Understanding cmp in assembly

Question

I am looking at an assembly code that looks like the following:

cmp dword [rbp-0x4 {var_c}], 0x0
jne 0x12c0

To me, that reads:

Compare the value of something and null, and if there is no error (ie they match), jump to 0x12c0.

Is that correct? I don't understand what [rbp-0x4 {var_c}] is or why we would be comparing that to null.

I did try and follow a graph to learn what these variables were and I got the following:

• 0x4 = uint8_t file_class = 0x2
• var_c = In Set of Values {0, 1}
• rbp seems to be what is pushed in from main

Any help on understanding this would be appreciated. I am looking for clarification on what is being compared in the cmp statement.

Answer 1

Not quite, it's more:

Compare the value of something with zero and, if they are not equal, jump.

Assembly language has no concept of "null" and a cmp is generally the same as a sub (subtract) but without actually changing the value. Basically, it's:

Set the flags as if I had subtracted zero from something.

In more pseudo-code fashion, your two instructions amount to:

if var_c <> 0 then goto label_12c0

Answer 2

rbp seems to be what is pushed in from main

rbp is one CPU register that (like all CPU registers) stores a value.

I don't want to go too deep into detail here, but most compilers use the register rbp to store the information where the local variables (and sometimes function arguments) of the function are stored in the RAM memory:

The address (location in RAM memory) where a certain local variable is stored is typically calculated by subtracting some constant value from the value stored in the rbp register.

I don't understand what [rbp-0x4 {var_c}] is ...

dword [rbp-0x4] means: A 32-bit value stored at the address rbp-4 : The address which is calculated by subtracting the value 4 from the value stored in the register rbp .

The compiler has put additional information for a debugger into the binary file. This information says that the address of the local variable var_c is calculated by rbp-4 and the address of the local variable some_other_variable is calculated by rbp-10 and so on...

The disassembler has read this information and prints {var_c} after rbp-0x4 to show that the variable var_c is located at the address rbp-0x4 . So the 32-bit value " dword [rbp-0x4] " probably is the variable " var_c ".

0x4 = uint8_t file_class = 0x2

I don't know which information this is. But the value 0x4 here has nothing to do with the value 0x4 in the disassembly line ( rbp-0x4 ).

... and if there is no error (ie they match), jump to 0x12c0.

jne means: " J ump if n ot e qual".

This means that the CPU will jump if the variable var_c was not equal to 0.

Note that in compiled code representing an if() branch, the jump instruction will normally jump if the condition was false :

If the condition is false , the CPU jumps to the else part or to the first instruction after the if() part. If the condition is true , the CPU does not jump but execute the first instruction of the if() part which follows the jne (or similar) instruction.

Because your example jumps if var_c is not zero, it is probable that the source code was something like if(var_c == 0) .