Olly and test

jj2007 · May 07, 2009, 02:14:47 PM

include \masm32\include\masm32rt.inc

.code

start:
  test ecx, eax   ; ecx in front
  test ecx, ebx
  test ecx, edx
  test ecx, edi
  test ecx, esi
  test ecx, ebp
  nop
  test eax, ecx   ; ecx behind
  test ebx, ecx
  test edx, ecx
  test edi, ecx
  test esi, ecx
  test ebp, ecx
  nop
  print "OK"
  getkey
  exit

end start

Note the order in Olly, 23.12.2008:

Code Select

CPU Disasm
Address   Hex dump                   Command                      Comments
<ModuleEn Ú. 85C8                    test eax, ecx
00401002  ³? 85CB                    test ebx, ecx
00401004  ³? 85CA                    test edx, ecx
00401006  ³? 85CF                    test edi, ecx
00401008  ³? 85CE                    test esi, ecx
0040100A  ³? 85CD                    test ebp, ecx
0040100C  ³? 90                      nop
0040100D  ³. 85C1                    test ecx, eax
0040100F  ³? 85D9                    test ecx, ebx
00401011  ³? 85D1                    test ecx, edx
00401013  ³? 85F9                    test ecx, edi
00401015  ³? 85F1                    test ecx, esi
00401017  ³? 85E9                    test ecx, ebp
00401019  ³? 90                      nop

By design? ::)

mitchi · May 07, 2009, 02:22:17 PM

Nice discovery !!! :green
I use Olly a lot and I never noticed.

dedndave · May 07, 2009, 06:21:49 PM

ouch!
of course, it's not olly - it's masm
they must be trying to optimize somehow
maybe there's a switch or directive to turn optimization off
i think if you used registers that were different (other than ecx - ecx - ecx...)
the assembler would not be able to figure out the optimization

that really stinks - it takes some flexibility away from the programmer

another way to work around it would be to use "db" to specify the opcodes
hopefully, the assembler at least places THOSE in order - lol

if you put jz after each test ?
can't alter it then, either

Vortex · May 07, 2009, 06:28:37 PM

Hi jj2007,

Which is the version of your Ollydbg copy?

jj2007 · May 07, 2009, 06:36:49 PM

Quote from: Vortex on May 07, 2009, 06:28:37 PM
Hi jj2007,

Which is the version of your Ollydbg copy?

Olly 2.0 beta 2 of 23.12.2008

As to optimisation: The order is always reversed ... doesn't sound plausible ::)

dedndave · May 07, 2009, 06:40:50 PM

huh ? :dazzled:

that makes no sense

my code goes one direction and EIP goes the other ? - lol
now, i am REALLY new to asm

Jimg · May 07, 2009, 07:03:51 PM

I think it's olly. It's the same in version 1.1

if you look at
and ecx,eax
it encode the same as test ecx,eax with C8

dedndave · May 07, 2009, 07:35:47 PM

ahhhhhhhhhhhhhh
lol
i thought it was changing the order of instructions ::)

new forum ID for me.......... Im2stoopid

just because you can afford a Mercedes, doesn't mean you can drive it
(having a high IQ <> using it)

might be a translation table in olly
use olly to fix olly :bg

i wonder if it does the same thing for XCHG

jj2007 · May 07, 2009, 07:46:09 PM

Quote from: Jimg on May 07, 2009, 07:03:51 PM
I think it's olly. It's the same in version 1.1

if you look at
and ecx,eax
it encode the same as test ecx,eax with C8

Yeah, it's pretty obvious... :bg

test ecx, eax ; ecx in front
and ecx, eax ; ecx in front
test ecx, ebx
and ecx, ebx
test ecx, edx
and ecx, edx
nop
test eax, ecx ; ecx behind
and eax, ecx ; ecx behind
test ebx, ecx
and ebx, ecx

85C8 test eax, ecx
23C8 and ecx, eax
85CB test ebx, ecx
23CB and ecx, ebx
85CA test edx, ecx
23CA and ecx, edx
90 nop
85C1 test ecx, eax
23C1 and eax, ecx
85D9 test ecx, ebx
23D9 and ebx, ecx

Jimg · May 07, 2009, 08:12:18 PM

Looks fine in debug
1401:056C 90 NOP
1401:056D 85C8 TEST CX,AX
1401:056F 23C8 AND CX,AX
1401:0571 85CB TEST CX,BX
1401:0573 23CB AND CX,BX
1401:0575 85CA TEST CX,DX
1401:0577 23CA AND CX,DX
1401:0579 90 NOP
1401:057A 85C1 TEST AX,CX
1401:057C 23C1 AND AX,CX
1401:057E 85D9 TEST BX,CX
1401:0580 23D9 AND BX,CX
1401:0582 90 NOP

jj2007 · May 07, 2009, 08:16:29 PM

Now the really tough question: Does it matter?
As far as I can see, test eax, ebx sets the same flags as test ebx, eax

dedndave · May 07, 2009, 08:22:15 PM

no diff
xchg ?

Jimg · May 07, 2009, 09:17:22 PM

I assume you are asking for timing purposes, because it certainly doesn't matter functionally. So time it and find out :P

dedndave · May 07, 2009, 10:05:01 PM

no - i was curiouis if olly swapped registers - it would tell you if the instructions use the same table
of course, XCHG EAX,reg is special, and generates a single byte - XCHG reg,EAX is a 2 byte op-code
i was curious to see what olly did - assemblers should optimize by replacing XCHG reg,EAX with the XCHG EAX,reg form

PauloH · May 08, 2009, 01:12:50 AM

Hi,

I compiled this with goasm:

Code Select


#DEFINE WIN32_LEAN_AND_MEAN
#DEFINE LINKFILES
#include <windows.h>

.code

start:
  test ecx, eax   ; ecx in front
  test ecx, ebx
  test ecx, edx
  test ecx, edi
  test ecx, esi
  test ecx, ebp
  nop
  test eax, ecx   ; ecx behind
  test ebx, ecx
  test edx, ecx
  test edi, ecx
  test esi, ecx
  test ebp, ecx
  nop
invoke ExitProcess, 0

Then, ollydbg 2.0 and 1.10 show it:

Code Select

<ModuleEntryPoint>:                          

        TEST ECX,EAX
        TEST ECX,EBX
        TEST ECX,EDX
        TEST ECX,EDI
        TEST ECX,ESI
        TEST ECX,EBP
        NOP
        TEST EAX,ECX
        TEST EBX,ECX
        TEST EDX,ECX
        TEST EDI,ECX
        TEST ESI,ECX
        TEST EBP,ECX
        NOP
        PUSH 0
        CALL ExitProcess

Why? :bg

News:

Olly and test