1 cache lines per tag
07..00 DATA L1 cache line size in bytes
EDX bits 31..24 CODE L1 cache size in KBs
23..16 CODE L1 cache associativity (FFh=full)
15..08 CODE L1 cache lines per tag
07..00 CODE L1 cache line size in bytes
Quite handy don't you think?
Returned Data - Extended Level 6
This level is very cool, returns data about your level2 cache!
Output: [ECX] - L2 Cache data
ECX bits 31..16 L2 cache size in KBs
15..12 L2 cache associativity (Fh=full)
11..08 L2 cache lines per tag
07..00 L2 cache line size in bytes
Some quick very simple code, just to get you going:
long max_std_lvl; //maximum standard level supported
char vendorID; //13th for NULL char
char mmx; //MMX supported?
char _3dnow; //3DNow! supported?
long max_ext_lvl; //maximum exteneded level supported
mov [edi+0],eax ;max standard level supported
mov [edi+12],byte 0 ;vendor ID string+padding
;Check for MMX
mov [edi+0],bl ;MMX support?
;Check for 3DNow!
mov [edi+0],byte 0
mov eax, 0x80000001 ;extended level 1
test edx, 0x80000000
mov [edi+0],byte 1 ; 3DNow! technology supported
;Check maximum extended levels
mov eax, 0x80000000
The CPUID instruction is growing all the time, so the ammount of information you can extract from it is increasing! You can get seriously low-down-'n-dirty details about the CPU. For more information check out: http://www.sandpile.org
Does anybody know where to find details on the PIII SSE/KNI/MMX2 instructions?
-Rawhed/Sensory Overload -Mailto:firstname.lastname@example.org -Http://www.overload.co.za -Andrew Griffiths -South Africa -05-07-1999