[Guide] Registries and Flags.

[PopcornWoW]

Well, This is my first guide for this forum, But not my first ever.

I've written countless tuts on finding points and offsets manually for other online games such as MapleStory, GunBound, GunZ, FlyForFun, Etc..

I will update this TuT when I have more time but i will just give you the basics now.

I will include in this TuT:

Explanation of Registries and what they do.
Explanation of Flags and what they do.
How we can use both.
CRC.
Memory Editing.
Value and Address searching.


Ok When we think "Registries" we think "Register" to allocate specified data in a location of memory.

Here are a few of the Register instructions used in 32bit.

32-bits REGISTERS:
EAX (Extended Accumulator Register)
EBX (Extended Base Register)
ECX (Extended Counter Register)
EDX (Extended Data Register)
ESI (Extended Source Register)
EDI (Extended Destination Register)
EIP (Extended Instruction Pointer)
EBP (Extended Base Pointer)
ESP (Extended Stack Pointer)

They are pretty self explanatory

When there is an "E" in front of a 16-bit register, it means you are dealing with a 23-bit register. So, AX = 16-bits, EAX = The 32-bits version of AX.
Flags:

Flags are single bits which indicate the status of something. The flag register on modern 32bit CPUs us 32bit Large but 64bit is now becoming more increasing. there are 32 different flags but for game hacking you really only need 3 main ones.
Z-Flag, O-Flag and the C-Flag. For hacking you need to know these flags to understand if a jump is executed or not.
This register is in fact a collection of different 1-bit flags.
A flag is a sign eg. a Green light means "ok" and Red means "Not ok"
A flag can only be '0' or '1', meaning set or not set.

The Z-Flag:

Z-flag or "Zero Flag" is the most useful for in game hacking.
It can be set ''1' or cleared '0' by several OPcodes when the last instruction was performed has 0 as the result. You may wonder why 'CMP' could set the zero flag, because it compares something it - the result could possibly be a '0' how? Because z-flag is basicly an opcode "JE" (Jump if equal)

Because the ZF is a boolean ticking it would resulting in the boolean being "1" (True) Set etc.. or "Equal" so the jump would go ahead.

The O-Flag:
O-Flag or "Overflow Flag" isn't used alot but it is very useful in game hacking. It is set '1' when the last operation changed the highest bit of the register that gets the result of an operation. EG. EAX Holds the value '7FFFFFFF'. If you use an operation that increases EAX by 1 the Overflow flag will be set. Basically if an overflow occurs then it gets set.

The C-Flag:

The C-Flag or (Carry Flag) is the least used in game hacking out of the 3.
It becomes Set if you add a value to a register, so that it gets bigger then FFFFFFFF or if you subtract a value, so that the register gets smaller then 0.

;;;;;;;;;;;;;;;;;;;;;;

Okay, Flags done.

Instructions:

Note: All Values in ASM Instructions are always hexadecimal.

Most instructions have two operations like "add eax, ebx", but some have one, "not eax" or even three "Imul eax, edx, 64". When you have an Instruction that says something with "DWORD PTR[XXX]" then the DWORD (4byte) value at the memory offset [xxx] is meant.

EXAMPLES:

Most Instructions with 2 operations can be used in the following ways.

Note: All syntax in ASM should be capitalized.

ADD EAX, EBX ;; Register, Register

ADD EAX, 123 ;; Register, Value
ADD EAX, DWORD PTR[404000] ;; Register, DWORD(4bytes) Pointer[Value]
ADD EAX, DWORD PTR[EAX] ;; Register, DWORD Pointer Register
ADD EAX. DWORD PRT[EAX+00404000];; Register, DWORD Pointer [Register+Value]
ADD DWORD PTR[404000], EAX ;;DWORD Pointer[Value], Register
ADD DWORD PTR[404000], 123 ;; DWORD Pointer[Value], Value
ADD DWORD PTR[EAX], EAX ;;DWORD Pointer[Register], Register
ADD DWORD PTR[EAX],123 ;; DWORD Pointer[Register, Value
ADD DWORD PTR[EAX+404000], EAX ;; DWORD Pointer[Register+Value], Register
ADD DWORD PTR[EAX+404000], 123 ;; DWORD Pointer[Register+Value],Value

--------------------------------------------

Explaination:

ADD(Addition)
Syntax: ADD Destination, Source

The ADD instruction adds a value to a register or a memory address. It can be used in these ways:

These instructions can set the ZeroFlag, The Overflow Flag and the CarryFlag and some others but we arn't using them at the moment.


CALL(call)
Syntax: CALL Something

The Instruction CALL Pushes the RVA(Relative Virtual Address) of the instruction that follows the CALL to the stack and calls a sub procedure.

CALL can be used in the following ways:

CALL 404000 ;; Most common, Calls an Address
CALL EAX ;; CALL REGISTER, If EAX would be 404000 It would be the same as the Above example.
CALL DWORD PTR [EAX] ;; Calls the address that is stored at [EAX]
CALL DWORD PTR [EAX+5] ;; Calls the address that is stored at [EAX+5]

Ok I will update again when I have time. Sorry for the delay

I hope you are enjoying it so far.

[tttommeke]

Good tutorial ;-) Could you do the titles between [ b ] [ / b ], will give a better look :-)

[PopcornWoW]

Good tutorial ;-) Could you do the titles between [ b ] [ / b ], will give a better look :-)

Yeah i will update it in the morning to look pretty and finish most of it.

[[ Prototype ]]

+5 rep. Cool .

[PopcornWoW]

Updated for now. I will update more when i don't have a headache and have some spare time.

[suicidity]

OMFG BLUETEXT! Change the color please, same with the black.

[Gothian]

yeah, the font colors are all wierd!! But +4 for the work spent