View previous topic :: View next topic |
Author |
Message |
Ahm321 Newbie cheater Reputation: 0
Joined: 03 Oct 2017 Posts: 11
|
Posted: Thu Oct 05, 2017 10:39 am Post subject: Assembly Question |
|
|
Hello friends,
I am confused what is happening here :-
Check p1.PNG in attachements
First al is moving to [ebp-0c] which means the value in [ebp-0c] will become "B4"
Check p2.PNG in attachements
But when [ebp-0c] is moved to eax , the value of eax became 5FB4
Don't confuse your self with the XOR... it is for decryption here...
Thanks in advance
Description: |
|
Filesize: |
35.88 KB |
Viewed: |
3516 Time(s) |
|
Description: |
|
Filesize: |
28.62 KB |
Viewed: |
3516 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Thu Oct 05, 2017 12:38 pm Post subject: |
|
|
"mov eax,[ebp-0C]" reads 4 bytes while "mov [ebp-0C],al" writes only 1 byte. The other 3 bytes aren't modified (i.e. it isn't zero extended).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Ahm321 Newbie cheater Reputation: 0
Joined: 03 Oct 2017 Posts: 11
|
Posted: Thu Oct 05, 2017 3:13 pm Post subject: |
|
|
Thanks for reply ParkourPenguin but still I am confuse...
Did you know that first you have to look on p1.PNG and then p2.PNG..?
or did you mean [ebp-0c] already have 5FB and only the last byte is modified...?
Thanks in advance and sorry for weak English... :
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Thu Oct 05, 2017 4:58 pm Post subject: |
|
|
Ahm321 wrote: | or did you mean [ebp-0c] already have 5FB and only the last byte is modified...? |
Yes, that is correct. "mov [ebp-0C],al" only modifies one byte.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Ahm321 Newbie cheater Reputation: 0
Joined: 03 Oct 2017 Posts: 11
|
Posted: Sat Oct 07, 2017 12:20 am Post subject: |
|
|
Thank you so much for helping me with this...
But it will be great if I can have a tutorial related to this (modifying 16-bit register) something like that...just to understand these 16-bit registers better...
Thanks in advance and sorry for late reply...
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sat Oct 07, 2017 4:33 am Post subject: |
|
|
Ahm321 wrote: | Thank you so much for helping me with this...
But it will be great if I can have a tutorial related to this (modifying 16-bit register) something like that...just to understand these 16-bit registers better...
Thanks in advance and sorry for late reply... |
modifying any length register is the same, here take a look:
mov [rdx],rax 0000000000000000 64bit register
mov [edx],eax 00000000 32bit register
mov [dx],ax 0000 16bit register
but thats not all, you still have the {most significant bit} (MSB) and {least significant bit} (LSB) thats in general but it include 16bit registers SPECIALLY.
lets take "bx" register, its 16 bit:
0000
{most significant bit} (MSB) is "BH" register {least significant bit} (LSB) is "BL" register
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Ahm321 Newbie cheater Reputation: 0
Joined: 03 Oct 2017 Posts: 11
|
Posted: Sat Oct 07, 2017 6:25 am Post subject: |
|
|
Thanks OldCheatEngineUser for your reply...
I knew this concept but forgot at the time of writing the above post.. lol I was a little sleepy :p ...
BTW thanks you for reminding me...
But it will be great if I can have a tutorial related to this (modifying al or ah) something like that...
Thanks In Advance
|
|
Back to top |
|
|
|