some instruction

맨날 헷갈리는 test!

test
http://faydoc.tripod.com/cpu/test.htm
Computes the bit-wise logical AND of first operand (source 1 operand) and the second operand (source 2 operand) and sets the SF, ZF, and PF status flags according to the result. The result is then discarded.

test a, a 는 a가 null인지 Check 하는 명령어. test a,b 는 a&b와 같이 AND 연산을 의미한다. 그 이후에 jxx 연산을 하여 a값이 null이 아닐 경우에 looping을 돌고, null이면 해당 loop에서 빠져나간다. 

lodsb

http://faydoc.tripod.com/cpu/lodsb.htm
Loads a byte, word, or doubleword from the source operand into the AL, AX, or EAX register, respectively. The source operand is a memory location, the address of which is read from the DS:EDI or the DS:SI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively). The DS segment may be overridden with a segment override prefix.

LODSB : LODS BYTE
[LODSB] 명령은 DS:SI에 입력된 주소의 한 바이트를  AL 레지스터로 전달.
그 후 SI를 하나 증가시켜 SI로 지정된 주소의 다음 내용을 읽을 준비를 함

stosb

http://faydoc.tripod.com/cpu/stosb.htm

Stores a byte, word, or doubleword from the AL, AX, or EAX register, respectively, into the destination operand. The destination operand is a memory location, the address of which is read from either the ES:EDI or the ES:DI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively).

process environment structure
http://baeg.tistory.com/entry/Windows-Heap-Overflows-using-the-Process-Environment-Block-PEB