Cheat Engine

[Dr.Disrespect]

I know that "xor eax,eax" basically means "eax = 0", but what does "xor eax,ebp" mean in C++ or C?
As far as I know (I could be wrong as I always did), it is a bit-wise operation, so if eax == 00000001, ebp == 00010000, then the result of "xor eax,ebp" equals 00010001, right? But what's the use of it? Why do the program need "00010001"?
Moreover, what is the result of "xor eax,ebp" if eax == C747B90D and ebp == 0022BEFC? I need to translate hexdecimal to binary first, right?

Thanks in advance.

[Zanzer]

XOR is useful for toggling bits on and off.

Now this one 4-byte integer could contain 32 separate true/false conditions.
00010000 - Lets say that one bit means an object is square versus a circle.
00000001 - Lets say that one bit means the object is is black versus white.
So the object can have any combination of those 32 bits at any given time.

Now lets the game wants to cause that object to start blinking black and white.
So we don't want to disturb any other bits except the right-most one.
How do we do that? Simple! Just start XOR'ing the integer by 1 over and over.

Without XOR, you would need to first interrogate the value using a bitwise AND.
You would then need to use a bitwise OR to enable it or a bitwise AND of the inverse to disable it.

Congratulations Mario! Your star power is now causing you to flash!

Microsoft's Calculator has the XOR command. Alt+3 switches to programmer mode.

[Dr.Disrespect]

[Zanzer]

Well, with your second set of values, it's possible the game is using XOR simply to encrypt the values.
Preventing you from finding it with a straight value scan.

But if it is using a single integer to represent several true/false conditions, you could identify their meaning.
Simply start flipping bits on and off and seeing what effect they have in-game.

[Dr.Disrespect]

[Zanzer]

Actually, if you take a look at Divinity: Original Sin, that game uses this method to identify which Talents your characters have.
Since each character either has or doesn't have a talent, you only need a single bit of data.
Given that there are a lot of talents, no reason to waste space by giving each one a whole byte to represent a standard boolean type.
That single byte could can contain eight different true/false conditions!

Encryption works because XOR specifically toggles the bits on and off.
So you XOR the value once and it toggles whatever bits it interacts with.
Simply XOR the now encrypted value with the same value again.
Those bits are toggled back, resulting in the same number you started with.
You can see an example of this in GTA 5.

You can lay out all the binary bits and prove this to yourself.
Or trust in me and the Microsoft calculator.

[Dr.Disrespect]

[MMM-304]

no, its not random. tho it have same address for the whole program but for specific part of the program, it has constant value. the point where "xor eax,ebp" is happening ebp will have a specific value (as intended by code). Same is the case with esp (stack pointer) if you put its address in address list you will find its value fluctuating, that is cuz the same address in used/written again and again(with new value) in the whole program. if u suspend the program at a specific spot then look at the address of esp or ebp, its value will remain constant

[ParkourPenguin]

ebp can be used as a general purpose register if the compiler deems establishing a stack frame to be unnecessary. (e.g. gcc -fomit-frame-pointer)

If ebp is being used as a stack frame, you can't assume what address it will have. Thread stacks aren't (shouldn't be) deterministically allocated, and the callstack up to that point isn't (shouldn't be) deterministic.

I'd like to see that SO answer with more context. Right now, that sounds like bullshit someone spewed from their keyboard because they don't have a clue what's going on. (stack overflows are actually detected by Windows using a guard page at the end of the stack)

PS: don't bump threads several years old. Make a new topic.