For the more better to see version :P
CONDITIONALS AND JUMPS
======================
Ok this will be the last one for a while to show you, as they get more and more advanced.
Learning the 3 days very well, should well be enough to do easy and simple trainers and
how to find the values.
First I want to talk about Flags, what the hell are flags???
Well its not that difficult to understand.
Flag registers
==============
The flag register has a set of flags which are set/unset depending on calculations or
other events. Here is the more important ones.
ZF (Zero flag)
This flag is set when the result of a calculation is zero (compare is actually a substraction
without saving the results, but setting the flags only).
SF (Sign flag)
If set, the resulting number of a calculation is negative.
CF (Carry flag)
The carry flag contains the left-most bit after calculations.
OF (Overflow flag)
Indicates an overflow of a calculation, i.e. the result does not fit in the destination.
There is other flags some which you will never use so I wont talk about them.
Jumps
=====
Heres a list of the Opcodes for Jumps
Opcode Meaning Condition
JA Jump if above CF=0 & ZF=0
JAE Jump if above or equal CF=0
JB Jump if below CF=1
JBE Jump if below or equal CF=1 or ZF=1
JC Jump if carry CF=1
JCXZ Jump if CX=0 register CX=0
JE (is the same as JZ) Jump if equal ZF=1
JG Jump if greater (signed) ZF=0 & SF=OF
JGE Jump if greater or equal (signed) SF=OF
JL Jump if less (signed) SF!=OF
JLE Jump if less or equal (signed) ZF=1 or SF!=OF
JMP Unconditional Jump -
JNA Jump if not above CF=1 or ZF=1
JNAE Jump if not above or equal CF=1
JNB Jump if not below CF=0
JNBE Jump if not below or equal CF=1 & ZF=0
JNC Jump if not carry CF=0
JNE Jump if not equal ZF=0
JNG Jump if not greater (signed) ZF=1 or SF!=OF
JNGE Jump if not greater or equal (signed) SF!=OF
JNL Jump if not less (signed) SF=OF
JNLE Jump if not less or equal (signed) ZF=0 & SF=OF
JNO Jump if not overflow (signed) OF=0
JNP Jump if no parity PF=0
JNS Jump if not signed (signed) SF=0
JNZ Jump if not zero ZF=0
JO Jump if overflow (signed) OF=1
JP Jump if parity PF=1
JPE Jump if parity even PF=1
JPO Jump if paity odd PF=0
JS Jump if signed (signed) SF=1
JZ Jump if zero ZF=1
As you can see, jumps have conditions set to them from a previous calculation, test or compare.
Look at this example
TEST EAX,EBX
JE 004822FFh
MOV EAX,EBX
JMP 004822FFh
This little example basically tests two values to see if they are equal, if so the program
will move the value 1 into the Zero Flag (ZF), thus allowing the conditional jump (JE) to
goto a memory location to execute opcodes there.
Now if it wasnt equal, the program will move 0 into ZF, and will skip the JE instruction, then
move the value in the EBX register to the EAX register, forcing to be equal then doing an
unconditional jump (JMP) to the same memory location.
Games can use this, some games have a real address for values and a (what I like to call)
ghost address, the ghost address is where the value to be shown on the game is used, but
if a check like above exists, no matter what you force into that address will revert back
to the real one.
Im sure anyone trying to scan memory addresses for a game may have came up against this at
one point.
Other opcode that can be used is
CMP register, register/value - Compare two values and move 0 or 1 into appropriate
Flags.
Ok thats enough for now, ive taught you basic ASM opcodes, floats and Conditional Jumps.
This should be all you need to train a game
No hay comentarios:
Publicar un comentario