Assembly-Conditional jump and repeat instruction

Conditional jump

Shorthand method:

• J (JMP)
• Z (zero)
• N (not)
• E (equal)
• G (Greater)
• L (less)
• A (above, unsigned)

• B (below, unsigned)

  汇编指令x86下  指令+目的操作数+原操作数 比较是用目的操作数去和原操作数比较jz loc   当cmp的两个值相等的时候跳转，否则继续执行下一条jnz loc  当cmp的两个值不相等的时候跳转，否则继续执行下一条je loc   当cmp的两个值相等的时候跳转，否则继续执行下一条jne loc  当cmp的两个值不相等的时候跳转，否则继续执行下一条jg loc  (cmp eax,ebx)当eax大于ebx时执行跳转，否则继续执行下一条jge loc (cmp eax,ebx)当eax大于或等于(不小于)ebx时执行跳转，否则继续执行下一条ja loc  ja=jg 不过是无符号数比较jae loc jae = jge 不过是无符号数比较jl loc  (cmp eax,ebx)当eax小于ebx时执行跳转，否则继续执行下一条jle loc (cmp eax,ebx)当目的操作数小于或等于原操作数时，跳转，否则执行下一条jb loc 和 jl 一样，不过是无符号的比较jbe loc 和jle一样，不过是无符号数的比较后面两个不怎么常用，但是记录一下吧：jo loc 如果上一条指令执行后(of=1)，则跳转(溢出跳转)js loc 如果符号位被置位(sf=1),则跳转jecxz loc (jmp if ecx = 0)

Repeat Instructions

The repeating instruction here is an operation on a string array. The minimum atomic step for a string array operation is generally:
movsx,cmpsx,stosx,scasx, x can be b(byte),w(word),d(dword) , and this part will be said later.
When you use these operations, you act as the esi(source addr) source address and serve as the edi(destination addr) destination address.

Because strings are compared and moved, you need to limit the length, so you need a length parameter, which is generally used ecx to count.
Repeated instructions are used rep to indicate that the termination condition is:

• Rep repeats the following command when ECX is not 0
• REPE,REPZ when ECX is not 0, and zf=1 repeat the following instructions
• Repne, REPNZ when ECX is not 0, and zf=0 repeats the following instructions.

Rep/repe/repne

The string instructions may is prefixed by REP/REPE/REPNE which would repeat the
Instructions according to the following conditions:

             rep       decrement cx ; repeat if cx is not zero             repe      decrement cx ; repeat if cx not zero AND zf = 1             repz      decrement cx ; repeat if cx not zero AND zf = 1             repne     decrement cx ; repeat if cx not zero AND zf = 0             repnz     decrement cx ; repeat if cx not zero AND zf = 0

Here, the ' E ' stands for equal, ' Z ' is zero and ' n ' are not. These repeat instructions
Should never is used with a segment override, since the 8086 would forget the
Override if a hardware interrupt occurs in the middle of the REP loop.

Under x86, a repeat prefix is used to do a multi-byte operation, rep which increases both esi 和edi offsets and decreases the value at the same time, and the ecx rep prefix repeats until the terminating condition arrives. Therefore, it needs to be initialized before use esi，edi，ecx .

• MOVSB takes esi a byte from the point to the address and stores edi it in (the DF direction flag is required to determine the direction of movement, esi+1,edi+1 or esi-1,edi-1)
• The CMPSB is used for the comparison of ESI and EDI strings (single-byte comparison), updating the ZF flag bit. ( memcmp )
• scasbUsed to search for a value from a string, which al is indicated by the value, so it needs to be initialized al . Note that, instead of using esi and edi comparing, the found location will be stored esi in.
• The STOSB is used to store values to edi the address pointed to. ( memset )

Common combinations of Rep directives

• Repe CMPSB compares esi and edi points to a string that stops when the string is different or ecx=0
• Rep STOSB (Repeat store string by byte) is used to initialize all the bytes in the buffer with a given value. edicontains the buffer address, al it contains the initial value.
• Rep MOVSB esi Copies the pointed string to a edi length of ecx . (Single-byte replication, rep plus offset 1,ecx = repeat)
• Repne SCASB edi searches for single-byte ( al ) from, and places the result in the esi ecx buffer length.

Compare MOVSB and STOSB

The MOVSB needs to specify two strings esi and edi .

The STOSB only needs to be specified edi and is to be copied by a single byte, al given by.

Resources:

Malicious Code Analysis Combat p74-76

Instruction set Query

Assembly-Conditional jump and repeat instruction