1. JMP instruction: modify the value of EIP
JMP EAX=MOV EIP,EAX (although this instruction cannot be executed)
example
![[click and drag to move]](https://img-blog.csdnimg.cn/f2cb1c83165c4f11a9c404c9798f6e0a.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA55Gf55Gf5Y-RZG9155qE5bCP5oCq,size_20,color_FFFFFF,t_70,g_se,x_16)
At this point we execute JMP, EAX
2. CALL instruction
CALL EAX=PUSH 地址B && MOV EIP,EAX
example
The circled part is our breakpoint, click on the number and then press F2 to have this effect, then we execute CALL 0x4012C5 and you
can see that both ESP and EIP have changed
3. RET instruction
Essence: POP EIP
Example:
After we execute RET,
we can see that it jumps back to 0x401285 at this time, and the value of EIP becomes 0x401285, and the value of ESP is restored
Four. CMP instruction
This instruction compares two operands, which is equivalent to the SUB instruction, but the result of the subtraction is not stored in the first operand,
but the ZF flag is changed according to the result of the subtraction. When the two operands are equal, ZF The value of the flag bit is 1.
Of course, if the previous operand is smaller than the next operand, the value of the SF flag bit becomes 1
mainly to affect the value of the flag register.
Example:
Then execute CMP ESI, EDI
At this time we see the value of ESI, EDI No change, ZF became Z1
Five. TEST command
This instruction is similar to the CMP instruction to a certain extent. The "AND" operation is performed on two values, and the result is not saved, but the corresponding flag will be changed. Common usage: use
this instruction to determine whether the value of a register is 0,
and then we execute TEST ECX , ECX
can see that the ZF flag bit value is 1 at this time