x86 jnz after xor?
Asked Answered
M

5

8

After using IDA Pro to disassemble a x86 dll, I found this code (Comments added by me in pusedo-c code. I hope they're correct):

test    ebx, ebx        ; if (ebx == false)
jz      short loc_6385A34B ; Jump to 0x6385a34b
mov     eax, [ebx+84h]  ; eax = *(ebx+0x84)
mov     ecx, [esi+84h]  ; ecx = *(esi+0x84)
mov     al, [eax+30h]   ; al = *(*(ebx+0x84)+0x30)
xor     al, [ecx+30h]   ; al = al XOR *(*(esi+0x84)+0x30)
jnz     loc_6385A453

Lets make it simpler for me to understand:

mov     eax, b3h
xor     eax, d6h
jnz     ...

How does the conditional jump instruction work after a xor instruction?

Maddy answered 6/6, 2010 at 11:39 Comment(0)
J
14

Like most instructions, xor sets the processor condition flags depending on the result of the previous operation. In this case, the Z flag will be set if the result of the xor is zero. The jnz instruction tests the Z flag and branches if it is not set.

Jowett answered 6/6, 2010 at 11:44 Comment(2)
So it applies to other logical instructions too?Biopsy
@kotarou3: Yes, the flags are set as a result of pretty much all arithmetic and logical operations.Jowett
B
4

I barely know assembly at all but xor in this context does pretty much the same as cmp I’d say, in addition to setting eax to the result of the xor operation.

In other words, after the xor, eax will be 0 exactly if its previous value was d6h (otherwise, it will be some value != 0). And additionally, the zero flag will be set (as with cmp) so you can jnz to test that flag.

Buckjump answered 6/6, 2010 at 11:43 Comment(0)
E
3

It will jump if the value in eax doesn't end up as zero.

Your second example doesn't do the code justice since the code you have is using constant values, not values loaded from memory.

In the first example, it loads all those values from memory and performs the xor on that. The memory contents may, unlike your second example, change on each execution depending on what's in [ebx+84h] and [esi+84h].

See xor and jnz for details.

Elegy answered 6/6, 2010 at 11:43 Comment(1)
Thanks for the links, I found that website somewhere but lost it againBiopsy
B
0

Arithmetic operations like xor set comparison flags (just like a compare instruction).

Burger answered 6/6, 2010 at 11:44 Comment(0)
S
0

Well, JNZ is a conditional jump, specifically, jump if not zero.

the XOR (and many other arithmetic/logic operations) will set the zero flag of the status register if the result of the operation is zero. So in your case, it's saying "do XOR, and if the result is not zero (i.e. if the two numbers are different) jump to this location.

Sankaran answered 6/6, 2010 at 11:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.