Purpose of test eax,eax after a strcmp

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
5
down vote

favorite
2












This is my first program i am trying to reverse and my intro to this field.



The C program will test if two strings match, and it will printf() a message for each occasion.



This is what the reversed code snippet looks like:



call strcmp //compares the strings
test eax,eax
jne 1706


I know that jne will jump, if ZF=0.



What i do not understand is what's up with this line:



test eax,eax


What caused this line?
How does it relate with strcmp?



I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?










share|improve this question























  • EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
    – fpmurphy1
    Sep 3 at 15:41











  • strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
    – Peter Cordes
    Sep 3 at 20:13














up vote
5
down vote

favorite
2












This is my first program i am trying to reverse and my intro to this field.



The C program will test if two strings match, and it will printf() a message for each occasion.



This is what the reversed code snippet looks like:



call strcmp //compares the strings
test eax,eax
jne 1706


I know that jne will jump, if ZF=0.



What i do not understand is what's up with this line:



test eax,eax


What caused this line?
How does it relate with strcmp?



I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?










share|improve this question























  • EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
    – fpmurphy1
    Sep 3 at 15:41











  • strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
    – Peter Cordes
    Sep 3 at 20:13












up vote
5
down vote

favorite
2









up vote
5
down vote

favorite
2






2





This is my first program i am trying to reverse and my intro to this field.



The C program will test if two strings match, and it will printf() a message for each occasion.



This is what the reversed code snippet looks like:



call strcmp //compares the strings
test eax,eax
jne 1706


I know that jne will jump, if ZF=0.



What i do not understand is what's up with this line:



test eax,eax


What caused this line?
How does it relate with strcmp?



I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?










share|improve this question















This is my first program i am trying to reverse and my intro to this field.



The C program will test if two strings match, and it will printf() a message for each occasion.



This is what the reversed code snippet looks like:



call strcmp //compares the strings
test eax,eax
jne 1706


I know that jne will jump, if ZF=0.



What i do not understand is what's up with this line:



test eax,eax


What caused this line?
How does it relate with strcmp?



I know that if the result of test is not zero, ZF=0, so jne will jump.
But what does it compare exactly, and how does it relate to strcmp?







disassembly assembly c






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 3 at 10:40

























asked Sep 3 at 10:30









user1584421

1315




1315











  • EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
    – fpmurphy1
    Sep 3 at 15:41











  • strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
    – Peter Cordes
    Sep 3 at 20:13
















  • EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
    – fpmurphy1
    Sep 3 at 15:41











  • strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
    – Peter Cordes
    Sep 3 at 20:13















EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
– fpmurphy1
Sep 3 at 15:41





EAX is the register used by IA32 calling conventions to either return an interger value or a memory address to the calling routine. By design, strcpy can return either -1,0 or 1 in EAX with 0 indicating both strings match. TEST EAX,EAX tests whether EAX is zero or not and sets or unsets the ZF bit.
– fpmurphy1
Sep 3 at 15:41













strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13




strcpy returns an integer in EAX, not in FLAGS. See `testl` eax against eax? for how this instruction sets flags according to EAX.
– Peter Cordes
Sep 3 at 20:13










4 Answers
4






active

oldest

votes

















up vote
9
down vote



accepted










Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.



The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.



The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.






share|improve this answer






















  • Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
    – user1584421
    Sep 3 at 10:48











  • strcmp compares the strings and sets eax to zero if the strings are equal
    – josh
    Sep 3 at 10:49










  • I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
    – user1584421
    Sep 3 at 10:55










  • What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
    – user1584421
    Sep 3 at 11:20






  • 1




    @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
    – hobbs
    Sep 3 at 16:42


















up vote
7
down vote













You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).



I recommend reading some easy book on x86 assembly, it will help you a lot.






share|improve this answer



























    up vote
    6
    down vote













    prototype of strcmp()



    int strcmp(
    const char *string1,
    const char *string2
    );


    the function returns an int whose interpretation is as follows

    so i think that answers your question of when it jumps and when not

    it jumps if eax is either > or < 0

    it does not jump if eax == 0



    Return Value
    The return value for each of these functions indicates
    the lexicographic relation of string1 to string2.

    < 0 string1 less than string2

    0 string1 identical to string2

    > 0 string1 greater than string2


    test eax,eax does a binary and of both inputs

    and for it to jump eax needs to be 0
    if eax is 0 test eax,eax will set the ZF to 1
    else it will set the ZF to 0

    normally test eax will be used if the program in higher languages test
    the result like this



    if(!strcmp( a, b ) ) do something 


    see a sample program and disassembly below



    >>> eax = -1
    >>> print eax & eax
    -1
    >>> eax = 0
    >>> print eax & eax
    0
    >>> eax = 1
    >>> print eax & eax
    1
    >>>


    sample program



    #include <stdio.h>
    #include <string.h>

    int main (void)
    char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
    int fis = strcmp(first,secon);
    int sec = strcmp(first,third);
    int tid = strcmp(first,forth);
    printf("%8x %8x %8xn",fis,sec,tid);
    if(!strcmp(first,secon))
    printf("trings are same n");

    if( strcmp(first,third) == 1 )
    printf("second string has a chareceter that is greater than first stringn");

    if( strcmp(first,forth) == -1 )
    printf("second string has a chareceter that is lesser than first stringn");





    disassembly of main
    enter image description here






    share|improve this answer






















    • Is that an interpreter program?
      – P. Private
      Sep 3 at 19:11










    • @P.Private are you asking about the >>> part that is python prompt in cmd.exe
      – blabb
      Sep 3 at 19:31

















    up vote
    2
    down vote













    Basically, the original C code associated with this assembly code would be:



    if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
    goto error; // str1 != str2 --> jne 1706

    // str1 == str2
    // Do legitimate code

    error:
    // Do what you need to handle the error


    If you want a way to remember what does test eax, eax it can be translated like this in C:



    bool test = (eax == 0)


    Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).






    share|improve this answer






















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "489"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2freverseengineering.stackexchange.com%2fquestions%2f19235%2fpurpose-of-test-eax-eax-after-a-strcmp%23new-answer', 'question_page');

      );

      Post as a guest






























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      9
      down vote



      accepted










      Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.



      The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.



      The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.






      share|improve this answer






















      • Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
        – user1584421
        Sep 3 at 10:48











      • strcmp compares the strings and sets eax to zero if the strings are equal
        – josh
        Sep 3 at 10:49










      • I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
        – user1584421
        Sep 3 at 10:55










      • What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
        – user1584421
        Sep 3 at 11:20






      • 1




        @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
        – hobbs
        Sep 3 at 16:42















      up vote
      9
      down vote



      accepted










      Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.



      The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.



      The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.






      share|improve this answer






















      • Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
        – user1584421
        Sep 3 at 10:48











      • strcmp compares the strings and sets eax to zero if the strings are equal
        – josh
        Sep 3 at 10:49










      • I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
        – user1584421
        Sep 3 at 10:55










      • What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
        – user1584421
        Sep 3 at 11:20






      • 1




        @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
        – hobbs
        Sep 3 at 16:42













      up vote
      9
      down vote



      accepted







      up vote
      9
      down vote



      accepted






      Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.



      The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.



      The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.






      share|improve this answer














      Register eax will contain the return code from strcmp, after the call. The test eax, eax is the same as and eax, eax (bitwise and) except that it doesn't store the result in eax. So eax isn't affected by the test, but the zero-flag is, for example.



      The test eax, eax is necessary to make the jne work in the first place. And jne is the same as jnz, just as je is the same as jz. Both act based on the ZF (zero-flag) value.



      The jne branch will be taken if ZF=0 and therefore whenever strcmp returns a non-zero value (i.e. strings not equal). Conversely if eax contains zero upon return from strcmp, the jump via jne will not happen.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Sep 3 at 12:42

























      answered Sep 3 at 10:45









      0xC0000022L♦

      7,49742860




      7,49742860











      • Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
        – user1584421
        Sep 3 at 10:48











      • strcmp compares the strings and sets eax to zero if the strings are equal
        – josh
        Sep 3 at 10:49










      • I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
        – user1584421
        Sep 3 at 10:55










      • What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
        – user1584421
        Sep 3 at 11:20






      • 1




        @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
        – hobbs
        Sep 3 at 16:42

















      • Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
        – user1584421
        Sep 3 at 10:48











      • strcmp compares the strings and sets eax to zero if the strings are equal
        – josh
        Sep 3 at 10:49










      • I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
        – user1584421
        Sep 3 at 10:55










      • What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
        – user1584421
        Sep 3 at 11:20






      • 1




        @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
        – hobbs
        Sep 3 at 16:42
















      Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
      – user1584421
      Sep 3 at 10:48





      Thanks! And what does test eax,eax do? Checks to see if what? How does it work?
      – user1584421
      Sep 3 at 10:48













      strcmp compares the strings and sets eax to zero if the strings are equal
      – josh
      Sep 3 at 10:49




      strcmp compares the strings and sets eax to zero if the strings are equal
      – josh
      Sep 3 at 10:49












      I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
      – user1584421
      Sep 3 at 10:55




      I mean, it does a logical AND. But what exactly does it checks? How will the jne, not fire? What would have to be the value of eax for jne to not jump?
      – user1584421
      Sep 3 at 10:55












      What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
      – user1584421
      Sep 3 at 11:20




      What are the conditions for jne jumping and not jumping? What does eax have to be in order to jump/not jump? And how does this relates to strcmp?
      – user1584421
      Sep 3 at 11:20




      1




      1




      @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
      – hobbs
      Sep 3 at 16:42





      @user1584421 think for a second and put together what you already know. eax contains the return value of strcmp. test is like bitwise and except it only sets the flags. Anding a value with itself gives the same value, so test eax, eax sets the flags based on whatever eax contains. ZF is set when the result of an operation is zero. jne jumps when ZF is not set. So the jump will be taken when strcmp returns nonzero, meaning the strings are unequal.
      – hobbs
      Sep 3 at 16:42











      up vote
      7
      down vote













      You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).



      I recommend reading some easy book on x86 assembly, it will help you a lot.






      share|improve this answer
























        up vote
        7
        down vote













        You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).



        I recommend reading some easy book on x86 assembly, it will help you a lot.






        share|improve this answer






















          up vote
          7
          down vote










          up vote
          7
          down vote









          You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).



          I recommend reading some easy book on x86 assembly, it will help you a lot.






          share|improve this answer












          You might be missing the fact that call strcmp will not set ZF for you - it returns the result in the EAX register. But JNE instruction tests ZF, and that test eax, eax serves to set ZF according to EAX. (actually, the opposite way, EAX=1 -> ZF=0).



          I recommend reading some easy book on x86 assembly, it will help you a lot.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 3 at 15:36









          Edheldil

          20112




          20112




















              up vote
              6
              down vote













              prototype of strcmp()



              int strcmp(
              const char *string1,
              const char *string2
              );


              the function returns an int whose interpretation is as follows

              so i think that answers your question of when it jumps and when not

              it jumps if eax is either > or < 0

              it does not jump if eax == 0



              Return Value
              The return value for each of these functions indicates
              the lexicographic relation of string1 to string2.

              < 0 string1 less than string2

              0 string1 identical to string2

              > 0 string1 greater than string2


              test eax,eax does a binary and of both inputs

              and for it to jump eax needs to be 0
              if eax is 0 test eax,eax will set the ZF to 1
              else it will set the ZF to 0

              normally test eax will be used if the program in higher languages test
              the result like this



              if(!strcmp( a, b ) ) do something 


              see a sample program and disassembly below



              >>> eax = -1
              >>> print eax & eax
              -1
              >>> eax = 0
              >>> print eax & eax
              0
              >>> eax = 1
              >>> print eax & eax
              1
              >>>


              sample program



              #include <stdio.h>
              #include <string.h>

              int main (void)
              char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
              int fis = strcmp(first,secon);
              int sec = strcmp(first,third);
              int tid = strcmp(first,forth);
              printf("%8x %8x %8xn",fis,sec,tid);
              if(!strcmp(first,secon))
              printf("trings are same n");

              if( strcmp(first,third) == 1 )
              printf("second string has a chareceter that is greater than first stringn");

              if( strcmp(first,forth) == -1 )
              printf("second string has a chareceter that is lesser than first stringn");





              disassembly of main
              enter image description here






              share|improve this answer






















              • Is that an interpreter program?
                – P. Private
                Sep 3 at 19:11










              • @P.Private are you asking about the >>> part that is python prompt in cmd.exe
                – blabb
                Sep 3 at 19:31














              up vote
              6
              down vote













              prototype of strcmp()



              int strcmp(
              const char *string1,
              const char *string2
              );


              the function returns an int whose interpretation is as follows

              so i think that answers your question of when it jumps and when not

              it jumps if eax is either > or < 0

              it does not jump if eax == 0



              Return Value
              The return value for each of these functions indicates
              the lexicographic relation of string1 to string2.

              < 0 string1 less than string2

              0 string1 identical to string2

              > 0 string1 greater than string2


              test eax,eax does a binary and of both inputs

              and for it to jump eax needs to be 0
              if eax is 0 test eax,eax will set the ZF to 1
              else it will set the ZF to 0

              normally test eax will be used if the program in higher languages test
              the result like this



              if(!strcmp( a, b ) ) do something 


              see a sample program and disassembly below



              >>> eax = -1
              >>> print eax & eax
              -1
              >>> eax = 0
              >>> print eax & eax
              0
              >>> eax = 1
              >>> print eax & eax
              1
              >>>


              sample program



              #include <stdio.h>
              #include <string.h>

              int main (void)
              char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
              int fis = strcmp(first,secon);
              int sec = strcmp(first,third);
              int tid = strcmp(first,forth);
              printf("%8x %8x %8xn",fis,sec,tid);
              if(!strcmp(first,secon))
              printf("trings are same n");

              if( strcmp(first,third) == 1 )
              printf("second string has a chareceter that is greater than first stringn");

              if( strcmp(first,forth) == -1 )
              printf("second string has a chareceter that is lesser than first stringn");





              disassembly of main
              enter image description here






              share|improve this answer






















              • Is that an interpreter program?
                – P. Private
                Sep 3 at 19:11










              • @P.Private are you asking about the >>> part that is python prompt in cmd.exe
                – blabb
                Sep 3 at 19:31












              up vote
              6
              down vote










              up vote
              6
              down vote









              prototype of strcmp()



              int strcmp(
              const char *string1,
              const char *string2
              );


              the function returns an int whose interpretation is as follows

              so i think that answers your question of when it jumps and when not

              it jumps if eax is either > or < 0

              it does not jump if eax == 0



              Return Value
              The return value for each of these functions indicates
              the lexicographic relation of string1 to string2.

              < 0 string1 less than string2

              0 string1 identical to string2

              > 0 string1 greater than string2


              test eax,eax does a binary and of both inputs

              and for it to jump eax needs to be 0
              if eax is 0 test eax,eax will set the ZF to 1
              else it will set the ZF to 0

              normally test eax will be used if the program in higher languages test
              the result like this



              if(!strcmp( a, b ) ) do something 


              see a sample program and disassembly below



              >>> eax = -1
              >>> print eax & eax
              -1
              >>> eax = 0
              >>> print eax & eax
              0
              >>> eax = 1
              >>> print eax & eax
              1
              >>>


              sample program



              #include <stdio.h>
              #include <string.h>

              int main (void)
              char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
              int fis = strcmp(first,secon);
              int sec = strcmp(first,third);
              int tid = strcmp(first,forth);
              printf("%8x %8x %8xn",fis,sec,tid);
              if(!strcmp(first,secon))
              printf("trings are same n");

              if( strcmp(first,third) == 1 )
              printf("second string has a chareceter that is greater than first stringn");

              if( strcmp(first,forth) == -1 )
              printf("second string has a chareceter that is lesser than first stringn");





              disassembly of main
              enter image description here






              share|improve this answer














              prototype of strcmp()



              int strcmp(
              const char *string1,
              const char *string2
              );


              the function returns an int whose interpretation is as follows

              so i think that answers your question of when it jumps and when not

              it jumps if eax is either > or < 0

              it does not jump if eax == 0



              Return Value
              The return value for each of these functions indicates
              the lexicographic relation of string1 to string2.

              < 0 string1 less than string2

              0 string1 identical to string2

              > 0 string1 greater than string2


              test eax,eax does a binary and of both inputs

              and for it to jump eax needs to be 0
              if eax is 0 test eax,eax will set the ZF to 1
              else it will set the ZF to 0

              normally test eax will be used if the program in higher languages test
              the result like this



              if(!strcmp( a, b ) ) do something 


              see a sample program and disassembly below



              >>> eax = -1
              >>> print eax & eax
              -1
              >>> eax = 0
              >>> print eax & eax
              0
              >>> eax = 1
              >>> print eax & eax
              1
              >>>


              sample program



              #include <stdio.h>
              #include <string.h>

              int main (void)
              char *first="same";char *secon="same";char *third="diff";char *forth="tiff";
              int fis = strcmp(first,secon);
              int sec = strcmp(first,third);
              int tid = strcmp(first,forth);
              printf("%8x %8x %8xn",fis,sec,tid);
              if(!strcmp(first,secon))
              printf("trings are same n");

              if( strcmp(first,third) == 1 )
              printf("second string has a chareceter that is greater than first stringn");

              if( strcmp(first,forth) == -1 )
              printf("second string has a chareceter that is lesser than first stringn");





              disassembly of main
              enter image description here







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Sep 3 at 21:06

























              answered Sep 3 at 13:00









              blabb

              8,7781623




              8,7781623











              • Is that an interpreter program?
                – P. Private
                Sep 3 at 19:11










              • @P.Private are you asking about the >>> part that is python prompt in cmd.exe
                – blabb
                Sep 3 at 19:31
















              • Is that an interpreter program?
                – P. Private
                Sep 3 at 19:11










              • @P.Private are you asking about the >>> part that is python prompt in cmd.exe
                – blabb
                Sep 3 at 19:31















              Is that an interpreter program?
              – P. Private
              Sep 3 at 19:11




              Is that an interpreter program?
              – P. Private
              Sep 3 at 19:11












              @P.Private are you asking about the >>> part that is python prompt in cmd.exe
              – blabb
              Sep 3 at 19:31




              @P.Private are you asking about the >>> part that is python prompt in cmd.exe
              – blabb
              Sep 3 at 19:31










              up vote
              2
              down vote













              Basically, the original C code associated with this assembly code would be:



              if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
              goto error; // str1 != str2 --> jne 1706

              // str1 == str2
              // Do legitimate code

              error:
              // Do what you need to handle the error


              If you want a way to remember what does test eax, eax it can be translated like this in C:



              bool test = (eax == 0)


              Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).






              share|improve this answer


























                up vote
                2
                down vote













                Basically, the original C code associated with this assembly code would be:



                if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
                goto error; // str1 != str2 --> jne 1706

                // str1 == str2
                // Do legitimate code

                error:
                // Do what you need to handle the error


                If you want a way to remember what does test eax, eax it can be translated like this in C:



                bool test = (eax == 0)


                Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).






                share|improve this answer
























                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  Basically, the original C code associated with this assembly code would be:



                  if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
                  goto error; // str1 != str2 --> jne 1706

                  // str1 == str2
                  // Do legitimate code

                  error:
                  // Do what you need to handle the error


                  If you want a way to remember what does test eax, eax it can be translated like this in C:



                  bool test = (eax == 0)


                  Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).






                  share|improve this answer














                  Basically, the original C code associated with this assembly code would be:



                  if (strcmp (str1, str2)) // call strcmp and do the 'test eax, eax'
                  goto error; // str1 != str2 --> jne 1706

                  // str1 == str2
                  // Do legitimate code

                  error:
                  // Do what you need to handle the error


                  If you want a way to remember what does test eax, eax it can be translated like this in C:



                  bool test = (eax == 0)


                  Note that eax is used to store the return code of a function, the test test eax, eax is very often used to check this return code after a call (usually, this is the converse and eax == 0 means that an error occurred).







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Sep 3 at 17:21

























                  answered Sep 3 at 13:31









                  perror

                  10.6k1763129




                  10.6k1763129



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2freverseengineering.stackexchange.com%2fquestions%2f19235%2fpurpose-of-test-eax-eax-after-a-strcmp%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      這個網誌中的熱門文章

                      How to combine Bézier curves to a surface?

                      Mutual Information Always Non-negative

                      Why am i infinitely getting the same tweet with the Twitter Search API?