Correct me if I am wrong.
This is my understanding of JNZ and CMP.
JNZ - The jump WILL take place if the Z Flag is NOT zero (1)
CMP - If the two values are equal, the Z Flag is set (1) otherwise it is not set (0)
This is a flash tutorial I am watching. It is teaching the solution to a simple CrackMe.
As you can see, the previous instruction compared AL with 47h. They were equal which set the Z flag. (You can see it in the Registers windows on the right side)
The next instruction is a JNZ. My understanding was that the jump will take place if the Z flag is set. The Z flag IS set, but the jump doesn't take place!
Why?
This question is related to
assembly
x86
reverse-engineering
ollydbg
cmp
The answer is
You can read JNE/Z as *
Jump if the status is "Not set" on Equal/Zero flag
"Not set" is a status when "equal/zero flag" in the CPU is set to 0 which only happens when the condition is met or equally matched.
At first it seems as if JNZ means jump if not Zero (0), as in jump if zero flag is 1/set.
But in reality it means Jump (if) not Zero (is set).
If 0 = not set and 1 = set then just remember:
JNZ Jumps if the zero flag is not set (0)
JNZ Jump if Not Zero ZF=0
Indeed, this is confusing right.
To make it easier to understand, replace Not Zero with Not Set. (Please take note this is for your own understanding)
Hence,
JNZ Jump if Not Set ZF=0
Not Set means flag Z = 0. So Jump (Jump if Not Set)
Set means flag Z = 1. So, do NOT Jump
I will make a little bit wider answer here.
There are generally speaking two types of conditional jumps in x86:
Arithmetic jumps - like JZ (jump if zero), JC (jump if carry), JNC (jump if not carry), etc.
Comparison jumps - JE (jump if equal), JB (jump if below), JAE (jump if above or equal), etc.
So, use the first type only after arithmetic or logical instructions:
sub eax, ebx
jnz .result_is_not_zero
and ecx, edx
jz .the_bit_is_not_set
Use the second group only after CMP instructions:
cmp eax, ebx
jne .eax_is_not_equal_to_ebx
cmp ecx, edx
ja .ecx_is_above_than_edx
This way, the program becomes more readable and you will never be confused.
Note, that sometimes these instructions are actually synonyms. JZ == JE; JC == JB; JNC == JAE and so on. The full table is following. As you can see, there are only 16 conditional jump instructions, but 30 mnemonics - they are provided to allow creation of more readable source code:
Mnemonic Condition tested Description
jo OF = 1 overflow
jno OF = 0 not overflow
jc, jb, jnae CF = 1 carry / below / not above nor equal
jnc, jae, jnb CF = 0 not carry / above or equal / not below
je, jz ZF = 1 equal / zero
jne, jnz ZF = 0 not equal / not zero
jbe, jna CF or ZF = 1 below or equal / not above
ja, jnbe CF and ZF = 0 above / not below or equal
js SF = 1 sign
jns SF = 0 not sign
jp, jpe PF = 1 parity / parity even
jnp, jpo PF = 0 not parity / parity odd
jl, jnge SF xor OF = 1 less / not greater nor equal
jge, jnl SF xor OF = 0 greater or equal / not less
jle, jng (SF xor OF) or ZF = 1 less or equal / not greater
jg, jnle (SF xor OF) or ZF = 0 greater / not less nor equal
Source: Stackoverflow.com