开发者

Reverse Engineering, Left Bit shift by seven

问答 作者:

I've been trying to reverse engineer a function of a game but I'm kinda confused. I'm pretty new to reverse engineering (I'm using ollydbg btw) so I don't really know about all the tricks and details yet.

Anyway here's my problem. This function is called when you pick up any Item in the game. It then calculates the value of the item and adds this value to your score. Before the function is c开发者_StackOverflow社区alled, a value is pushed which I'm quite confident is the ID of the item. This is the code that confuses me:

SHL ESI,7
MOV CX,WORD PTR DS:[EDX+ESI+42]

ESI = the ID of the item EDX = constant value FE56A0

I was guessing that EDX (FE56A0) was the start of an array of items, ESI was the index of the item somehow and 42 would be the index of the value the item holds. This would be kinda weird though since your bit shifting ESI to the left by 7. As ESI increases, it's bit shifted value doesn't grow linearly.

So if EDX represent the start of an array and ESI would be an index, the items in the array wouldn't be of equal size. The meaning of this code is puzzling me.

Anyone got an idea what this code could represent?

The array might hold 128 byte long structures. Shifting by 7 multiplies the ID by 128, giving the offset required to access the structure for that ID. 42 would be the offset into the structure.

This works because multiplication actually increases the multiplied index linearly:

0 << 7 == 0
1 << 7 == 128
2 << 7 == 256
3 << 7 == 384

etc.

This code snippet simply accesses a member of a structure stored in an array.

It could be that EDX points to the start of some structure which the array is part of. The data that comes before the array requires 42 bytes, and each element in the array requires 128 bytes. (1<<7 is 128 - shifting is often used as a quick way to multiply by a power of two.) For example, something like this:

// EDX points here
struct GameItems
{
   int numItems;
   int stuff;
   int moreStuff;
   char[30] data;
   GameItem[MAX_ITEMS] items;  // offset 42 bytes from start
};

struct GameItem
{
   // 128-bit structure
}

继续阅读:bitollydbg

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9