9.0 more pseudo code
There are more pseudo code here.
Test
TEST performs both parameters (targets, sources), and sets the flag registers based on the results set. The result itself will not be saved. Test is used to test a bit, such as registers:
Test Eax, 100B; B is binary jnz bitset
If the third bit of the EAX right, JNZ will jump. A very common usage of Test is to test whether a party is empty:
Test Ecx, ECXJZ Somewhere
If ECX is zero, JZ jump
Pseudo code about stack
Before I put the pseudo code, I will explain what is the stack. The stack is a place in memory, and ESP is a pointer to the stack. The stack is used to save the temporary value, there are two instructions to put into one finger and take it out: Push and POP. Push puts a pointer into the stack. PoP will then pop it out. The last one of the places is the first. A value is placed in the stack, and the stack pointer will be reduced. When it moves out, the stack pointer steps. Look at this example:
(1) MOV ECX, 100 (2) MOV EAX, 200 (3) PUSH ECX; Save ECX (4) Push Eax (5) xor ECX, EAX (6) Add ECX, 400 (7) MOV EDX, ECX (8 ) POP EBX (9) POP ECX
Explanation
1, put 100 into ECX
2, put 200 in EAX
3. Press ECX (equal to 100) into the stack (first press)
4. Press EAX (equal to 200) into the stack (last press)
5, / 6/7: Perform operation on ECX to change the value of ECX
8 Bounce EBX: EBX becomes 200 (last press, first pop-up) 9 pop-up ECX: ECX has become 100 (first press, finally pop up)
In order to illustrate the re-pressing stack and the slope, what happens in memory, look at the picture:
Offset
1203
1204
1205
1206
1207
1208
1209
120A
120B
Value
00
00
00
00
00
00
00
00
00
ESP
(Stack is here to initialize 0, but actually not this. "TheESP indicates the offset pointing to the ESP)
MOV AX, 4560HPUSH AX
Offset
1203
1204
1205
1206
1207
1208
1209
120A
120B
Value
00
00
60
45
00
00
00
00
00
ESP
MOV CX, FFFFHPUSH CX
Offset
1203
1204
1205
1206
1207
1208
1209
120A
120B
Value
FF
FF
60
45
00
00
00
00
00
ESP
POP EDX
Offset
1203
1204
1205
1206
1207
1208
1209
120A
120B
Value
FF
FF
60
45
00
00
00
00
00
ESP
EDX is now 4560ffffh.
Call and Ret
Call jumps to a certain code and then returns a found RET instruction. You can regard them as functions or subroutines in other programming languages. E.g:
...... Code ... Call 0455659 ... More code ...
Code at 455659:
Add Eax, 500mul Eax, Edxret
When this instruction is executed, the processor jumps to the code at 455659, and executes the instruction until RET and returns the next step at the call. The code that Call jumps to the process is procedure. You can write a process you repeatedly using and call when you need it every time you need it. More in-depth details: CALL puts EIP (pointing to the pointer to execute instructions) into the stack, and the RET instruction will pop it up when it returns. You can also give a call specified by Call. This is done by the stack:
Push Somethingpush Something2Call Procedure
In the interior of a call, the parameters are read from the stack and used. Note that only local variables required in the process are also stored in the stack. I won't go deep into it because it can be easily named in Masm and Tasm. Just remember that you can write a process, and they can be by parameters. An important place:
EAX is almost always used to install a return value of a process.
This is also true for Windows functions. But now you can use other registers in your process, but this is the standard.
