Common Logic Structures

When analyzing code, it’s important to recognize basic flow control structures.

Basic structures:

Conditional Branches (if else)

Basic control-flow instructions: move execution to a defined address if a condition is true.

Assembly code is structured as a graph with tests and execution statements (the body of the condition).

x86 and most architectures have inherent support for many types of comparisons.

Signed comparison: l < , le <=, g >, ge >=
Unsigned comparison: b <, be <=, a >=, ae >=
- Below and Above.
Equality e
Every condition can be negated with n
z, s, c, o, and p for ZF, SF, CF OF, and PF
- ZF: Zero Flag, 1 if the last operation was 0.
- CF: Carry Flag. The last operation required an additional bit (e.g. 255 + 1, which has 9 bits).
- OF: Overflow Flag. The last operation had an arithmetic overflow (127 + 127 in a signed variable results in overflow).
- PF: Parity Flag. 1 if the last operation resulted in a value with an even number of 1.
- SF: Sign Flag. 1 if the last operation resulted in a signed value (MSB bit = 1)
s means negative, ns non-negative.
- Signal or not signal.
p and np are also pe “parity even” and po “parity odd”.
and, or, and xor clear OF and CF, and set ZF, SF, and PF based on the result.
test is like and but only sets the flags discarding the result.
Checking nz after test is like if (x & mask) in C
test a register against itself is the fastest way to check for zero or negative.