what means this instructions in a program:
167:40FACA Test edi,edi
167:40FACC JZ 40FB39

Why test a register with the same register ?
thanks
Posted on 2002-01-31 01:15:52 by franlou
Well:
- to set zero flag and test it one instruction later ;) ?
Posted on 2002-01-31 01:58:00 by BogdanOntanu
if it is for cr_cking purposes, please read the rules... ;)

Thanks.
Posted on 2002-01-31 02:11:52 by JCP
I fail to understand how test edi, edi relates to cracking.
Posted on 2002-01-31 02:26:40 by Asm_Freak
Very good question, it could/would only be their by mistake or to disguise a jmp as something because this code is always going to jump.

EDIT: Whoops, haha, I would of thought I would of known better than that :( Im actualy tempted to delete this post but nah I think this can go for just being plan stupid award
Posted on 2002-01-31 02:53:51 by huh
It won't always jump....

test is a bitwise and instruction except the result other than the flags are not stored.

"test 0,0" will set the zero flag, as will anything where the result is zero.

When anding a number with itself, the only time it can result in zero is if the number is zero! It is a simple is the number zero test.

Similar would be:
or edi, edi
This won't change the number either, and test for zero...

cmp edi, 0
The same but longer as the "0" part of it will take more space in the code.


Mirno
Posted on 2002-01-31 03:02:34 by Mirno

I fail to understand how test edi, edi relates to cracking.


167:40FACA Test edi,edi
167:40FACC JZ 40FB39

From where comes these lines ? ;)
It is not the question by itself, but to what it will end...
Posted on 2002-01-31 03:24:32 by JCP
It is not the question by itself, but to what it will end...


maybe this :)

167:40FACA Test edi,edi
167:40FACC JNZ 40FB39
Posted on 2002-01-31 03:31:10 by beaster



maybe this :)

167:40FACA Test edi,edi
167:40FACC JNZ 40FB39


lol :tongue:
Posted on 2002-01-31 03:44:01 by Tola
I wonder why it looks like a branch in code that could be modified in HEX to branch under different conditions ? If you were writing it yourself, why would you bother to decompile it first ?

Looks like a crack attempt to me.

"if it is for cr_cking purposes, please read the rules..."

Yes, do that because if it is for that purpose, our moderators will convert the post into free disk space. :tongue:

Regards,

hutch@movsd.com
Posted on 2002-01-31 05:08:57 by hutch--
I'm learning assembler
I saw this instruction and I was surprised
For me' test edi,edi ' put always zero flag to zero
why we can see JZ... after?
Posted on 2002-01-31 12:50:55 by franlou
the state of the zero flag depends of the result, think of it like a cmp in this case :

TEST - Test For Bit Pattern
Usage: TEST dest,src
Modifies flags: CF OF PF SF ZF (AF undefined)
Performs a logical AND of the two operands updating the flags
register without saving the result.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg 3 2 1 1 2

reg,mem 9+EA 6 5 1 2-4 (W88=13+EA)
mem,reg 9+EA 6 5 2 2-4 (W88=13+EA)
reg,immed 5 3 2 1 3-4
mem,immed 11+EA 6 5 2 3-6

accum,immed 4 3 2 1 2-3

A8 ib TEST AL, imm8 AND imm8 with AL; set SF, ZF, PF according to result
A9 iw TEST AX, imm16 AND imm16 with AX; set SF, ZF, PF according to result
A9 id TEST EAX, imm32 AND imm32 with EAX; set SF, ZF, PF according to result
F6 /0 ib TEST r/m8,imm8 AND imm8 with r/m8; set SF, ZF, PF according to result

F7 /0 iw TEST r/m16,imm16 AND imm16 with r/m16; set SF, ZF, PF according to result
F7 /0 id TEST r/m32,imm32 AND imm32 with r/m32; set SF, ZF, PF according to result
84 / r TEST r/m8,r8 AND r8 with r/m8; set SF, ZF, PF according to result
85 / r TEST r/m16,r16 AND r16 with r/m16; set SF, ZF, PF according to result

85 / r TEST r/m32,r32 AND r32 with r/m32; set SF, ZF, PF according to result
Posted on 2002-01-31 12:59:22 by JCP