Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to Access/Modify the Upper-Half of x86/x64 Registers

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
h3x1c
Master Cheater
Reputation: 17

Joined: 27 Apr 2013
Posts: 301

PostPosted: Wed Aug 17, 2016 2:40 pm    Post subject: How to Access/Modify the Upper-Half of x86/x64 Registers Reply with quote

For beginners and intermediates who are wondering how to access and modify the upper-half of x86 and x64 registers, here's a blog post I wrote discussing the topic at great length. It includes a primer for those who need it in regards to preparation for working with bitwise instructions (you've probably seen a few like AND, OR, and XOR).

For those who feel comfortable with Assembly and have the requisite knowledge to futz with bitwise instructions, here are some commented examples from the article. These should suffice in conveying their point.

Example 1: Using the stack to keep the lower 16 bits of a register while writing a value you want to the upper 16 bits.

Code:
Before: EBX = D34DC0DE

PUSH BX          //Push C0DE, the lower 16 bits of EBX, onto the stack
MOV EBX,B17E0000 //Write an immediate 32-bit value of B17E0000 to EBX
POP BX           //Pop C0DE off the stack into the lower 16 bits of EBX

After: EBX = B17EC0DE


Since you can't do that same thing with 64-bit registers (modifying the lower 32 bits will zero-out the upper 32 bits in many cases), the following examples demonstrate a couple of different scenarios using uncommon bitwise instructions.

Example 2: Combine EAX (the lower half of RAX) with the upper 32-bits of RBX. Store the result in RAX.

Code:
Before:
RAX = 22222222FFFFFFFF
RBX = D34DC0DEF00DBEEF

ROR RAX,20       //Rotate RAX 32 bits to the right (20 hex is 32 dec)
                 //RAX = FFFFFFFF22222222
SHR RBX,20       //Shift RBX 32 bits to the right, clearing upper RBX
                 //RBX = 00000000D34DC0DE
SHRD RAX,RBX,20  //Imagine bits being placed like RBX:RAX, like this:
                 //00000000D34DC0DEFFFFFFFF22222222
                 //Now the instruction executes, which shifts bits 32
                 //places to the right; however, RBX bits are copied,
                 //not permanently shifted.

After:
RAX = D34DC0DEFFFFFFFF
RBX = 00000000D34DC0DE


Example 3: Replace nibbles 14 and 15 in RBX with nibbles 8 and 9 from RAX. Store the result in RBX.

Code:
Before:
RAX = 22222221EFFFFFFF
RBX = D34DC0DEF00DBEEF

SHR RAX,1C //Shift 28 bits right
ROL RBX,C  //Rotate 12 bits left
MOV BL,AL  //Copy AL to BL
ROR RBX,C  //Rotate 12 bits right

After:
RAX = 000000022222221E
RBX = D1EDC0DEF00DBEEF


There are many other solutions to net the same results--some undoubtedly more optimal than others--but the point here isn't to be exhaustive, rather informative! Go take a look at the article if you need more clarity or a primer on bits/bytes/nibbles/hex/dec/bin. It's all there. Very Happy

_________________
Back to top
View user's profile Send private message Visit poster's website
predprey
Master Cheater
Reputation: 15

Joined: 08 Oct 2015
Posts: 365

PostPosted: Sat Sep 17, 2016 1:10 pm    Post subject: Reply with quote

really nice blog there. Very Happy i really should get down to learning html5.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 29

Joined: 09 Nov 2005
Posts: 2340

PostPosted: Sat Sep 17, 2016 2:32 pm    Post subject: Reply with quote

You keep changing your sites, i don't know what's up with that.

But nice site design(kinda, i see empty pages) and tutorial Smile

_________________
Cheat Requests/Tables- Fearless Cheat Engine
http://fearlessrevolution.com
Back to top
View user's profile Send private message
h3x1c
Master Cheater
Reputation: 17

Joined: 27 Apr 2013
Posts: 301

PostPosted: Mon Sep 19, 2016 12:19 pm    Post subject: Reply with quote

Thanks, predprey! To be honest, it's just a WordPress theme that I'm building on. There are a lot of things I've been changing from the original, and that's broken some of the functionality like responsiveness. It's a work in progress. =)

STN: Yeah, I have a ton of sites out there; however, this one is going to end up being my professional portfolio. I'm planning to use the blog as a component to get my name out there in various communities. Still building out the site, though, thus the incomplete feel around there. Shouldn't be like that for too much longer, though. Very Happy

_________________
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites