desertricker
Advanced Cheater
 Reputation: 0
Joined: 20 Jan 2013
Posts: 55
Location: 127.0.0.1
|
 Posted: Wed Jan 16, 2013 6:36 am Post subject: Following/tracing a register's value through a function |
 |
|
I have 3 questions about this;
1-)lets say I want to change a value,but not itself,I want to change the instructions that calculates it.An example;when I look the instruction that writes to the health I see there's a opcode like this
"mov [esi],eax"
I check the value of eax and it tells me the last value of health,but I want to find an opcode like
"sub [esi],01"
so I can change it like
"add [esi],01"
2-)It's easy to follow a code like this
"movq [ecx+02],xmm0"
If the adress of value that i want to change is [ecx+02] I should change the xmm0 register so I look what opcodes writes to xmm0,but here comes my problem if the opcode is like this;
"mov eax,[esi]"
should I look which opcodes writes to [esi](like mov [esi],eax) or should i take the address of [esi] and search about it?
3-)I sometimes see opcodes like [esi+04] and [esi+14] in same function I look their addresses it's like for the first one it says esi=0000A3B4 for the second one it says esi=0000A3A4 when we calculate them for the first one 0000A3B4+4=0000A3B8 for the second one 0000A3A4+14=0000A3B8 so they both point the same adresses but they are different in opcodes how can [esi+04] and [esi+14] in same function can point the same address?
btw some of these question may be sound stupid to you since I'm a beginner yet 
_________________
Assembly var dediler geldik  |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
