wich faster?

[Antariy]

Code Select Expand

neg esi
shl esi, 16
rol esi, 16


If ESI is 0 - you will get an AND EAX,0 => 0
If ESI is 1 - you will get an AND EAX,FFFF => anyway loss of hight part

[theunknownguy]

Code Select Expand

neg esi
shl esi, 16
rol esi, 16


If ESI is 0 - you will get an AND EAX,0 => 0
If ESI is 1 - you will get an AND EAX,FFFF => anyway loss of hight part

Yes, and i need:

If ESI is 0 - the operation is 8 bit (so in the end i need to AND with 0FFh)
If ESI is 1 - the operation is 16 bit (so in the end i need to AND with 0FFFFh)

Please just try to understand that i am trying to emulate the following opcode:

ADD DWORD PTR DS:[ADDRESS], VALUE

And "ADD" opcode have its 8-16 & 32 bit version.

So in order to emulate it i could simply just do:

Code Select Expand

ADD BYTE PTR DS:[ADDRESS], VALUE-8BIT
ADD WORD PTR DS:[ADDRESS], VALUE-16BIT
ADD DWORD PTR DS:[ADDRESS], VALUE-32BIT

Instead of using 8 and 16 bit emulation wich ive read that is slower than 32 bit i can do:

Code Select Expand

ADD DWORD PTR DS:[ADDRESS], VALUE-32BIT
AND DWORD PTR DS:[ADDRESS], SIZE_OF_OPERATION

[dedndave]

you are going to have troubles if [EAX] + DL > 255
seeing as we do not know the range of these two values, we have to be on the safe side....

Code Select Expand

        dec     esi
        jz      label1

        add     [eax],dl
        jmp short label2

label1: add     [eax],dx

label2:

[theunknownguy]

you are going to have troubles if [EAX] + DL > 255
seeing as we do not know the range of these two values, we have to be on the safe side....

Code Select Expand

        dec     esi
        jz      label1

        add     [eax],dl
        jmp short label2

label1: add     [eax],dx

label2:

Isnt suppose the AND in the end fix that problem?


And [Eax], SIZE_OF_OPERATION

Example of emulation with this problem:

Code Select Expand

Add Al, 1 (Trying to emulate)

My EAX virtual regist == 0FFh


So when trying to do the emulation with 32 bit (for avoid partial regist and making it fastest) it would get:

Code Select Expand


EAX virtual regist == 100h


BUT with the AND opcode in the end it would be:

Code Select Expand

EAX virtual regist == 0.

[dedndave]

let me give you an example where it may cause trouble
the byte values at [EAX] are: 0FFh,0 (word = 00FFh)
the value in DX is 1
if we ADD [EAX],DL, the bytes will be: 0,0 (word = 0000h)
if we ADD [EAX],DX, the bytes will be: 0,1 (word = 0100h)

the if-then-else code you posted orignally avoids this problem
but, if we simply clear out DH, we have not avoided it
as i said, if we knew the range of these values, we might be able to use slicker code

[theunknownguy]

let me give you an example where it may cause trouble
the byte values at [EAX] are: 0FFh,0
the value in DX is 1
if we ADD [EAX],DL, the bytes will be: 0,0
if we ADD [EAX],DX, the bytes will be: 0,1

the code you posted orignally avoids this problem
but, if we simply clear out DH, we have not avoided it
as i said, if we knew the range of these values, we might be able to use slicker code

Oh i get it, for my bad luck i cant have a range of these values, since i am just emulating those opcodes...

So the solution would be to use conditional branch?  :'(

PS: I am testing this bug like crazy and still cant make it, testing with ollydbg

Code Select Expand


004010C0 TestExe.<ModuleEntryPoint>                                        0110                                     ADD DWORD PTR DS:[EAX],EDX
004010C2                                                                   2118                                     AND DWORD PTR DS:[EAX],EBX



Where:

Code Select Expand

[EAX] == 0FFh
EDX == 1
EBX == 0FF (In case of 8 bit) or 0FFFh (In case of 16 bit)

[dedndave]

i would say so - it also yields the proper resultant flags
this is a sure thing - i may think of something later, though   :P

Code Select Expand

        dec     esi
        jz      label1

        add     [eax],dl
        jmp short label2

label1: add     [eax],dx

label2:

[theunknownguy]

i would say so - it also yields the proper resultant flags
this is a sure thing - i may think of something later, though   :P

Code Select Expand

        dec     esi
        jz      label1

        add     [eax],dl
        jmp short label2

label1: add     [eax],dx

label2:

Thanks dedndave, you have remind me about partial regist like AH, CH, DH, BH...

I need to add support for those  :dazzled:

PS: Also you right about the flags, the AND in the end would change them (me so fool). But i still can use PUSHF for that problem
PS2: Thx also for the bug, i finally made it, now need to code a solution.