4 - Data Transfers, Add/Subract, JMP/LOOPS

Question 1

How can instructions have zero, one, two, or three operands?

Answer 1

mnemonic
mnemonic [destination]
mnemonic [destination], [source]
mnemonic [destination], [source1], [source2]

Question 2

What are the 3 basic types of operands?

Answer 2

Immediate - uses a numeric literal expression

Register - uses a named register in the CPU

Memory - references a memory location

Question 3

What are the simple notations for the standard operand types?

Answer 3

reg8 - 8-bit general purpose register
reg16 - 16-bit general-purpose register
reg32 - 32-bit general purpose register
reg - any general-purpose register
sereg - 16-bit segment register

imm - 8-, 16-, or 32-bit immediate value
imm8 - 8-bit immediate byte value
imm16 - 16-bit immediate word value
imm32 - 32-bit immediate doubleword value

reg/mem8 - 8-bit operand, either general register or memory byte
reg/mem16 - 16-bit operand, either general register or memory word
reg/mem32 - 32-bit operand, either general register or memory doubleword
mem - an 8-, 16-, or 32-bit memory operand

Question 4

How can you use a direct memory operand to dereference a variable?

Answer 4

You can just move something from memory into a register, and read the machine code. For example, if you declared a variable var1, and it was offsetted at 10400h, you could copy it into an AL (8-bit) register

.data
var1 BYTE 10h
mov a1 var1

It would be assembled into the following machine instruction. The first byte in the machine instruction is the operation code (opcode), and the rest is the 32-bit hexadecimal address of var1.

A0 00010400

Question 5

What are the rules for MOV instruction?

Answer 5

1. Both operands MUST be the same size
2. Both operands CANNOT be memory operands
3. The instruction ponter register (IP, EIP, or RIP) cannot be a destination operand

MOV reg, reg
MOV mem, reg
MOV reg, mem
MOV mem, imm
MOV reg, imm

Question 6

How would you use MOV to move data from memory to memory?

Answer 6

Even though you can’t do it directly, you can just assign the value of the memory to a register, and then move that value to another memory operand.

.data
var1 WORD ?
var2 WORD ?
.code
mov ax, var1
mov var2, ax

Question 7

How can you copy smaller values to larger ones using MOV?

Answer 7

If it’s an unsigned integer, then you can just mov 0 to that register (ecx) and mov that integer to cx.

However, if you have a signed integer, then if you mov 0 to that register, then mov FFF0h (-16), you’ll get the wrong number (0000FFF0h). Therefore, you need to move 0FFFFFFFFh to the register, then mov FFF0h.

Question 8

What can you do with the MOVZX instruction?

Answer 8

You can “move with zero-extend” any smaller unsigned integer to a larger memory. For example, if you moved 10001111b into AX.

mov bx, 0A698h
movzx eax, bx ; EAX = 0000A69Bh
movzx edx, b1 ; EDX = 0000009Bh
movzx cx, b1 ; CX = 009Bh

Question 9

What can you do with the MOVSX instruction?

Answer 9

You can “move with sign-extend”, which will extend the value to 16 or 32 bits. It is ONLY used with signed integers.

mov bx, 0A69Bh
movsx eax, bx ; EAX = FFFFA69Bh
movsx edx, b1 ; EDX = FFFFFF9Bh
movsx cx, b1 ; CX = FF9Bh

Question 10

What does the LAHF instruction do?

Answer 10

It “loads status flags into AH” by copying the low byte of the EFLAGS register into AH. The following flags are copied: Sign, Zero, Auxiliary Carry, Parity, and Carry. Using this, you can save a copy of the flags in a variable for safekeeping.

.data
saveflags BYTE ?
.code
lahf ;load flags into AH
mov saveflags, ah ; save them into a variable

Question 11

What does the SAHF instruction do?

Answer 11

It “stores AH into status flags” by copying AH into the low byte of EFLAGS. You can use this to retrieve the value of flags saved in variables.

mov ah, saveflags ; load saved flags into ah
sahf ; copy into flags register

Question 12

What does the XCHG instruction do? How can you exchange two memory operands with it?

Answer 12

It “exchanges data”, namely, the contents of two operands, the same as in MOV (no memory-to-memory) except that XCHG also does NOT accept ANY immediate operands.

XCHG reg, reg
XCHG reg, mem
XCHG mem, reg

If you want to exchange two memory operands, use a register as a temporary container and combine with MOV

mov ax, val1
xchg ax, val2
mov val1, ax

Question 13

What are direct-offset operands and how do you use them with bytes?

Answer 13

You can add a displacement to the name of a variable to access memory locations that may not have explicit labels. For example, if we have an array of bytes called arrayB, then we can access each element with their “effective address”. However, there is NO built-in range checking!

arrayB BYTE 10h, 20h, 30h, 40h, 50h

mov al, arrayB ; AL = 10h
mov a1 [arrayB +1] ; AL = 20h
mov a1 [arrayB+2] ; AL = 30h

Question 14

How do you use direct-offset operands with words and doublewords?

Answer 14

For words, you add 2 bytes to get the next element, and for doublewords, you add 4 bytes to get to the next element.

.data
arrayW WORD 100h, 200h, 300h
.code
mov ax, arrayW ; AX = 100h
mov ax, [arrayW + 2] ; AX = 200h

.data
arrayD DWORD 10000h, 20000h
.code
mov eax, arrayD ; EAX = 10000h
mov eax, [arrayD+4] ; EAX = 20000h

Question 15

What do the INC and DEC instructions do?

Answer 15

The INC (increment) and DEC (decrement) instructions add 1 and subtract 1 from a register or memory operand.

.data
myWord WORD 1000h
.code
inc myWord ; myWord = 1001h
mov bx, myWord
dec bx ; BX = 1000h

Although the Overflow, Sign, Zero, Auxiliary Carry, and Parity flags are changed, the INC and DEC instructions do NOT affect the Carry flag!!

Question 16

What does the ADD instruction do?

Answer 16

ADD dest, source

For example,
.data
var1 DWORD 10000h
var2 DWORD 20000h
.code
mov eax, var1 ; EAX = 10000h
add eax, var2 ; EAX = 30000h

The Carry, Zero, Sign, Overflow, Auxiliary Carry, and Parity flags all change according to the destination value.

Question 17

What does the SUB instruction do?

Answer 17

SUB dest, source

For example,
.data
var1 DWORD 30000h
var2 DWORD 10000h
.code
mov eax, var1 ; EAX = 30000h
sub eax, var2; EAX = 20000h

The Carry, Zero, Sign, Overflow, Auxiliary Carry, and Parity flags all change according to the destination value.

Question 18

What does the NEG instruction do?

Answer 18

The NEG (negate) instruction reverses the sign of a register or memory operand by converting the number to its two’s complement.

NEG reg
NEG mem

The Carry, Zero, Sign, Overflow, Auxiliary Carry, and Parity flags all change according to the destination value.

Question 19

How would you write what in C++ looks like this:

Rval = -Xval + (Yval - Zval);

If the following 32-bit variables are used:

Rval SDWORD ?
Xval SDWORD 26
Yval SDWORD 30
Zval SDWORD 40

Answer 19

First, negate a copy of Xval and store it in a register:
mov eax, Xval
neg eax ; EAX = -26

Second, copy Yval to a register and subtract Zval:
mov ebx, Yval
sub ebx, Zval

Third, add EBX to EAX and move that to Rval:
add eax, ebx
mov Rval, eax

Question 20

How are the Carry, Overflow, and Zero status flags affected by addition and subtraction?

Answer 20

1. The Carry flag indicates unsigned integer overflow. (e.g. if instruction has 8-bit destination operand but instruction generates something larger than 11111111, then Carry flag is set)
2. Overflow flag indicates signed integer overflow. (e.g. if instruction has 16-bit destination operand but it generates negatives smaller than -32768 decimal, then Overflow flag is set)
3. Zero flag indicates that an operation produced zero. For example, if an operand is subtracted from another of equal value, the Zero flag is set.

Question 21

How are the Sign flag, Parity flag, and Auxiliary Carry flag affected by addition and subtraction?

Answer 21

1. The Sign flag indicates an an operation produced a negative result (if the MSB is set).
2. The Parity flag indicates whether or not an even number of 1 bits occurs in the least significant byte of the destination operand.
3. The Auxiliary Carry flat is set when a 1-bit carries out of position 3 in the LSB of the destination operand.

Question 22

How can there be a carry flag with subtraction?

Answer 22

A subtract operation sets the Carry flag when a larger unsigned integer is subtracted from a smaller one. For example, if we subtract 2 from 1, using 8-bit operands:

mov al, 1
sub al, 2 ; AL = FFh, CF = 1

Because it is negative, we have “carried” a 1 for the sign.

Question 23

Can there be a carry flag with INC, DEC, or NEG?

Answer 23

The INC and DEC instructions do NOT affect the Carry flag.

However, applying the NEG instruction to a nonzero operand ALWAYS sets the Carry flag.

Question 24

What is an example of an operation that sets off the auxiliary carry flag?

Answer 24

If you add 1 to 0Fh, then the sum 10h contains a 1 in bit position 4 that was carried out of bit position 3.

mov al, 0Fh
add al, 1 ; AC = 1

0 0 0 0 1 1 1 1
0 0 0 0 0001
——————-
0 0 0 1 0000

Question 25

What is an example of an operation that sets of the Parity flag?

Answer 25

Since the Parity flag is set when the LSB has an even number of bits, you just need to figure out how to get an even number.

mov al, 10001100b
mov al, 00000010b ; AL = 10001110, PF = 1
mov al, 10000000b ; AL = 00001110, PF = 0

Question 26

What does the Sign flag do mechanically?

Answer 26

Since the Sign flag is set when the result of a signed arithmetic operation is negative, it is just a copy of the destination operand’s highest bit.

mov bl, 1 ; BL = 01h
mov bl, 2 ; BL = FFh (-1), SF = 1

Question 27

When can you know whether signed overflow has occurred, practically and mechanically?

Answer 27

Practically, it occurs in addition when:
1. Adding two positives makes a negative sum
2. Adding two negatives makes a positive sum
BUT it NEVER occurs when adding two different signs

Mechanically, the value that carries out of the highest bit position is XORed with the carry into the high bit of the result. For example, this produces CF =1 because 1 (carryOut) XOR 0 (carryIn) = 1.

1 0000000
+ 1 1 1 1 1 1 1 0
—————–
1 0 1 1 1 1 1 1 0

Question 28

When does the NEG instruction produce an invalid result?

Answer 28

If the destination operand CANNOT be stored correctly. For example, if we move -128 to AL and try to negate it, the correct value (+128) will not fit into AL.
mov al, -128 ; AL = 10000000b
neg al ; AL = 10000000b, OF = 1

On the other hand, if +127 is negated, the result is valid and the Overflow flag is clear.
mov al, +127 ; AL = 01111111b
neg al ; AL = 10000001b, OF = 0

Question 29

Write an instruction that increments val2.

val2 WORD 8000h

Answer 29

INC val2;

Question 30

Write an instruction that subtracts val3 from EAX.

val3 DWORD 0FFFFh

Answer 30

SUB eax, val3;

Question 31

Write instructions that subtract val4 from val2.

val2 WORD 8000h
val4 WORD 7FFFh

Answer 31

MOV ax, val4

SUB val2, ax

Question 32

If val2 is incremented by 1 using the ADD instruction, what will be the values of the Carry and Sign flags?

val2 WORD 8000h

Answer 32

CF = 0 because there isn’t anything to carry here! It’ll just incremented to 8001h.

SF = 1 because the highest bit will be 1 (because 8 in binary is 1000.

Question 33

If val4 is incremented by 1 using the ADD instruction, what will be the values of the Overflow and Sign flags?

val4 WORD 7FFFh

Answer 33

OF = 1 because the highest byte was 01111111, which means that it was the highest signed integer, and now it has to overflow into the MSB for the sign.

SF = 1 because now it has a “sign” when it didn’t have one before.

Question 34

What are the values of the Carry, Sign, Zero, and Overflow flags after each instruction?

mov ax, 7FF0h
add al, 10h
add ah, 1
add ax, 2

Answer 34

add al, 10h
CF = 1 because F0 plus 10 has to equal 100h (not possible in 8-bit register).
ZF = 1 because now the bottom half is 0.

add ah, 1
SF = 1 because the top was 7F, or 01111111. When you add 1, it becomes 10000000, which has a “sign”.

add ax, 2
SF =1 because even though it’s now 8000h in ax overall, the MSB is still 1, making this technically negative.

Question 35

What is a transfer of control or branch?

Answer 35

A way of altering the order in which statements are executed (JMP and LOOP).

Question 36

What are the two basic types of transfers?

Answer 36

1. Unconditional transfer (e.g. JMP) - control is transferred to a new location in all cases; a new address is loaded into the instruction pointer, causing execution to continue at the new address.
2. Conditional transfer - the program branches if a certain condition is true. The CPU interprets true/false conditions based on the contents of the ECX and flags registers.

Question 37

How do you implement JMP?

Answer 37

JMP destination

When the CPU executes an unconditional transfer, the offset of destination is moved into the instruction pointer, causing execution to continue at the new location.

Question 38

How can you create an endless loop using JMP?

Answer 38

Just label some code the “top” and then say “jmp top”

top:
.
.
jmp top

Question 39

How can you use the LOOP instruction?

Answer 39

LOOP destination

It automatically uses ECX as a counter and is decremented each time the loop repeats. The loop destination must be within -128 to +127 bytes of the current location counter.

After it subtracts 1 from ECX, if ECX is not zero, it jumps to the destination. If it is zero, then control passes to the next instruction.

Question 40

How can you count ax from 0 to 5 using LOOP instruction?

Answer 40

Move 0 to ax, 5 to ecx, and then create a loop, inside of which you increment ax.

mov ax, 0
mov ecx, 5

L1:
inc ax
loop L1

BUT WATCH OUT! If you initialize ECX to 0, then you’ll have to repeat this loop 4,294,967,296 times until it decrements around to 0 again!

Question 41

Why should you generally not modify ECX inside a loop?

Answer 41

You can end up with an endless loop. For example, this will increment ecx inside and decrement when it loops:

top:
.
.
inc ecx
loop top

Question 42

What should you do if you need to modify ECX inside a loop?

Answer 42

You can save it in a variable (e.g. COUNT) at the beginning of the loop and restore it just before the LOOP instruction.

.code
mov ecx, 100

top:
mov count, ecx
.
mov ecx, 20
.
mov ecx, count
loop top

Question 43

How can you write a nested loop?

Answer 43

Save the original count in another variable, move the inner count into the variable, then after the inner loop, move the original count back into ecx.

mov ecx, 100
L1:
mov count, ecx
mov ecx, 20
L2:
.
.
loop L2
mov ecx, count
loop L1

Question 44

How would you sum an integer array?

Answer 44

You need to assign the array’s address to an indexed register, initialize the loop counter to the length of the array, and assign zero to the register that accumulates the sum. Then, you need to create a label to make the loop, add a single element within the loop, and point to the next array element before repeating the loop.

intarray DWORD 10000h, 20000h, 30000h, 40000h

.code
main PROC

mov edi, OFFSET intarray ; EDI = address of intarray
mov ecx, LENGTHOF intarray
mov eax, 0

L1:
add eax,[edi]
add edi, TYPE intarray
loop L1

Question 45

How would you copy a string?

Answer 45

source BYTE “This is the source string”,0
target BYTE SIZEOF source DUP(0)

.code
main PROC
mov esi, 0
mov ecx, SIZEOF source

L1:
mov al, source[esi]
mov target[esi], al
inc esi
loop L1

Question 46

What are the two steps involved in executing a conditional statement?

Answer 46

1. An operation such as CMP, AND, or SUB modifies the CPU status flags.
2. A conditional jump instruction tests the flags and causes a branch to a new address.

Question 47

How can you use the JZ instruction to do a conditional comparison?

Answer 47

CMP compares eax to 0, which sets the zero flag. Since JZ jumps to zero if zero flag was set, this jumps to L1.

cmp eax,0
jz L1
…
L1:

Question 48

What are the J(cond) instructions and how do you use those?

Answer 48

J(cond) destination

There are four types:

1. based on specific flag values
2. based on equality between operands or (E)CX
3. based on comparisons of unsigned operands
4. based on comparisons of signed operands

e.g. je (jump if equal) is triggered when zero flag is set by CMP.

cmp eax, 5
je L1 ; jump if equal

Question 49

What are the jumps based on specific flag values?

Answer 49

JZ - jump if zero (ZF = 1)
JNZ - jump if not zero (ZF=0)
JC - jump if carry (CF = 1)
JNC - jump if not carry (CF = 0)
JO - jump if overflow (OF = 1)
JNO - jump if not overflow (OF = 0)
JS - jump if signed (SF =1)
JNS - jump if not signed (SF = 0)
JP - jump if parity (PF = 1)
JNP - jump if not parity (PF = 0)

Question 50

How do jumps based on equality work?

Answer 50

First they use CMP leftOP, rightOP

Next, there are a number of jump instructions:
JE = jump if equal (same as JZ, jump if zero)
JNE = jump if not equal (same as JNZ, jump if not zero)
JCXZ = jump if CX = 0
JECXZ = jump if ECX = 0

Question 51

Is the jump taken, and why?

mov edx, 0A523h
cmp edx, 0A523h
jne L5
je L1

Answer 51

The jump to L5 is NOT taken because they are equal, and jne jumps only if not equal.

The jump to L1 is taken because they are equal.

Question 52

Is the jump taken, and why?

mov cx, 0FFFFh
inc cx
jcxz L2

Answer 52

Yes, the jump to L2 is taken because the increment makes cx overflow (if it could carry) to 0000h, which is equal to zero.

Question 53

What are some jumps based on unsigned comparisons?

Answer 53

JA - jump if above (if leftOp > rightOp)
JNBE - jump if not below or equal (same as JA)
JAE - jump if above or equal
JNB - jump if not below (i.e. JAE)
JB - jump if below
JNAE - jump if not above or equal (i.e. JB)
JBE - jump if below or equal 
JNA - jump if not above (i.e. JBE)

Question 54

What are some jumps based on signed comparisons?

Answer 54

JG - jump if greater
JNLE - jump if not less than or equal
JGE - jump if greater than or equal
JNL - jump if not less (i.e. JGE)
JL - jump if less
JNGE - jump if not greater than or equal (i.e. JL)
JLE - jump if less than or equal
JNG - jmp if not greater (i.e. JLE)

Question 55

Is the jump taken, and why?

mov al, +127
cmp al, -128
ja IsAbove
jg IsGreater

Answer 55

The jump to IsAbove is not taken because 7Fh is less than 80h.

However, the jump to IsGreater is taken because +127 is higher than -128.

Question 56

Is the jump taken, and why?

mov edx, -1
cmp edx, 0
jnl L5
jnle L5
jl L1

Answer 56

The first jump to L5 is not taken because -1 is less than 0.

The second jump to L5 is not taken because -1 is less than and not equal to 0.

The third jump is taken because -1 is less than 0.

Question 57

Is the jump taken, and why?

mov bx, +32
cmp bx, -35
jng L5
jnge L5
jge L1

Answer 57

The two jumps to L5 is not taken because 32 is greater than 35.

The last jump is taken because it is, indeed, greater.

Question 58

What is the “test” instruction for and how do you use it?

Answer 58

You can test status bits. For example, if you want to jump if ANY of bit 0, 1, or 4 are set by status (of external device)

mov al, status
test al, 00010011bjnz InputDataByte

The following will also test whether or not ALL of the bits are set by status, using the AND instruction

mov al, status
and al, 10001100b
cmp al, 10001100b
je ResetMachine

Question 59

How can you find the larger of two integers?

Answer 59

You can simply use the cmp instruction and jae instruction (if destination is above or equal to the source).

mov edx, eax ;assume EAX is larger
cmp eax, ebx ; if EAX is above or equal to EBX
jae L1 ; jmp to L1
mov edx, ebx ; else move EBX to EDX
L1:    ;EDX now has the larger integer

Question 60

How can you find the smallest of three unsigned integers?

Answer 60

Use the cmp instruction between the first two, and then do another cmp and jbe for the third intger.

mov ax, V1  ;assume V1 is smallest
cmp ax, V2 ;if AX is below or equal to V2
jbe L1   ;jump to L1
mov ax, V2    ;else move V2 to AX
L1: cmp ax, V3  ;if AX is below or equal to V3
jbe L2  ;jump to L2
mov ax, V3   ;else move V3 to AX
L2:     ;AX now has the largest integer

Question 61

How can you loop until a key is pressed?

Answer 61

The ReadKey method sets the Zero flag if no key is present in the input buffer. You need a 10 ms delay, because otherwise keystrokes might be ignored.

.data
char BYTE ?
.code
L1:  mov  eax, 10     ;create 10 ms delay
call Delay
call ReadKey    ;check for key
jz L1  ;repeat if no key
mov char, AL ; save the character

Question 62

How do you do a sequential search of an array?

Answer 62

mov ebx, OFFSET intArray ;point to the Array
mov ecx, LENGTHOF intArray ;loop counter

L1: cmp WORD PTR[ebx], 0 ; compare a value to zero
jnz found  ;found a value
add ebx, 2 ;point to next
loop L1  ;continue the loop
jmp notFound ;none found

found:
movsx eax, WORD PTR[ebx] ;sign-extend into EAX
call WriteInt
jmp quit

notfound:
mov edx, OFFSET noneMsg ;display “not found” message
call WriteString

quit:
call Crlf
exit