IA-32 Assembly Language Reference Manual

Jump Instructions

Jump if ECX is Zero (jcxz)

jcxz    	disp8

jump to disp8 if (E)CX is 0


The jcxz instruction tests the contents of the CX or ECX register for 0. jcxz differs from other conditional jumps that it tests the flags, rather than (E)CX.

jcxz is useful at the beginning of a loop that terminates with a conditional loop instruction; such as:

loopne .-126

In this case, jcxz tests CX or ECX for 0 prior to entering the loop, thus executing 0 times:


jcxz .-126
loopne .-126

Loop Control with CX Counter (loop, loopnz, loopz)

loop    	disp8
loopnz  	disp8
loopne  	disp8
loopz   	disp8
loope   	disp8

decrement count; jump to disp8 if count not equal 0

decrement count; jump to disp8 if count not equal 0 and ZF = 0

decrement count; jump to disp8 if count not equal 0 and ZF = 1


loop decrements the count register; the flags register remains unchanged. Conditions are checked for by the particular form of loop you used. If the conditions match, a short jump is made to the address specified by the disp8 operand. The range of the disp8 operand, relative to the current instruction, is +127 decimal bytes to -128 decimal bytes.

loop instructions provide iteration control and combine loop index management with conditional branching. Prior to using the loop instruction, load the count register with an unsigned iteration count. Then, add the loop instruction at the end of a series of instructions to be iterated. The disp8 operand points to the beginning of the iterative loop.


Decrement the count register and when the count is not equal to zero, jump short to the disp8 location.

loopne .-126

Jump (jmp, ljmp)

jmp	disp{8|16|32}
jmp	*r/m{16|32}
ljmp	immPtr
ljmp	*mem48
jcc	disp{8|32}

jump short or near; displacement relative to next instruction

jump far (intersegment; 4- or 6-byte immediate address

jump if condition is met; displacement relative to next instruction


The jmp instruction transfers execution control to a different point in the instruction stream; records no return information.

Jumps with destinations of disp[8|16|32] or r/m[16|32] are near jumps and do not require changes to the segment register value.

jmp rel{16|32} adds a signed offset to the address of the instruction following the jmp instruction to determine the destination; that is, the displacement is relative to the next instruction. The displacement value is stored in the EIP register. For rel16, the upper 16 bits of EIP are cleared to zero resulting in an offset value not to exceed 16 bits.

ljmp ImmPtr or *mem48 use a four- or six-byte operand as a long pointer to the destination. In Real Address Mode or Virtual 8086 mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register. In Protected mode, both long pointer forms consult the AR (Access Rights) byte of the descriptor indexed by the selector part of the long pointer. The jmp performs one of the following control transfers depending on the value of the AR byte:


Jump to the relative effective address (addressed by the EDI register plus an offset of 4):

jmp *4(%edi)

Long jump, use 0xfebc for the CS register and 0x12345678 for the EIP register:

ljmp $0xfebc, $0x12345678

Jump if not equal:

jne .+10