Mixing
Purpose of test eax,eax after a strcmp
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
This is my first program i am trying to reverse and my intro to this field.
The C program will test if two strings match, and it will printf() a message for each occasion.
This is what the reversed code snippet looks like:
call strcmp //compares the strings
test eax,eax
jne 1706
I know that jne will jump, if ZF=0.
What i do not understand is what's up with this line:
test eax,eax
What caused this line?
How does it relate with strcmp?
I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?
disassembly assembly c
asked Sep 3 at 10:30
user1584421
1265
add a comment |Â
up vote
4
down vote
favorite
This is my first program i am trying to reverse and my intro to this field.
The C program will test if two strings match, and it will printf() a message for each occasion.
This is what the reversed code snippet looks like:
call strcmp //compares the strings
test eax,eax
jne 1706
I know that jne will jump, if ZF=0.
What i do not understand is what's up with this line:
test eax,eax
What caused this line?
How does it relate with strcmp?
I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?
disassembly assembly c
asked Sep 3 at 10:30
user1584421
1265
EAXis the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design,strcpycan return either -1,0 or 1 in EAX with 0 indicating both strings match.TEST EAX,EAXtests whetherEAXis zero or not and sets or unsets theZFbit.
– fpmurphy1
Sep 3 at 15:41
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
This is my first program i am trying to reverse and my intro to this field.
The C program will test if two strings match, and it will printf() a message for each occasion.
This is what the reversed code snippet looks like:
call strcmp //compares the strings
test eax,eax
jne 1706
I know that jne will jump, if ZF=0.
What i do not understand is what's up with this line:
test eax,eax
What caused this line?
How does it relate with strcmp?
I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?
disassembly assembly c
asked Sep 3 at 10:30
user1584421
1265
This is my first program i am trying to reverse and my intro to this field.
The C program will test if two strings match, and it will printf() a message for each occasion.
This is what the reversed code snippet looks like:
call strcmp //compares the strings
test eax,eax
jne 1706
I know that jne will jump, if ZF=0.
What i do not understand is what's up with this line:
test eax,eax
What caused this line?
How does it relate with strcmp?
I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?
disassembly assembly c
asked Sep 3 at 10:30
user1584421
1265
edited Sep 3 at 10:40
asked Sep 3 at 10:30
user1584421
1265
asked Sep 3 at 10:30
user1584421
1265
asked Sep 3 at 10:30
user1584421
1265
1265
EAXis the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design,strcpycan return either -1,0 or 1 in EAX with 0 indicating both strings match.TEST EAX,EAXtests whetherEAXis zero or not and sets or unsets theZFbit.
– fpmurphy1
Sep 3 at 15:41
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13
add a comment |Â
EAXis the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design,strcpycan return either -1,0 or 1 in EAX with 0 indicating both strings match.TEST EAX,EAXtests whetherEAXis zero or not and sets or unsets theZFbit.
– fpmurphy1
Sep 3 at 15:41
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13
EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.– fpmurphy1
Sep 3 at 15:41
EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.– fpmurphy1
Sep 3 at 15:41
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
9
down vote
accepted
Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.
The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.
The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.testis like bitwise and except it only sets the flags. Anding a value with itself gives the same value, sotest eax, eaxsets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
– hobbs
Sep 3 at 16:42
add a comment |Â
up vote
6
down vote
You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).
I recommend reading some easy book on x86 assembly, it will help you a lot.
answered Sep 3 at 15:36
Edheldil
1912
add a comment |Â
up vote
5
down vote
prototype of strcmp()
int strcmp(
const char *string1,
const char *string2
);
the function returns an int whose interpretation is as follows
so i think that answers your question of when it jumps and when not
it jumps if eax is either > or < 0
it does not jump if eax == 0
Return Value
The return value for each of these functions indicates
the lexicographic relation of string1 to string2.
< 0 string1 less than string2
0 string1 identical to string2
> 0 string1 greater than string2
test eax,eax does a binary and of both inputs
and for it to jump eax needs to be 0
if eax is 0 test eax,eax will set the ZF to 1
else it will set the ZF to 0
normally test eax will be used if the program in higher languages test
the result like this
if(!strcmp( a, b ) ) do something
see a sample program and disassembly below
>>> eax = -1
>>> print eax & eax
-1
>>> eax = 0
>>> print eax & eax
0
>>> eax = 1
>>> print eax & eax
1
>>>
sample program
#include <stdio.h>
#include <string.h>
int main (void)
char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
int fis = strcmp(first,secon);
int sec = strcmp(first,third);
int tid = strcmp(first,forth);
printf("%8x %8x %8xn",fis,sec,tid);
if(!strcmp(first,secon))
printf("trings are same n");
if( strcmp(first,third) == 1 )
printf("second string has a chareceter that is greater than first stringn");
if( strcmp(first,forth) == -1 )
printf("second string has a chareceter that is lesser than first stringn");
disassembly of main 
answered Sep 3 at 13:00
blabb
8,7381623
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
add a comment |Â
up vote
2
down vote
Basically, the original C code associated with this assembly code would be:
if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
goto error; // str1 != str2 --> jne 1706
// str1 == str2
// Do legitimate code
error:
// Do what you need to handle the error
If you want a way to remember what does test eax, eax it can be translated like this in C:
bool test = (eax == 0)
Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).
answered Sep 3 at 13:31
perror
10.5k1763128
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
9
down vote
accepted
Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.
The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.
The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.testis like bitwise and except it only sets the flags. Anding a value with itself gives the same value, sotest eax, eaxsets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
– hobbs
Sep 3 at 16:42
add a comment |Â
up vote
9
down vote
accepted
Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.
The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.
The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.testis like bitwise and except it only sets the flags. Anding a value with itself gives the same value, sotest eax, eaxsets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
– hobbs
Sep 3 at 16:42
add a comment |Â
up vote
9
down vote
accepted
up vote
9
down vote
accepted
Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.
The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.
The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.
The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.
The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
edited Sep 3 at 12:42
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
answered Sep 3 at 10:45
0xC0000022L♦
7,47742860
7,47742860
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.testis like bitwise and except it only sets the flags. Anding a value with itself gives the same value, sotest eax, eaxsets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
– hobbs
Sep 3 at 16:42
add a comment |Â
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.testis like bitwise and except it only sets the flags. Anding a value with itself gives the same value, sotest eax, eaxsets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
– hobbs
Sep 3 at 16:42
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
– user1584421
Sep 3 at 10:48
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
strcmp compares the strings and sets eax to zero if the strings are equal
– josh
Sep 3 at 10:49
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
– user1584421
Sep 3 at 10:55
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
– user1584421
Sep 3 at 11:20
1
1
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.
test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.– hobbs
Sep 3 at 16:42
@user1584421 think for a second and put together what you already know. eax contains the return value of strcmp.
test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.– hobbs
Sep 3 at 16:42
add a comment |Â
up vote
6
down vote
You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).
I recommend reading some easy book on x86 assembly, it will help you a lot.
answered Sep 3 at 15:36
Edheldil
1912
add a comment |Â
up vote
6
down vote
You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).
I recommend reading some easy book on x86 assembly, it will help you a lot.
answered Sep 3 at 15:36
Edheldil
1912
add a comment |Â
up vote
6
down vote
up vote
6
down vote
You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).
I recommend reading some easy book on x86 assembly, it will help you a lot.
answered Sep 3 at 15:36
Edheldil
1912
You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).
I recommend reading some easy book on x86 assembly, it will help you a lot.
answered Sep 3 at 15:36
Edheldil
1912
answered Sep 3 at 15:36
Edheldil
1912
answered Sep 3 at 15:36
Edheldil
1912
answered Sep 3 at 15:36
Edheldil
1912
1912
add a comment |Â
add a comment |Â
up vote
5
down vote
prototype of strcmp()
int strcmp(
const char *string1,
const char *string2
);
the function returns an int whose interpretation is as follows
so i think that answers your question of when it jumps and when not
it jumps if eax is either > or < 0
it does not jump if eax == 0
Return Value
The return value for each of these functions indicates
the lexicographic relation of string1 to string2.
< 0 string1 less than string2
0 string1 identical to string2
> 0 string1 greater than string2
test eax,eax does a binary and of both inputs
and for it to jump eax needs to be 0
if eax is 0 test eax,eax will set the ZF to 1
else it will set the ZF to 0
normally test eax will be used if the program in higher languages test
the result like this
if(!strcmp( a, b ) ) do something
see a sample program and disassembly below
>>> eax = -1
>>> print eax & eax
-1
>>> eax = 0
>>> print eax & eax
0
>>> eax = 1
>>> print eax & eax
1
>>>
sample program
#include <stdio.h>
#include <string.h>
int main (void)
char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
int fis = strcmp(first,secon);
int sec = strcmp(first,third);
int tid = strcmp(first,forth);
printf("%8x %8x %8xn",fis,sec,tid);
if(!strcmp(first,secon))
printf("trings are same n");
if( strcmp(first,third) == 1 )
printf("second string has a chareceter that is greater than first stringn");
if( strcmp(first,forth) == -1 )
printf("second string has a chareceter that is lesser than first stringn");
disassembly of main
answered Sep 3 at 13:00
blabb
8,7381623
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
add a comment |Â
up vote
5
down vote
prototype of strcmp()
int strcmp(
const char *string1,
const char *string2
);
the function returns an int whose interpretation is as follows
so i think that answers your question of when it jumps and when not
it jumps if eax is either > or < 0
it does not jump if eax == 0
Return Value
The return value for each of these functions indicates
the lexicographic relation of string1 to string2.
< 0 string1 less than string2
0 string1 identical to string2
> 0 string1 greater than string2
test eax,eax does a binary and of both inputs
and for it to jump eax needs to be 0
if eax is 0 test eax,eax will set the ZF to 1
else it will set the ZF to 0
normally test eax will be used if the program in higher languages test
the result like this
if(!strcmp( a, b ) ) do something
see a sample program and disassembly below
>>> eax = -1
>>> print eax & eax
-1
>>> eax = 0
>>> print eax & eax
0
>>> eax = 1
>>> print eax & eax
1
>>>
sample program
#include <stdio.h>
#include <string.h>
int main (void)
char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
int fis = strcmp(first,secon);
int sec = strcmp(first,third);
int tid = strcmp(first,forth);
printf("%8x %8x %8xn",fis,sec,tid);
if(!strcmp(first,secon))
printf("trings are same n");
if( strcmp(first,third) == 1 )
printf("second string has a chareceter that is greater than first stringn");
if( strcmp(first,forth) == -1 )
printf("second string has a chareceter that is lesser than first stringn");
disassembly of main
answered Sep 3 at 13:00
blabb
8,7381623
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
add a comment |Â
up vote
5
down vote
up vote
5
down vote
prototype of strcmp()
int strcmp(
const char *string1,
const char *string2
);
the function returns an int whose interpretation is as follows
so i think that answers your question of when it jumps and when not
it jumps if eax is either > or < 0
it does not jump if eax == 0
Return Value
The return value for each of these functions indicates
the lexicographic relation of string1 to string2.
< 0 string1 less than string2
0 string1 identical to string2
> 0 string1 greater than string2
test eax,eax does a binary and of both inputs
and for it to jump eax needs to be 0
if eax is 0 test eax,eax will set the ZF to 1
else it will set the ZF to 0
normally test eax will be used if the program in higher languages test
the result like this
if(!strcmp( a, b ) ) do something
see a sample program and disassembly below
>>> eax = -1
>>> print eax & eax
-1
>>> eax = 0
>>> print eax & eax
0
>>> eax = 1
>>> print eax & eax
1
>>>
sample program
#include <stdio.h>
#include <string.h>
int main (void)
char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
int fis = strcmp(first,secon);
int sec = strcmp(first,third);
int tid = strcmp(first,forth);
printf("%8x %8x %8xn",fis,sec,tid);
if(!strcmp(first,secon))
printf("trings are same n");
if( strcmp(first,third) == 1 )
printf("second string has a chareceter that is greater than first stringn");
if( strcmp(first,forth) == -1 )
printf("second string has a chareceter that is lesser than first stringn");
disassembly of main
answered Sep 3 at 13:00
blabb
8,7381623
prototype of strcmp()
int strcmp(
const char *string1,
const char *string2
);
the function returns an int whose interpretation is as follows
so i think that answers your question of when it jumps and when not
it jumps if eax is either > or < 0
it does not jump if eax == 0
Return Value
The return value for each of these functions indicates
the lexicographic relation of string1 to string2.
< 0 string1 less than string2
0 string1 identical to string2
> 0 string1 greater than string2
test eax,eax does a binary and of both inputs
and for it to jump eax needs to be 0
if eax is 0 test eax,eax will set the ZF to 1
else it will set the ZF to 0
normally test eax will be used if the program in higher languages test
the result like this
if(!strcmp( a, b ) ) do something
see a sample program and disassembly below
>>> eax = -1
>>> print eax & eax
-1
>>> eax = 0
>>> print eax & eax
0
>>> eax = 1
>>> print eax & eax
1
>>>
sample program
#include <stdio.h>
#include <string.h>
int main (void)
char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
int fis = strcmp(first,secon);
int sec = strcmp(first,third);
int tid = strcmp(first,forth);
printf("%8x %8x %8xn",fis,sec,tid);
if(!strcmp(first,secon))
printf("trings are same n");
if( strcmp(first,third) == 1 )
printf("second string has a chareceter that is greater than first stringn");
if( strcmp(first,forth) == -1 )
printf("second string has a chareceter that is lesser than first stringn");
disassembly of main
answered Sep 3 at 13:00
blabb
8,7381623
edited Sep 3 at 21:06
answered Sep 3 at 13:00
blabb
8,7381623
answered Sep 3 at 13:00
blabb
8,7381623
answered Sep 3 at 13:00
blabb
8,7381623
8,7381623
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
add a comment |Â
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
Is that an interpreter program?
– P. Private
Sep 3 at 19:11
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
@P.Private are you asking about the >>> part that is python prompt in cmd.exe
– blabb
Sep 3 at 19:31
add a comment |Â
up vote
2
down vote
Basically, the original C code associated with this assembly code would be:
if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
goto error; // str1 != str2 --> jne 1706
// str1 == str2
// Do legitimate code
error:
// Do what you need to handle the error
If you want a way to remember what does test eax, eax it can be translated like this in C:
bool test = (eax == 0)
Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).
answered Sep 3 at 13:31
perror
10.5k1763128
add a comment |Â
up vote
2
down vote
Basically, the original C code associated with this assembly code would be:
if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
goto error; // str1 != str2 --> jne 1706
// str1 == str2
// Do legitimate code
error:
// Do what you need to handle the error
If you want a way to remember what does test eax, eax it can be translated like this in C:
bool test = (eax == 0)
Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).
answered Sep 3 at 13:31
perror
10.5k1763128
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Basically, the original C code associated with this assembly code would be:
if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
goto error; // str1 != str2 --> jne 1706
// str1 == str2
// Do legitimate code
error:
// Do what you need to handle the error
If you want a way to remember what does test eax, eax it can be translated like this in C:
bool test = (eax == 0)
Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).
answered Sep 3 at 13:31
perror
10.5k1763128
Basically, the original C code associated with this assembly code would be:
if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
goto error; // str1 != str2 --> jne 1706
// str1 == str2
// Do legitimate code
error:
// Do what you need to handle the error
If you want a way to remember what does test eax, eax it can be translated like this in C:
bool test = (eax == 0)
Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).
answered Sep 3 at 13:31
perror
10.5k1763128
edited Sep 3 at 17:21
answered Sep 3 at 13:31
perror
10.5k1763128
answered Sep 3 at 13:31
perror
10.5k1763128
answered Sep 3 at 13:31
perror
10.5k1763128
10.5k1763128
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2freverseengineering.stackexchange.com%2fquestions%2f19235%2fpurpose-of-test-eax-eax-after-a-strcmp%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
EAXis the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design,strcpycan return either -1,0 or 1 in EAX with 0 indicating both strings match.TEST EAX,EAXtests whetherEAXis zero or not and sets or unsets theZFbit.– fpmurphy1
Sep 3 at 15:41
strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13