View Full Version : TEST EBP,EBP ;i don't understand this
tintino
June 12th, 2005, 14:22
Im new to asm.
I dont get this:
TEST EBP,EBP ;compare ebp with ebp ??
JLE 004820AC ; jump if less than or equal.... to what ??? to itself ??
joe
June 12th, 2005, 15:51
It's same as TEST EBP,0. But it's used because it take less time & less memory too.
TEST EBP,0 take 6 bytes & TEST EBP,EBP only 2
You can use TEST EBP,0 this is question of optimalisation of code.
For information this is some flag settings (taken from 'Intel 80386 Programmer's Reference Manual HTML translation -- 0.9 version') (386htm09)
Status Flags' Functions
Bit Name Function
0 CF Carry Flag -- Set on high-order bit carry or borrow; cleared otherwise.
2 PF Parity Flag -- Set if low-order eight bits of result contain an even number of 1 bits; cleared otherwise.
4 AF Adjust flag -- Set on carry from or borrow to the low order four bits of AL; cleared otherwise. Used for decimal arithmetic.
6 ZF Zero Flag -- Set if result is zero; cleared otherwise.
7 SF Sign Flag -- Set equal to high-order bit of result (0 is positive, 1 if negative).
11 OF Overflow Flag -- Set if result is too large a positive number or too small a negative number (excluding sign-bit) to fit in destination operand; cleared otherwise.
Key to Codes
T = instruction tests flag
M = instruction modifies flag (either sets or resets depending on operands)
0 = instruction resets flag
-- = instruction's effect on flag is undefined
blank = instruction does not affect flag
Instruction OF SF ZF AF PF CF
AAA -- -- -- TM -- M
AAS -- -- -- TM -- M
AAD -- M M -- M --
AAM -- M M -- M --
DAA -- M M TM M TM
DAS -- M M TM M TM
ADC M M M M M TM
ADD M M M M M M
SBB M M M M M TM
SUB M M M M M M
CMP M M M M M M
CMPS M M M M M M
SCAS M M M M M M
NEG M M M M M M
DEC M M M M M
INC M M M M M
IMUL M -- -- -- -- M
MUL M -- -- -- -- M
RCL/RCR 1 M TM
RCL/RCR count -- TM
ROL/ROR 1 M M
ROL/ROR count -- M
SAL/SAR/SHL/SHR 1 M M M -- M M
SAL/SAR/SHL/SHR count -- M M -- M M
SHLD/SHRD -- M M -- M M
BSF/BSR -- -- M -- -- --
BT/BTS/BTR/BTC -- -- -- -- -- M
AND 0 M M -- M 0
OR 0 M M -- M 0
TEST 0 M M -- M 0
XOR 0 M M -- M 0
tintino
June 16th, 2005, 03:49
so TEST EBP,EBP is testing if EBP is 0
but why JLE - why not JZ thats what throws me off - dont laugh its probably newbie question i know... i just know that to jump if 0, you use JZ
joe
June 16th, 2005, 10:54
My answer wasn't correct. Testing of zero is common usage of TEST EBP,EBP. JLE mean jump if EBP is 0 or negative (highest bite of EBP is 1).
TEST EBP,EBP can tests 3 eventuality:
1. EBP is 0
2. EBP is negative
3. parity of lowest byte (if is even or odd number of 1 in lowest byte)
Try open any program in Olly. Assemble at Entry Point TEST EBP,EBP some times & step it with some changes of EBP (in Registers window).
Look for changes in flag registers.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.