Recently, I've been working on some pretty cool reverse engineering tools to help me reverse applications faster. While most of my work is on WoW, I have been known to work on other games in the past. But regardless, I wanted to share with you the results of my latest work. Although this is part of a larger project, perhaps you will find it useful as well.
Some background, while I was working on a tool, I realized that it might be helpful to know what instructions the game used and how often it used them. In essence, I wanted a "distribution" of the opcodes used in the game. A brief search online turned up nothing useful so I wrote a quick parser to calculate this information myself. I exported an ASM file from IDA and ran it through my parser. Below you will find the results for both x86 and x64 versions of the game (Version 7.1.0.23222).
Please keep in mind that this might not be 100% accurate but it does paint a good picture of what instructions are being used.
x86 Opcode Distribution
x64 Opcode DistributionCode:Function Count: 72895 Instruction Count: 3511902 Uniq Instructions: 396 OPCODE | COUNT ===============+======== mov | 798489 push | 687294 call | 284799 pop | 253165 lea | 157733 test | 127412 jz | 123722 cmp | 116614 add | 101945 retn | 78795 jmp | 74289 jnz | 72545 movss | 69509 xor | 69309 movsd | 43200 and | 39884 inc | 36737 sub | 36364 movzx | 25352 mulss | 22409 or | 18120 dec | 17465 movaps | 16271 addss | 13573 shr | 12303 jbe | 12005 imul | 11699 shl | 11351 jb | 11313 subss | 8229 movdqa | 7532 comiss | 7202 jle | 6437 fstp | 6325 movd | 6307 jl | 6240 ja | 6208 jnb | 6164 xorps | 4767 cmovnz | 4673 sar | 4462 movsx | 3927 rep | 3118 jg | 2975 cvtdq2pd | 2919 jge | 2767 cdq | 2687 cvtps2pd | 2481 cvtdq2ps | 2474 setnz | 2464 jns | 2264 divss | 2149 neg | 2131 addsd | 2004 div | 1929 js | 1749 cmovz | 1714 mulps | 1710 paddd | 1599 shufps | 1581 sbb | 1483 addps | 1448 movq | 1368 fld | 1367 cvtpd2ps | 1312 paddw | 1254 setz | 1231 movdqu | 1160 pmaddwd | 1099 adc | 1082 cmovb | 1050 subps | 1032 movups | 989 idiv | 981 punpcklbw | 950 cvttss2si | 902 psrad | 893 lahf | 832 ucomiss | 788 not | 787 movlpd | 705 cmovg | 685 fmul | 675 cmova | 669 psubw | 629 cmovl | 608 align | 565 punpcklwd | 550 cvttsd2si | 528 unpcklps | 517 punpckhwd | 482 ror | 458 packssdw | 449 jp | 444 jnp | 426 stosd | 417 mulsd | 413 paddsw | 411 movmskps | 390 setnle | 382 mul | 351 rol | 343 shrd | 341 psraw | 337 fadd | 321 pshufd | 310 pmullw | 306 cvtss2si | 304 lock | 301 cmpltps | 297 cmovs | 293 packuswb | 287 vmovdqu | 283 pavgb | 270 pxor | 264 shld | 259 nop | 255 punpcklqdq | 250 punpckhbw | 248 cmovnb | 235 pmaddubsw | 232 vpaddw | 220 cwde | 215 punpckldq | 213 movapd | 209 fldz | 203 por | 199 palignr | 197 psrldq | 196 psubusb | 187 pshuflw | 179 fld1 | 173 mulpd | 169 punpckhdq | 167 cvtss2sd | 157 punpckhqdq | 155 setnbe | 150 setnl | 147 subsd | 146 pand | 145 movhlps | 140 cmovbe | 134 comisd | 134 vmovdqa | 129 maxps | 126 fst | 116 setb | 112 int | 107 pshufb | 106 cmpleps | 104 andps | 103 fabs | 102 fsub | 102 fdiv | 100 psrlw | 100 addpd | 95 pcmpgtw | 91 setl | 89 fsincos | 87 pshufw | 87 minps | 83 seto | 82 vpunpckhbw | 80 fxch | 78 cmovge | 77 vpunpcklbw | 77 psrlq | 75 rcpps | 75 xorpd | 75 pextrw | 74 setnb | 73 psllq | 72 psubd | 72 vpsubusb | 72 vpsubw | 72 andpd | 71 sqrtss | 70 fsubr | 68 vpmaddubsw | 64 vpor | 64 subpd | 62 vpaddd | 61 divsd | 59 faddp | 58 pandn | 58 fdivrp | 57 cvtsd2ss | 55 paddsb | 53 pcmpeqb | 53 pmaxub | 53 ucomisd | 52 psubsw | 50 movsw | 49 pshufhw | 48 vpackuswb | 48 setle | 47 vpand | 46 cmovle | 45 vpsrlw | 45 orps | 44 vpsraw | 44 sets | 41 pmaxsw | 40 vpmaddwd | 40 vpshufb | 40 setbe | 39 bswap | 38 leave | 38 orpd | 38 pminsw | 38 bts | 37 fmulp | 36 movhps | 36 packsswb | 36 vbroadcastf128 | 36 fdivr | 35 fnstsw | 35 sqrtps | 35 cpuid | 34 fsubrp | 34 vpaddsw | 33 movsb | 32 pmovmskb | 32 vpandn | 32 fstsw | 31 vmovups | 31 stmxcsr | 29 vpmaxub | 29 xchg | 29 fsubp | 28 movhpd | 28 andnps | 27 fild | 27 pinsrw | 27 unpcklpd | 27 bsr | 26 fnstcw | 26 psubsb | 26 cmovns | 25 vpavgb | 25 fldcw | 24 psubb | 24 setns | 24 fstcw | 22 bsf | 21 bt | 21 fchs | 20 movlhps | 20 vmovd | 20 vpermq | 20 fistp | 19 psadbw | 19 vxorps | 19 fcomp | 18 stosb | 18 vpsrldq | 18 vpxor | 18 maxss | 17 pslld | 17 stosw | 17 unpckhpd | 17 pmulld | 16 vshufps | 16 cvtpi2ps | 15 pcmpgtd | 15 sahf | 15 vmovhps | 15 vmovq | 15 vpaddsb | 15 cld | 14 minss | 14 paddusb | 14 pavgw | 14 pcmpeqd | 14 pcmpgtb | 14 vzeroupper | 13 cvtps2dq | 12 rcr | 12 vinserti128 | 12 vpcmpeqb | 12 wait | 12 vextractf128 | 11 fcompp | 10 prefetcht0 | 10 vmulps | 10 movlps | 9 std | 9 cbw | 8 fcom | 8 fpatan | 8 fscale | 8 psllw | 8 sqrtsd | 8 vpmaxsw | 8 vpminsw | 8 cmpeqps | 7 cmpeqsd | 7 frndint | 7 paddq | 7 pause | 7 psubq | 7 rsqrtss | 7 vaddps | 7 cvtsd2si | 6 paddb | 6 pmaxsd | 6 pminsd | 6 pmulhrsw | 6 vpbroadcastb | 6 vpshufd | 6 vpsubsb | 6 cvtsi2sd | 5 fucompp | 5 ldmxcsr | 5 pcmpistri | 5 pushf | 5 cmpltpd | 4 cvtsi2ss | 4 fldpi | 4 fsqrt | 4 fucom | 4 rsqrtps | 4 vpackssdw | 4 vpacksswb | 4 vpaddusb | 4 vpsrad | 4 vpunpckhdq | 4 vpunpckhwd | 4 vpunpckldq | 4 vpunpcklwd | 4 cmpltss | 3 cmpnless | 3 cvttps2pi | 3 divps | 3 emms | 3 fcomi | 3 fcomip | 3 fnclex | 3 fprem1 | 3 ftst | 3 fxam | 3 fyl2x | 3 shufpd | 3 vpcmpgtb | 3 xgetbv | 3 xlat | 3 andnpd | 2 blendvps | 2 cmpneqps | 2 cmpnlepd | 2 cvttpd2dq | 2 f2xm1 | 2 fcos | 2 fldl2e | 2 fptan | 2 fsin | 2 insertps | 2 movupd | 2 pcmpeqw | 2 pmovsxwd | 2 pslldq | 2 rdtsc | 2 repne | 2 setnp | 2 vbroadcasti128 | 2 vcvtdq2ps | 2 vcvtps2dq | 2 vpcmpgtw | 2 vpmovzxbd | 2 vpsubsw | 2 clc | 1 cmpltsd | 1 cmpneqpd | 1 cmpnleps | 1 cmpnlesd | 1 dpps | 1 fdivp | 1 fldlg2 | 1 fldln2 | 1 fprem | 1 frstor | 1 fsave | 1 fucomp | 1 jno | 1 minsd | 1 pinsrb | 1 popf | 1 psrld | 1 ptest | 1 pusha | 1 rcpss | 1 sqrtpd | 1 unpckhps | 1 vinsertf128 | 1 vrsqrtps | 1 vtestps | 1
Code:Function Count: 59838 Instruction Count: 3867947 Uniq Instructions: 371 OPCODE | COUNT ===============+======== mov | 1287081 lea | 319704 call | 260264 test | 186900 jz | 165308 cmp | 156462 add | 132320 jnz | 114510 xor | 105343 jmp | 86986 pop | 84134 sub | 78542 retn | 74118 movss | 66314 movaps | 65908 push | 59945 movzx | 52731 movups | 50865 inc | 33340 mulss | 29029 movsxd | 28120 and | 27091 nop | 26210 or | 26076 dec | 20507 shr | 20019 addss | 18793 jnb | 16975 shl | 15908 jb | 15837 imul | 12899 jbe | 12720 movsd | 11817 subss | 10507 comiss | 10297 xorps | 10067 movdqa | 9338 shufps | 7650 ja | 7250 sar | 7193 jl | 7103 jle | 6815 mulps | 6044 movd | 5853 movsx | 4833 addps | 4495 jge | 4443 cvtdq2ps | 3788 setnz | 3676 jns | 3426 btr | 3390 cmovnz | 3002 jg | 2984 divss | 2946 bts | 2784 bt | 2620 js | 2599 cmovz | 2588 cmovb | 2586 unpcklps | 2480 xchg | 2459 div | 2421 movq | 2336 subps | 2119 paddd | 2022 lock | 2020 cvttss2si | 1943 cvtsi2ss | 1862 setz | 1655 neg | 1582 cmova | 1494 paddw | 1467 pmaddwd | 1452 cdqe | 1417 andps | 1370 psrad | 1251 cvtdq2pd | 1215 cvttsd2si | 1171 ucomiss | 1136 cvtps2pd | 948 align | 943 punpcklbw | 918 movdqu | 904 cdq | 897 not | 881 psubw | 872 sqrtss | 785 cmovg | 764 cqo | 750 mul | 700 cvtsi2sd | 691 punpcklwd | 657 cmovl | 652 movmskps | 633 psrldq | 632 packssdw | 629 mulsd | 620 cmovnb | 609 punpckhwd | 590 rol | 557 ror | 480 setb | 456 paddsw | 423 cmpltps | 418 cvtss2si | 402 addsd | 401 psraw | 352 idiv | 328 cvtsd2ss | 321 sbb | 321 pmullw | 288 packuswb | 276 rep | 275 punpcklqdq | 265 vmovdqu | 262 setnbe | 261 pshufd | 258 pmaddubsw | 254 int | 253 punpckldq | 242 cmovs | 237 punpckhbw | 229 subsd | 221 vpaddw | 217 por | 213 comisd | 210 pavgb | 194 setl | 194 setnb | 188 psubusb | 187 movhlps | 179 punpckhdq | 176 punpckhqdq | 174 maxps | 170 pxor | 165 cmovbe | 156 setnle | 153 vmovaps | 151 cvtss2sd | 143 setnl | 143 pshuflw | 142 cmovge | 129 vmulsd | 129 pand | 128 rcpps | 122 setbe | 120 cmpleps | 119 rsqrtps | 116 orps | 106 sets | 102 cwde | 101 vfmadd213sd | 101 psrlw | 100 pcmpgtw | 99 andnps | 93 movapd | 93 vmovsd | 89 minps | 85 divsd | 84 pshufw | 83 cmovo | 82 ucomisd | 80 vpor | 80 vmovq | 79 vmovdqa | 76 vpunpcklbw | 75 vpand | 73 vpsubusb | 72 vpsubw | 72 psubd | 71 vpunpckhbw | 70 vaddsd | 68 vsubsd | 68 cvtpd2ps | 66 vpmaddubsw | 64 vpaddd | 63 cmovle | 60 vmovapd | 59 vmovups | 58 pandn | 54 pmulhrsw | 54 setle | 54 paddsb | 53 pmaxub | 53 palignr | 52 setns | 51 vmovd | 51 pmulld | 50 pshufhw | 50 vpackuswb | 48 bsr | 45 vpsrlw | 45 sqrtps | 44 vpsraw | 44 pmaxsw | 41 pminsw | 41 vpmaddwd | 40 vpshufb | 40 cmpeqps | 39 packsswb | 39 bsf | 38 paddq | 38 pshufb | 38 pcmpeqb | 37 cmovns | 36 vpaddsw | 33 vfmadd231sd | 32 vpandn | 32 bswap | 31 adc | 30 psubsw | 30 vpmaxub | 29 cpuid | 28 movhpd | 28 movhps | 27 vpxor | 27 psubsb | 26 vbroadcastf128 | 26 vxorps | 26 mulpd | 25 vpavgb | 25 jp | 24 movlpd | 24 movlhps | 23 pmovzxdq | 22 psrlq | 20 unpcklpd | 20 vpermq | 20 vpsrldq | 20 movmskpd | 19 vshufps | 19 vcomisd | 18 maxss | 17 vandpd | 16 addpd | 15 minss | 15 pextrw | 15 vmovhps | 15 vpaddsb | 15 paddusb | 14 pavgw | 14 pcmpgtb | 14 pslld | 14 vcvtdq2pd | 14 vfnmadd231sd | 14 vmulss | 14 vaddss | 13 pmovmskb | 12 subpd | 12 vdivsd | 12 vinserti128 | 12 vpcmpeqb | 12 vxorpd | 12 xorpd | 12 andpd | 11 pmaxsd | 11 vextractf128 | 11 vmovss | 11 vorpd | 11 vpshufd | 11 cvtps2dq | 10 orpd | 10 pcmpgtd | 10 prefetcht0 | 10 vmulps | 10 pause | 9 psllq | 9 psrld | 9 vsubss | 9 vzeroupper | 9 divps | 8 psllw | 8 vcomiss | 8 vpmaxsw | 8 vpminsw | 8 rsqrtss | 7 unpckhpd | 7 vaddps | 7 vpsrlq | 7 vpsubd | 7 cvttpd2dq | 6 paddb | 6 pmaxuw | 6 pminsd | 6 pmovsxwd | 6 rcr | 6 vcvtdq2ps | 6 vfmadd213ss | 6 vpbroadcastb | 6 vpsubsb | 6 vucomisd | 6 prefetchw | 5 vcvtsd2ss | 5 vcvttpd2dq | 5 vfmsub213sd | 5 vpsrad | 5 vpunpckldq | 5 cvtsd2si | 4 cvttps2dq | 4 pcmpeqd | 4 pmovsxdq | 4 pmovzxwd | 4 psubq | 4 sqrtpd | 4 vcvtss2sd | 4 vfmadd132sd | 4 vfmsub213ss | 4 vfnmadd132sd | 4 vpackssdw | 4 vpacksswb | 4 vpaddq | 4 vpaddusb | 4 vpsrld | 4 vpsubq | 4 vpunpckhdq | 4 vpunpckhwd | 4 vpunpcklwd | 4 btc | 3 cvtpd2dq | 3 vandps | 3 vcvtpd2dq | 3 vcvtsi2ss | 3 vcvtss2si | 3 vfmadd231ss | 3 vmulpd | 3 vorps | 3 vpcmpgtb | 3 vpmovsxdq | 3 vpsllq | 3 vucomiss | 3 xgetbv | 3 blendvps | 2 cmpltpd | 2 cmpneqps | 2 insertps | 2 ldmxcsr | 2 pabsd | 2 pslldq | 2 rdtsc | 2 retf | 2 stmxcsr | 2 vandnpd | 2 vbroadcasti128 | 2 vcmpsd | 2 vcvtps2dq | 2 vdivss | 2 vfnmadd213sd | 2 vpcmpeqq | 2 vpcmpgtw | 2 vpmovzxbd | 2 vpslld | 2 vpsubsw | 2 cld | 1 cmplesd | 1 cmpnltsd | 1 dpps | 1 emms | 1 ptest | 1 pushfq | 1 scasd | 1 sqrtsd | 1 vaddpd | 1 vcvtps2pd | 1 vfmadd132pd | 1 vfmsub132sd | 1 vhaddpd | 1 vinsertf128 | 1 vmovlhps | 1 vrsqrtps | 1 vtestps | 1 vunpcklpd | 1
Shout-Out
User Tag List
Thread: WoW Opcode Distribution
Results 1 to 4 of 4
-
01-01-2017 #1
★ Elder ★ Doomsayer
- Reputation
- 1147
- Join Date
- Sep 2013
- Posts
- 956
- Thanks G/R
- 148/415
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
WoW Opcode Distribution
-
Post Thanks / Like - 2 Thanks
-
01-01-2017 #2
Legendary
- Reputation
- 658
- Join Date
- Sep 2008
- Posts
- 1,023
- Thanks G/R
- 7/215
- Trade Feedback
- 0 (0%)
- Mentioned
- 8 Post(s)
- Tagged
- 0 Thread(s)
That's cool. I'm curious what conclusions you would draw based on this information (or more generally how it is useful to you). You might get more accurate results if you wrote a python script to use the IDA API to traverse each instruction rather than manually parsing the ASM output.
-
01-01-2017 #3
★ Elder ★ Doomsayer
- Reputation
- 1147
- Join Date
- Sep 2013
- Posts
- 956
- Thanks G/R
- 148/415
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I'm experimenting with some debugging technologies which analyze code as it's running. For certain operations I perform additional analysis and then output the results at the end. It helps to know what operations the game is performing the most so that I can learn more about them and improve my analysis tools. Especially since my assembly skills could still use some work.Originally Posted by namreeb
Two reasons why I didn't do that: (1) I didn't want to spend a lot of time (I don't know Python and my IDA API knowledge is really bad). On the other hand, I knew exactly how to do it with my approach and so it only took about 20 minutes to implement. (2) The results I did get were pretty accurate since IDA creates a very consistent ASM file. In essence I didn't need something too terribly accurate, just a rough idea and it seemed to work pretty well.Originally Posted by namreeb
-
01-02-2017 #4
Contributor
- Reputation
- 112
- Join Date
- Jun 2007
- Posts
- 69
- Thanks G/R
- 6/27
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I see 6325 fstp instructions for x86, I always look for instructions like that because they are used to move a float to an specific memory address, in GW2 an instruction like that is used in the day and night cycle. It's very useful to find curious values.
Great job Torpedoes as always
-
Post Thanks / Like - 1 Thanks
Torpedoes (1 members gave Thanks to karliky for this useful post)
Reply With QuoteSimilar Threads
-
[wow; question] opcode handler offsets
By akriso in forum WoW Memory EditingReplies: 0Last Post: 07-26-2015, 09:32 PM -
Get your first mount in WoW easily
By Matt in forum World of Warcraft GuidesReplies: 3Last Post: 11-03-2006, 09:46 PM -
World of Warcraft WoW!Bot (GetALifeBot) 0.61 for WoW 1.9.4 + FishBot
By Matt in forum World of Warcraft Bots and ProgramsReplies: 43Last Post: 04-18-2006, 04:55 AM -
Free WoW Glider 0.5.3 Loader
By Matt in forum World of Warcraft Bots and ProgramsReplies: 5Last Post: 03-12-2006, 01:00 PM
-
OwnedCore Forums
casino news World of Warcraft Pokemon GO MMO Overwatch RTS Casino reviews bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game -
casino
Casino Gambling Online casinos Casino en ligne Jackpot City no deposit bonus codes roobet Casino reviews Bitcoin casino Paypal Casino Lucky8 1xbit heycasino ⭐ Bitkingz Casino - GoldenBet Casino- 100% Ruby vegas casino - No ✅Lucky8 Casino Bonus - ✅Rizk Casino - 100% Skrill Casino - List of Découvrir l'élégance ✅Roobet Casino Bonus - Wanted Dead or alive - -
CoreCoins
CoreCoins CoreCoins FAQ Shout-Out Banner Ads -
My OwnedCore
My Profile Notifications Settings Buy CoreCoins About Us
Privacy Policy | Cookie Policy | Terms | Contact Us
Available Payment Methods:-
-
Casino
Casino Reviews | Sportsbook | Casino deposit offers | BuzzLuck | No deposit bonus | BitCasino | MrGreen | Stake Casino | Bonus code | Casino Bonus | Casobet | Lucky Dreams Casino | Rollino Casino | Slot machines | How to Play BlackJack Online | NeedForSpin | Betflip Casino | Casino | Bitstarz | Cresus Casino | Bovada casino | PalmSlots Casino | Drake Casino | USA CASINO | Millionz | Lucky8 | Oshi Casino | ZenCasino