News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Assembler IF Statement

Started by chrisdudeperson, September 06, 2014, 06:28:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

chrisdudeperson

September 06, 2014, 06:28:11 AM
Hi guys,

Rather new to assembler so please excuse my lack of knowledge

I am looking at a disassembled program and have come across an IF statement that has translated to psuedo code like this:

Code Select

if (*(eax + 0x8) != 0x0)


Now, does this mean that if the value stored at memory location eax+0x8 is not equal to 0x0 then the if statement will be executed?

Cheers
Chris

jj2007

#1
September 06, 2014, 07:57:18 AM
Hi Chris,

Apparently, yes, although this is not standard MASM notation. Which disassembler are you using?

Masm syntax would be
.if dword ptr [eax + 8] != 0
or
.if dword ptr [eax + 8]

P.S.: Welcome to the forum :icon14:

Gunther

#2
September 06, 2014, 09:23:05 PM
Hi chrisdudeperson,

it looks like AT&T syntax. And welcome to the forum.

Gunther
You have to know the facts before you can distort them.

chrisdudeperson

#3
September 06, 2014, 10:53:34 PM
Thanks for the warm welcome!

I'm using hopper to dissemble a unix executable that runs on a mac

Is there a better disassembler that you could recommend?

Vortex

#4
September 07, 2014, 01:37:34 AM
Hi Chris,

In the Windows world, I would recommend OllyDbg :

http://www.ollydbg.de/

jj2007

#5
September 07, 2014, 04:25:56 AM
Yes, Olly is really good. I had Hopper installed but found it almost useless. Besides, when uninstalling, it left a lot of crap in the registry :(

chrisdudeperson

#6
September 07, 2014, 05:32:15 PM
Ok I'll try Ollydbg with the Windows version of the program

I'm fairly sure the if statement in question is a true or false. I believe it is currently set to false with 0x0. What hex value would I have to use to make it true?

FORTRANS

#7
September 07, 2014, 10:12:16 PM
Hi,

   Strictly, the values for TRUE and FALSE are determined by the
program(mer).  However, in practice False is defined to be zero,
and True is non-zero.  Common practice is to use zero and minus
one.  Minus one, with two's complement arithmetic, sets all bits
(sets the bits to ones).  So 0H and 0FFFFFFFFH would be used in
most cases when using double word values.

HTH,

Steve N.

jj2007

#8
September 07, 2014, 10:33:00 PM
Quote from: FORTRANS on September 07, 2014, 10:12:16 PMCommon practice is to use zero and minus one.

Depends on the language and context. Unfortunately, C/C++ and Windows have chosen 1 instead of -1, and Masm32 has adopted that:

include \masm32\include\masm32rt.inc

.code
start:   MsgBox 0, str$(TRUE), "True:", MB_OK
   exit

end start

hutch--

#9
September 07, 2014, 11:59:32 PM
The values of TRUE and FALSE are determined by the value being either zero (0) or not zero (any other number) and it is the main advantage of a boolean return value, you only ever need to test the value against 0.
Print
Go Up Pages1
User actions