Scanning Strings

The SCAS instruction
The SCAS family of instructions is used to scan strings for one or more search characters. 
As with the other string instructions, there are three versions of the SCAS instruction:
❑ SCASB: Compares a byte in memory with the AL register value
❑ SCASW: Compares a word in memory with the AX register value
❑ SCASL: Compares a doubleword in memory with the EAX register value


The SCAS instructions use an implied destination operand of the EDI register.
The EDI register must contain the memory address of the string to scan. As with the other string instructions, when the SCAS instruction is executed, the EDI register value is incremented or decremented (depending on the DF flag value) by the data size amount of the search character.

When the comparison is made, the EFLAGS adjust, carry, parity, overflow, sign, and zero flags are set accordingly. 

These two prefixes enable you to scan the entire length of a string looking for a specific search character
(or character sequence). The REPE and REPNE instructions are usually used to stop the scan when the
search character is found. Be careful, however, when using these two instructions, as their behavior
might be opposite from what you would think:
❑ REPE: Scans the string characters looking for a character that does not match the search
character

❑ REPNE: Scans the string characters looking for a character that matches the search character

For most string scans, you would use the REPNE instruction, as it will stop the scan when the search
character is found in the string. When the character is found, the EDI register contains the memory
address immediately after where the character is located. This is because the REPNE instruction increments
the EDI register after the SCAS instruction is performed. The ECX register contains the position
from the end of the string that contains the search character. Be careful with this value, as it is counted
from the end of the string. To get the position from the start of the string, subtract the string length from
this value and reverse the sign.

.section .data
string1:
.ascii “This is a test - a long text string to scan.”
length:
.int 44
string2:
.ascii “-”

.section .text
.globl _start
_start:
nop
leal string1, %edi
leal string2, %esi
movl length, %ecx
lodsb
cld
repne scasb
jne notfound
subw length, %cx
neg %cx
movl $1, %eax
movl %ecx, %ebx
int $0x80
notfound:
movl $1, %eax
movl $0, %ebx
int $0x80

The scastest1.s program loads the memory location of the string to scan into the EDI register, uses
the LODSB instruction to load the AL register with the character to search for, and places the length of the
string in the ECX register. When all of that is done, the REPNE SCASB instruction is used to scan the string
for the location of the search character. If the character is not found, the JNE instruction will branch to
the notfound label. If the character is found, its location from the end of the string is now in ECX. The
length of the string is subtracted from ECX, and the NEG instruction is used to change the sign of the
value to produce the location in the string where the search character is found. The location is loaded
into the EBX register so it becomes the result code after the program terminates: