Help File:ASM Basics 3

From Cheat Engine
Revision as of 02:43, 20 March 2017 by TheyCallMeTim13 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Originally posted by DABhand


CONDITIONALS AND JUMPS

Ok this will be the last one for a while to show you, as they get more and more advanced.

Learning the 3 days very well, should well be enough to do easy and simple trainers and how to find the values.

First I want to talk about Flags, what the hell are flags???

Well its not that difficult to understand.


Flag registers

The flag register has a set of flags which are set/unset depending on calculations or other events. Here is the more important ones.


 ZF (Zero flag)

This flag is set when the result of a calculation is zero (compare is actually a substraction without saving the results, but setting the flags only).

 SF (Sign flag)

If set, the resulting number of a calculation is negative.

 CF (Carry flag)

The carry flag contains the left-most bit after calculations.

 OF (Overflow flag)

Indicates an overflow of a calculation, i.e. the result does not fit in the destination.


There is other flags some which you will never use so I wont talk about them.


Jumps

Heres a list of the Opcodes for Jumps


 Opcode                  Meaning                                                                Condition
 JA                           Jump if above                                                       CF=0 & ZF=0
 JAE                         Jump if above or equal                                       CF=0
 JB                           Jump if below                                                       CF=1
 JBE                         Jump if below or equal                                        CF=1 or ZF=1
 JC                           Jump if carry                                                         CF=1
 JCXZ                      Jump if CX=0                                                        register CX=0
 JE                           (is the same as JZ) Jump if equal     ZF=1
 JG                           Jump if greater (signed)                     ZF=0 & SF=OF
 JGE                        Jump if greater or equal (signed)      SF=OF
 JL                            Jump if less (signed)                                           SF!=OF
 JLE                         Jump if less or equal (signed)                           ZF=1 or SF!=OF
 JMP                        Unconditional Jump                                             -
 JNA                        Jump if not above                                                CF=1 or ZF=1
 JNAE                      Jump if not above or equal                                 CF=1
 JNB                        Jump if not below                                                 CF=0
 JNBE                      Jump if not below or equal                 CF=1 & ZF=0
 JNC                        Jump if not carry                                  CF=0
 JNE                        Jump if not equal                                 ZF=0
 JNG                        Jump if not greater (signed)                               ZF=1 or SF!=OF
 JNGE                     Jump if not greater or equal (signed)               SF!=OF
 JNL                         Jump if not less (signed)                    SF=OF
 JNLE                      Jump if not less or equal (signed)     ZF=0 & SF=OF
 JNO                        Jump if not overflow (signed)                             OF=0
 JNP                        Jump if no parity                                   PF=0
 JNS                        Jump if not signed (signed)                                SF=0
 JNZ                         Jump if not zero                                   ZF=0
 JO                           Jump if overflow (signed)                   OF=1
 JP                           Jump if parity                                                        PF=1
 JPE                         Jump if parity even                                              PF=1
 JPO                        Jump if paity odd                                 PF=0
 JS                           Jump if signed (signed)                      SF=1
 JZ                           Jump if zero                                                          ZF=1


As you can see, jumps have conditions set to them from a previous calculation, test or compare.


Look at this example


 TEST EAX,EBX
 JE   004822FFh
 MOV  EAX,EBX
 JMP  004822FFh


This little example basically tests two values to see if they are equal, if so the program will move the value 1 into the Zero Flag (ZF), thus allowing the conditional jump (JE) to goto a memory location to execute opcodes there.

Now if it wasnt equal, the program will move 0 into ZF, and will skip the JE instruction, then move the value in the EBX register to the EAX register, forcing to be equal then doing an unconditional jump (JMP) to the same memory location.

Games can use this, some games have a real address for values and a (what I like to call) ghost address, the ghost address is where the value to be shown on the game is used, but if a check like above exists, no matter what you force into that address will revert back to the real one.

Im sure anyone trying to scan memory addresses for a game may have came up against this at one point.

Other opcode that can be used is


 CMP register, register/value                              - Compare two values and move 0 or 1 into appropriate Flags.


Ok thats enough for now, ive taught you basic ASM opcodes, floats and Conditional Jumps.


This should be all you need to train a game :)

Links