Working on some debugger like automation code for EmsiSoft, I recently discovered a funny property when single stepping
CMPS instructions using the TF bit set in
EFLAGS. As expected, for each single byte / word / doubleword, a debug event occurs. However, the
EFLAGS register's status bits (e.g. ZF) are not correct for each single iteration but the last.
I tested this in Windows XP in a VmWare, didn't have the time to reproduce on a physical machine yet. Let me know if you run over this quirk, too.