diff --git a/emulation.c b/emulation.c
index dce40a7..40266e2 100644
--- a/emulation.c
+++ b/emulation.c
@@ -446,7 +446,8 @@ Address CreateHlt() {
 
       // Fill guest_registers
       "mov guest_registers, %%esp\n"
-      "add $32, %%esp\n"
+      "add $36, %%esp\n"
+      "pushf\n"
       "pusha\n"
 
       // Move to host fs
@@ -456,6 +457,7 @@ Address CreateHlt() {
       // Move to host space
       "mov host_esp, %%esp\n"
       "popa\n"
+      "popf\n"
 
       "call return_to_host\n"
       "continue:\n":);
diff --git a/uc_native.c b/uc_native.c
index 7d538d6..688b7db 100644
--- a/uc_native.c
+++ b/uc_native.c
@@ -364,6 +364,7 @@ uc_err uc_emu_start(uc_engine *uc, uint64_t begin, uint64_t until, uint64_t time
                  //"movl fs, 32([registers])"
 
                  // Make host backup
+                 "pushf\n"
                  "pusha\n"
                  "mov %%esp, host_esp\n"
 
@@ -374,6 +375,7 @@ uc_err uc_emu_start(uc_engine *uc, uint64_t begin, uint64_t until, uint64_t time
                  // Load all registers
                  "mov guest_registers, %%esp\n"
                  "popa\n"
+                 "popf\n"
                  "mov guest_registers_esp, %%esp\n"
                  //FIXME: Fixup ESP too
 
diff --git a/uc_native.h b/uc_native.h
index e91fe55..b35e76f 100644
--- a/uc_native.h
+++ b/uc_native.h
@@ -19,12 +19,15 @@ typedef struct {
   uint32_t ecx; // +24
   uint32_t eax; // +28
 
+  // Hack because we always do pusha and pushf in sequence
+  uint32_t eflags; // +32
+
   // Extensions, can be re-ordered / added / removed, but assembly needs update
-  uint16_t fs;  // +32
-  uint16_t pad; // +34
-  uint32_t eip; // +36
+  uint16_t fs;  // +36
+  uint16_t pad; // +40
+  uint32_t eip; // +44
 
-  uint32_t fs_base; //+40
+  uint32_t fs_base; //+48
 
 } Registers;