Win32 assembly conditional jumps

1
votes

With respect to the following opcode reference: http://ref.x86asm.net/coder32.html

I'm trying to understand a little more around conditional jumps. You'll see in the above-referenced link that the opcode for "Jump short if zero/equal (ZF=0)" is 74. Therefore, if we (in a debugger) binary insert the bytes 74 04 and the ZF flag is set to 0, we will see a short forward jump of 4 bytes:

0207FF9F        74 04        JE SHORT 0207FFA5

No problems there.

Later on in the same reference, there is a similar conditional short jump referenced using opcode 85, however if you pop that code in with a similar byte length for the conditional jump, you get the following:

0207FFA5        850441        TEST DWORD PTR DS:[ECX+EAX*2],EAX

Attempted conditional jump

I'm clearly not understanding something here, is someone able to explain? Are conditional short jumps based on flag values limited to opcodes 70 through 7F?

1
assemblyx86opcode
@mazegen made a typo in the reference mentioned above: the condition of Jump if zero/equal is actually ZF=1 rather then ZF=0, and vice versa.vitsoft

1 Answers

1
votes

The 2nd 85 you found is in the 2-byte opcodes table, where every entry is prefixed with 0F.

The "near" (rel32) version of JZ/JE is 0F 85. (Oops, that HTML extract truncates the list of encodings, only getting to a few of the 0F .. rel32 versions. Or actually has broken non-table formatting for the rest. See Intel's PDF original.

Those opcode tables are not instruction set reference manuals. They're handy if you just need a quick reference, though. If you ever get confused, look up the instruction in the full manual (links in the tag wiki.