3

I wanted to know if a jump instruction as JE must directly follow to a CMP instruction. Until now, I did always see that first a CMP comes and after that a JMP. But today I have discover the following:

... CMP DWORD PTR SS:[EBP+0xC], EAX MOV ECX, DWORD PTR SS:[EBP+0x18] PUSH ESI MOV ECX, DWORD PTR SS:[EBP+0x18] MOV DWORD PTR SS:[ECX],EAX MOV EAX, DWORD PTR SS:[EBP+0x10] MOV DWORD PTR SS:[EDI], 0x1 JE SHORT crtdll.6C250E66 ....

First of all, I am beginner. So, I try to understand the assembly language. Logically, I would say that the JE instruction is related to the CMP instruction at the beginning of that sequence.

So, my self-explanation was that we first compare, then do some MOV and PUSH operations, after that all we are jumping, is that right?

But, as I mentioned above, normally the jump comes in the next line after the comparison, could one say the reason for that late jump instruction here ? Or is it normal ?

Improve this question
1
  • Since there are plenty of good responses below I'll just add this here. If you look closely at your disassembly you'll realize that the JE could very well be considered to be executed right after the CMP (not logically), the instruction compares EAX with contents located at [EBP+0xC], the instructions that follow never modify [EBP+0xC] and no other instruction will modify the EFLAG registers. Specifically the zero flag. Anyways, just remember that conditional jumps are determined by the modification of the EFLAGS, regardless of the instruction used. Commented May 28, 2014 at 15:33

3 Answers 3

Reset to default
10

It is perfectly normal, compilers tend to emit such code for sake of optimization.

Moreover delaying the conditional jump is helpful for instruction prefetching & branch handling. The code is valid too unless the code in between modify the EFLAGS register.

Improve this answer
6

JE checks the zero flag (ZF). So as long as ZF is not modified you can jump any time you want. The same to other jump instructions

Improve this answer
4

JE (Jump on Equal) instructions use a result of a previous operation, this previous operation is usually CMP (compare) but it can be any other of a multitude of similar operations (eg ADD, XOR, etc..) As a matter of fact the operation which will provide the result and the actual jump command may not be consecutive at all, but if intermediate commands do not alter the result flags/registers the program flow will still be valid as intended.

Compilers tend to generate similar code (although there can be automatic optimizations or obfucations) other times custom hand-made code may be written this way for various reasons

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.