TEST
By Vesper Vei
2 minutes read
Table of Contents
TEST (test)
Basic function
The TEST instruction performs a bitwise AND on two operands, but does not store the result; it only updates the flags.
It is commonly used for conditional checks, such as testing whether a register is 0 or whether a certain bit is set.
Logical behavior:
temp = op1 & op2 ; 结果丢弃更新 EFLAGS ; 根据 temp 更新标志位Instruction execution process
- Perform bitwise AND
- Do not write back the result (discard it)
- Update ZF, SF, PF, CF, OF, AF, where:
- CF = 0
- OF = 0
- ZF depends on whether the result is 0
- SF is determined by the highest bit of the result
- PF is updated according to even parity
Instruction format
test r/m32, r32test r/m64, r64test r/m32, imm32test r/m8, imm8Behavioral characteristics
- It is the “no-result version” of logical AND
- Commonly used to test whether a certain bit is 1
- Does not modify operands (non-destructive)
- Especially suitable for branch checks and state analysis
Difference from AND:
and op1, op2writes the result back to op1test op1, op2does not modify any operand at all; it only affects the flags
Equivalent behavior example (logically equivalent):
and temp, op1, op2 ; 假设 temp 是一个不存在的寄存器根据 temp 更新 EFLAGS; temp 被丢弃Common uses
- Test whether a register is 0:
test eax, eax ; 等价于检查 eax 是否为 0 jz is_zero- Check whether a certain bit is set:
test rax, 0x100jnz bit_set
- Test whether a pointer is null or whether a flag bit is valid
- Protocol parsing (bitwise decomposition of flag fields)
- In reverse engineering analysis, it often appears in permission checks or state branches
- In PWN debugging, it is often used to understand whether validation logic has been bypassed
Small example: test whether eax is even
test eax, 1jz evenPrinciple: lowest bit is 0 → even number.