while debugging some software with rather unaltruistic intentions i've come across something that i believe may be the crux of my puzzle.

to reach my desired goal i require that a certain call return a non-zero value in AL (the lower byte in the EAX register on intel machines.) after some analysis of this call i've concluded that it returns in either one of 3 fashions:

fashion 1:
XOR AL AL
....
ret

fashion 2:
MOV AL BL (here BL is 00 for as far as I've analysed, but this may be a possible path)
...
ret

fashion 3:
SBB EAX EAX
AND EAX EBX
....
ret

clearly fashion 1 is not of interest.  fashion 2 maybe part of the needed result but ignore it for now. fashion 3 is of particular interest to me because i've played with it and i know it's possible to receive a non-zero value in EAX from the

SBB EAX EAX

statement. Googling I found SBB is the opcode for subtract with borrow, but that didn't really explain it. Perchance one of you fine fellows on this board can enlighten me?
Posted on 2007-09-17 16:13:46 by gmatt
The SBB command simply first adds the source operand with the value in the carry flag and then subtracts the result from the destination operand with the result of the subtraction being stored in the destination operand.

In other words (or should I say for a graphical example):

Dset = (Dest - (Src +CF));

Thusly if EAX = 0 and the CF (Carry Flag) is set (equal to 1) the command breaks down to:

Eax = (Eax - (Eax + 1));

Eax = (0 - (0 + 1));

Eax = (0 - (1));

Eax = 0xFFFFFFFF;

Hope that helps.

Posted on 2007-09-17 19:52:46 by madprgmr
i require that a certain call return a non-zero value in AL


If that is really what you meant, then all your examples may tend to return the opposite.

If AL must NOT be 0, then the easiest and most fool-proof way to return that is:

....
mov al,1
ret


Raymond
Posted on 2007-09-17 20:20:41 by Raymond

i require that a certain call return a non-zero value in AL


If that is really what you meant, then all your examples may tend to return the opposite.

If AL must NOT be 0, then the easiest and most fool-proof way to return that is:

....
mov al,1
ret


Raymond



thank you sir for the reply. i failed to mention the objective was intermediate and thus it was favorable to not force certain byte values, namely AL, as the primary objective was to observe which inputs resulted in the correct sequence of code execution.

a keen reader will notice i use the past tense when relating this message and indeed it is because i have achieved said objective.

Posted on 2007-09-18 00:39:35 by gmatt

The SBB command simply first adds the source operand with the value in the carry flag and then subtracts the result from the destination operand with the result of the subtraction being stored in the destination operand.

In other words (or should I say for a graphical example):

Dset = (Dest - (Src +CF));

Thusly if EAX = 0 and the CF (Carry Flag) is set (equal to 1) the command breaks down to:

Eax = (Eax - (Eax + 1));

Eax = (0 - (0 + 1));

Eax = (0 - (1));

Eax = 0xFFFFFFFF;

Hope that helps.




thank you kind sir. indeed i am happy to report that this was the crux of my puzzle and my goal happily accomplished.
Posted on 2007-09-18 00:42:02 by gmatt

while debugging some software with rather unaltruistic intentions i've come across something that i believe may be the crux of my puzzle.

to reach my desired goal i require that a certain call return a non-zero value in AL (the lower byte in the EAX register on intel machines.) after some analysis of this call i've concluded that it returns in either one of 3 fashions:

So you're trying to make IsRegistered() return '1' instead of '0'?
Posted on 2007-09-18 03:33:54 by f0dder


while debugging some software with rather unaltruistic intentions i've come across something that i believe may be the crux of my puzzle.

to reach my desired goal i require that a certain call return a non-zero value in AL (the lower byte in the EAX register on intel machines.) after some analysis of this call i've concluded that it returns in either one of 3 fashions:

So you're trying to make IsRegistered() return '1' instead of '0'?



in essence, yes my dear fellow. :)
Posted on 2007-09-18 12:04:19 by gmatt

So you're trying to make IsRegistered() return '1' instead of '0'?

in essence, yes my dear fellow. :)


While the information provided to you is free for you to do as you see fit, such activities are frowned upon by the members of this board.
Posted on 2007-09-18 22:36:26 by madprgmr


So you're trying to make IsRegistered() return '1' instead of '0'?

in essence, yes my dear fellow. :)


While the information provided to you is free for you to do as you see fit, such activities are frowned upon by the members of this board.

Well put.

In slightly more firm wording.
Posted on 2007-09-19 06:24:56 by f0dder
with due respect to your community rules, this is my foray into such topics. i have no
intention of distributing my work since it will no doubt only cause harm if it is to cause
any affect at all. it was endeavored in a purely educational context. regardless, i doubt
it is welcome here so i shall retire. i am myself an enthusiast for the open source
movement and i have little need for proprietary software, with the single exception of
drivers. bless your community and best of luck.
Posted on 2007-09-19 11:45:41 by gmatt

with due respect to your community rules, this is my foray into such topics. i have no
intention of distributing my work since it will no doubt only cause harm if it is to cause
any affect at all. it was endeavored in a purely educational context. regardless, i doubt
it is welcome here so i shall retire. i am myself an enthusiast for the open source
movement and i have little need for proprietary software, with the single exception of
drivers. bless your community and best of luck.


Thank you for your wishes and sorry if you felt that we were trying to run you off.  While we have all danced around with such topics within our programming lives (and many still do so) we must, on a whole, protect the integrity of the board otherwise we open a Pandora's Box containing not only possible legal actions but also an unfortold number of possibilities of ways to drag the value of this board down into an unethical world of hackers, crackers and other such individuals.

I hope that you will think twice about writing this board off as a learning avenue, as the information contained within its proverbial walls are in essence endless. 

While one of the best ways to learn anything is through hands on interaction, we must think twice before presenting our actions to the general public to ensure that such actions do not reflect in a negative light (even if that was not the intention) upon ourselves or other individuals whom which we interact with.

Have a great rest of the week and good luck in you future programming endeavours

Posted on 2007-09-19 22:20:34 by madprgmr
Well put, madprgmr. Us old-timers from the board can probably still remember the various script-kiddies and wannabe crackers that flooded us...

I'm not saying you're one of those, gmatt, just trying to explain why we have those rules.
Posted on 2007-09-20 07:52:22 by f0dder