1. JMP instruction: Modify the next instruction currently running in EIP
JMP Register/Number Immediate
Target similar: mov EIP, register/immediate count
CALL instruction: Call function CALL address A/register
Equivalent:
PUSH addressB ;savecall的下一条指令address,Press the stack,As return value,
MOV EIP,addressA/register ; 将函数首address作为EIP
RET instruction:
Equivalent: LEA ESP,[ESP+4] ; esp = esp + 4
MOV EIP,[ESP-4] ;and CALLon the contrary,WillCALL The next instruction address of the instruction is assigned toEIP;
2. Comparison instructions
CMP R/M,R/M/IMM
This instruction compares two operands. In fact, it is equivalent to a SUB instruction, but the result of subtraction is not saved in the first operand. The zero flag is just changed according to the result of subtraction. When the two operands are equal, the zero flag is set to 1.
TEST instruction: Instruction format: TEST R/M, R/M/IMM
This instruction is similar to the CMP instruction in a certain program (similar to and). Two values are operated together, but the result is not saved, but the corresponding flag bit will be changed.
Common usage: Use this instruction to determine whether a register is equal to 0. (Observe ZF)
3. JCC instruction 16 types of jumps
After comparing instructions, there are usually branches to make judgments.
Judge the next branch based on the flag bit.
| JE, JZ | If the result is zero, jump (jump if equal) | ZF=1 |
| JNE, JNZ | If the result is not zero, it will jump (jump if it is not equal) | ZF=0 |
| JS | If the result is negative, jump | SF=1 |
| JNS | If the result is non-negative, it will jump | SF=0 |
| JP, JPE | The number of 1 in the result is even, and it will jump | PF=1 |
| JNP, JPO | The number of 1 in the result is even, and it will jump | PF=0 |
| JO | Jump if it overflows | OF=1 |
| JNO | If there is no overflow, it will jump | OF=0 |
| JB, JNAE | Less than jump (unsigned number) | CF=1 |
| JNB, JAE | Jump if greater than or equal to (unsigned number) | CF=0 |
| JBE, JNA | Less than or equal to (unsigned number) | CF=1 or ZF=1 |
| JNBE, JA | If greater than, jump (unsigned number) | CF=0 and ZF=0 |
| JL, JNGE | Less than jump (signed number) | SF≠ OF |
| JNL, JGE | Jump if greater than or equal to (signed number) | SF=OF |
| JLE, JNG | Less than or equal to (signed number) | ZF=1 or SF≠ OF |
| JNLE, JG | If greater than, jump (signed number) | ZF=0 and SF=OF |
4. Thinking
1. What changes are happening to the stack when CALL is executed? Have EIP changed?
When the Call is executed, the first address of the cal function is saved to the EIP, and the first address of the Call function is pressed on the stack;
2. What changes are happening to the stack during RET execution? Have EIP changed?
In contrast to the Call process, take the next instruction address of the previous Call from the stack as EIP.
3. Use assembly instructions to modify the value of a certain bit in the flag register to achieve sixteen types of jumps in JCC.
Modifying the flag registers in the OD is not allowed by double-clicking.
The flag bit should be affected through the execution of assembly instructions, and priority should be given to the implementation of CMP and TEST.
See the table above;
The above is all the content of this article. I hope it will be helpful to everyone's study and I hope everyone will support me more.