|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
h3x1c Master Cheater Reputation: 17
Joined: 27 Apr 2013 Posts: 306
|
Posted: Wed Aug 17, 2016 2:40 pm Post subject: How to Access/Modify the Upper-Half of x86/x64 Registers |
|
|
For beginners and intermediates who are wondering how to access and modify the upper-half of x86 and x64 registers, here's a blog post I wrote discussing the topic at great length. It includes a primer for those who need it in regards to preparation for working with bitwise instructions (you've probably seen a few like AND, OR, and XOR).
For those who feel comfortable with Assembly and have the requisite knowledge to futz with bitwise instructions, here are some commented examples from the article. These should suffice in conveying their point.
Example 1: Using the stack to keep the lower 16 bits of a register while writing a value you want to the upper 16 bits.
Code: | Before: EBX = D34DC0DE
PUSH BX //Push C0DE, the lower 16 bits of EBX, onto the stack
MOV EBX,B17E0000 //Write an immediate 32-bit value of B17E0000 to EBX
POP BX //Pop C0DE off the stack into the lower 16 bits of EBX
After: EBX = B17EC0DE |
Since you can't do that same thing with 64-bit registers (modifying the lower 32 bits will zero-out the upper 32 bits in many cases), the following examples demonstrate a couple of different scenarios using uncommon bitwise instructions.
Example 2: Combine EAX (the lower half of RAX) with the upper 32-bits of RBX. Store the result in RAX.
Code: | Before:
RAX = 22222222FFFFFFFF
RBX = D34DC0DEF00DBEEF
ROR RAX,20 //Rotate RAX 32 bits to the right (20 hex is 32 dec)
//RAX = FFFFFFFF22222222
SHR RBX,20 //Shift RBX 32 bits to the right, clearing upper RBX
//RBX = 00000000D34DC0DE
SHRD RAX,RBX,20 //Imagine bits being placed like RBX:RAX, like this:
//00000000D34DC0DEFFFFFFFF22222222
//Now the instruction executes, which shifts bits 32
//places to the right; however, RBX bits are copied,
//not permanently shifted.
After:
RAX = D34DC0DEFFFFFFFF
RBX = 00000000D34DC0DE |
Example 3: Replace nibbles 14 and 15 in RBX with nibbles 8 and 9 from RAX. Store the result in RBX.
Code: | Before:
RAX = 22222221EFFFFFFF
RBX = D34DC0DEF00DBEEF
SHR RAX,1C //Shift 28 bits right
ROL RBX,C //Rotate 12 bits left
MOV BL,AL //Copy AL to BL
ROR RBX,C //Rotate 12 bits right
After:
RAX = 000000022222221E
RBX = D1EDC0DEF00DBEEF |
There are many other solutions to net the same results--some undoubtedly more optimal than others--but the point here isn't to be exhaustive, rather informative! Go take a look at the article if you need more clarity or a primer on bits/bytes/nibbles/hex/dec/bin. It's all there.
_________________
|
|
Back to top |
|
|
predprey Master Cheater Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Sat Sep 17, 2016 1:10 pm Post subject: |
|
|
really nice blog there. i really should get down to learning html5.
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat Sep 17, 2016 2:32 pm Post subject: |
|
|
You keep changing your sites, i don't know what's up with that.
But nice site design(kinda, i see empty pages) and tutorial
_________________
|
|
Back to top |
|
|
h3x1c Master Cheater Reputation: 17
Joined: 27 Apr 2013 Posts: 306
|
Posted: Mon Sep 19, 2016 12:19 pm Post subject: |
|
|
Thanks, predprey! To be honest, it's just a WordPress theme that I'm building on. There are a lot of things I've been changing from the original, and that's broken some of the functionality like responsiveness. It's a work in progress. =)
STN: Yeah, I have a ton of sites out there; however, this one is going to end up being my professional portfolio. I'm planning to use the blog as a component to get my name out there in various communities. Still building out the site, though, thus the incomplete feel around there. Shouldn't be like that for too much longer, though.
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|