test al,al ? isn t that weird

[uusser]

hello everyone i have a litle question (i know that s stupid) but plz help me to understand it, well suppose that we have this code

call func.00404521
test al,al
jnz 00404747

in which the call well change the al register so the question is why did we use test instruction on the al register(with itself) even if we know that the result will always be the same (example of that in reversing) so

test al,al will always have the same result why did we used and thanks

[kao]

'test reg, reg' does not change registers but it changes flags. It's commonly used as optimized version of 'cmp reg, 0'.

So, your code will jump to 00404747 only if AL is not zero.

Edited September 30, 2010 by kao

[0xFF]

step inside func.00404521 [F7, set a BP before it] and learn what the code in there does to AL [AL = EAX 2 last Digits].

[TommyTom]

It does seem a bit silly to do:

TEST AL,AL

When it would seem that this makes more sense:

TEST AL

same when you think about why this is used so much:

XOR EAX,EAX

which always 0s the register, when this can be used:

MOV EAX,0

but this actually results in much larger code (2 bytes versus 1-2bytes + 4 bytes as it uses 00000000 instead of 0/00)

I'm sure there is a more technical reason for needing two registers and, subsequently, the same register, but it's just one of the quirks you learn with ASM that you commit to memory and move on.

Don't really need to know why, just what is correct and what it does.

Edited October 1, 2010 by TommyTom

[quosego]

What if you use test al, bl. Then you can't use only test al. Just consistent use of the instruction. And really you do test al with al. Like with xor eax,eax. Only writing xor eax would add to confusion.

Xor eax. (huh with what?? ) As for it's common use, it takes three bytes less space then mov reg, 0. Why this is the case, well if you wanted to move 12345678 into eax, you will need 5 bytes to write down 12345678. xor just requires one byte for the function and one byte for the register.

Everything you write about is simply consistent use of opcode naming and illogical results when changing it.

[uusser]

first of all thank you for your reply all of you and secondly i think that you all have agreed that test al,al is just a way of testing if the register is not equal to zero and test al,al is just a better way to say if al is not zero.

Correct Me If I'm Wrong

thank you so much

Edited October 1, 2010 by uusser

[0xFF]

Try to change Test Al,Al to Mov Al,1.

[Peter Ferrie]

  On 10/1/2010 at 11:07 AM, uusser said:

first of all thank you for your reply all of you and secondly i think that you all have agreed that test al,al is just a way of testing if the register is not equal to zero and test al,al is just a better way to say if al is not zero.

Correct Me If I'm Wrong

thank you so much

It's used for testing for both zero and non-zero. The flags are set according to the result (zero flag is set if al is 0, zero flag is clear if al is not zero).

It was common in the past to check using "or al, al" but since that does write to al (even though it's the same value), there is a performance penalty (interferes with instruction scheduling).

Using "test" instead of "or" is therefore faster.

[SunBeam]

Seems to me some people need to RTFM Google "TEST asm instruction" and read up on it..