1

I want to know what does this operation mean?

Test EDX, 200

I have DWORD value in EDX like:

1A1B1C00

When I do test EDX, 200 and then a JE, jump is taken. Why? EDX is not equal to 200.

I want to know more about Test EDX, 200 meaning.

nrz
  • 9,959
  • 4
  • 36
  • 69
Vahid Farahmand
  • 2,458
  • 2
  • 12
  • 20
  • Possible duplicate of [What does the \`test\` instruction do?](http://stackoverflow.com/questions/6002079/what-does-the-test-instruction-do) – CompSciFly Dec 05 '16 at 15:30
  • related: A question about [`test eax,eax`](https://stackoverflow.com/questions/147173/testl-eax-against-eax) has many good answers, but most focus on that specific use-case of `test`: checking the current value of a register, rather than testing only some of the bits by using a different 2nd operand. – Peter Cordes Aug 13 '17 at 02:07

2 Answers2

5

A test performs an AND without modifying the operands (it only modifies some flags, like ZF et al). A je simply tests ZF (the zero flag) and jumps if set.

So Test EDX, 200 will AND the value in EDX with 0x200 and set ZF to 1 if the result of that AND was 0. In your case that will give us:

0x1A1B1C00 AND 0x00000200 -> 0x00000000

Since 0x0200 is 0000 0010 0000 0000 in binary, the intent of the instruction Test EDX, 200 is to test the value in EDX and see if the 9th bit (9 places from the right counting from 0) is a 0 or 1, and take the jump if it is a zero.

Monte Hoover
  • 55
  • 1
  • 9
cnicutar
  • 164,886
  • 23
  • 329
  • 361
  • What could be meaning of performing AND 200 to a register? – Vahid Farahmand Dec 05 '12 at 10:19
  • To take a look if a single bit (or at least one bit in a set of bits) is set. I guess in your question it should be `test, edx, 0200h` because it is more common to test for a single bit. – David J Dec 05 '12 at 10:39
  • Yes, it's test, edx, 0200h. What's meaning of this? – Vahid Farahmand Dec 05 '12 at 10:49
  • you have `1A1B1C00h` in `EDX`; since `C00h` is `800h OR 400h`, the logical `AND` with `200h` results in zero, aka `ZF` set, therefore the `JE` is taken. – FrankH. Dec 05 '12 at 12:05
  • 1
    JE is same as JZ (jump if zero); it is not about values being equal, it is about ZF flag being set. (Which is set by CMP or SUB when values are equal - that's why there's JE mnemonic used as a synonym). – Aleksey Ivchenko Dec 05 '12 at 13:15
0

To find out what an assembly instruction does, I recommend using Google. In Google you can just write the name of the instruction, in this case test, and something like intel instruction (for Intel instructions):

Google: test intel instruction

From the results of the Google search linked above you'll also find out that some servers have separate pages for different x86 assembly instructions named according to the name of the instruction:

http://web.itu.edu.tr/kesgin/mul06/intel/instr/test.html

As it says on the webpage linked above:

TEST - Test For Bit Pattern

    Usage:  TEST    dest,src
    Modifies flags: CF OF PF SF ZF (AF undefined)

    Performs a logical AND of the two operands updating the flags
    register without saving the result.

To find out what some other instruction does, for example cmpxchg, all you need to do is to replace the name of the instruction in the address, so it would be:

http://web.itu.edu.tr/kesgin/mul06/intel/instr/cmpxchg.html

Finally, the ultimate source of information regarding Intel assembly are the Intel Software Developer Manuals, and they are very useful and freely available as pdf:

Intel® 64 and IA-32 Architectures Software Developer Manuals

Combined Volume Set of Intel® 64 and IA-32 Architectures Software Developer’s Manuals

nrz
  • 9,959
  • 4
  • 36
  • 69