Text only | Text with Images

The MASM Forum

General => The Campus => Topic started by: chrisdudeperson on September 06, 2014, 06:28:11 AM

Title: Assembler IF Statement
Post by: chrisdudeperson on September 06, 2014, 06:28:11 AM
Hi guys,

Rather new to assembler so please excuse my lack of knowledge

I am looking at a disassembled program and have come across an IF statement that has translated to psuedo code like this:

Code Select

if (*(eax + 0x8) != 0x0)


Now, does this mean that if the value stored at memory location eax+0x8 is not equal to 0x0 then the if statement will be executed?

Cheers
Chris
Title: Re: Assembler IF Statement
Post by: jj2007 on September 06, 2014, 07:57:18 AM
Hi Chris,

Apparently, yes, although this is not standard MASM notation. Which disassembler are you using?

Masm syntax would be
.if dword ptr [eax + 8] != 0
or
.if dword ptr [eax + 8]

P.S.: Welcome to the forum :icon14:
Title: Re: Assembler IF Statement
Post by: Gunther on September 06, 2014, 09:23:05 PM
Hi chrisdudeperson,

it looks like AT&T syntax. And welcome to the forum.

Gunther
Title: Re: Assembler IF Statement
Post by: chrisdudeperson on September 06, 2014, 10:53:34 PM
Thanks for the warm welcome!

I'm using hopper to dissemble a unix executable that runs on a mac

Is there a better disassembler that you could recommend?
Title: Re: Assembler IF Statement
Post by: Vortex on September 07, 2014, 01:37:34 AM
Hi Chris,

In the Windows world, I would recommend OllyDbg :

http://www.ollydbg.de/

Title: Re: Assembler IF Statement
Post by: jj2007 on September 07, 2014, 04:25:56 AM
Yes, Olly is really good. I had Hopper installed but found it almost useless. Besides, when uninstalling, it left a lot of crap in the registry :(
Title: Re: Assembler IF Statement
Post by: chrisdudeperson on September 07, 2014, 05:32:15 PM
Ok I'll try Ollydbg with the Windows version of the program

I'm fairly sure the if statement in question is a true or false. I believe it is currently set to false with 0x0. What hex value would I have to use to make it true?
Title: Re: Assembler IF Statement
Post by: FORTRANS on September 07, 2014, 10:12:16 PM
Hi,

   Strictly, the values for TRUE and FALSE are determined by the
program(mer).  However, in practice False is defined to be zero,
and True is non-zero.  Common practice is to use zero and minus
one.  Minus one, with two's complement arithmetic, sets all bits
(sets the bits to ones).  So 0H and 0FFFFFFFFH would be used in
most cases when using double word values.

HTH,

Steve N.
Title: Re: Assembler IF Statement
Post by: jj2007 on September 07, 2014, 10:33:00 PM
Quote from: FORTRANS on September 07, 2014, 10:12:16 PMCommon practice is to use zero and minus one.

Depends on the language and context. Unfortunately, C/C++ and Windows have chosen 1 instead of -1, and Masm32 has adopted that:

include \masm32\include\masm32rt.inc

.code
start:   MsgBox 0, str$(TRUE), "True:", MB_OK
   exit

end start
Title: Re: Assembler IF Statement
Post by: hutch-- on September 07, 2014, 11:59:32 PM
The values of TRUE and FALSE are determined by the value being either zero (0) or not zero (any other number) and it is the main advantage of a boolean return value, you only ever need to test the value against 0.
Text only | Text with Images