Conditional Jumps (Jcc)

The Jcc (Jump if Condition) family reads one or more EFLAGS bits and jumps if the condition is satisfied. They are the direct machine-code representation of if, while, for, and similar constructs.

Common mnemonics

Mnemonic	Alias	Condition	Flags tested
`je`	`jz`	Equal / Zero	ZF=1
`jne`	`jnz`	Not equal / Not zero	ZF=0
`jg`	`jnle`	Greater (signed)	ZF=0 and SF=OF
`jge`	`jnl`	Greater or equal (signed)	SF=OF
`jl`	`jnge`	Less (signed)	SF≠OF
`jle`	`jng`	Less or equal (signed)	ZF=1 or SF≠OF
`ja`	`jnbe`	Above (unsigned)	CF=0 and ZF=0
`jb`	`jc`, `jnae`	Below (unsigned)	CF=1
`jae`	`jnb`, `jnc`	Above or equal (unsigned)	CF=0
`jbe`	`jna`	Below or equal (unsigned)	CF=1 or ZF=1
`js`	—	Sign (negative)	SF=1
`jo`	—	Overflow	OF=1
`jp`	`jpe`	Parity even	PF=1

Usage pattern

asm

cmp rax, rbx      ; sets ZF/CF/SF/OF based on rax - rbx
je  equal_label   ; jump if rax == rbx
jg  greater_label ; jump if rax > rbx (signed)
ja  above_label   ; jump if rax > rbx (unsigned)

Signed vs unsigned: the key distinction

jg/jl use SF and OF (signed comparison); ja/jb use CF (unsigned). When reversing pointer arithmetic or security checks, picking the wrong interpretation leads to incorrect decompiler output.

Reverse-engineering notes

Decompilers map je/jne → ==/!=, jl/jg → </> for signed integers, and jb/ja → </> for unsigned (or pointer comparisons).
A test rax, rax; je null_check pattern means "if rax == 0" — the test just sets ZF without a cmp.
Reversed conditions (negated jumps) are common in optimised code to avoid an extra jmp; jne loop_top at the bottom of a loop is equivalent to a do { } while (x != 0) in C.
Obfuscated binaries occasionally use opaque predicates — a Jcc whose condition is always true/false — to confuse disassemblers.

Common mnemonics

Usage pattern

Signed vs unsigned: the key distinction

Reverse-engineering notes

Try it — Virtual CPU