New to game hacking (maybe intermediate level). Clarification..

[Do0ks]

Hey all, I'm somewhat new to game hacking. I feel I am somewhere in-between beginner/intermediate level. Also to note, this is my first post. Please take me out to dinner before handing me my ***.

Anyway, I know how to scan addresses, find reliable pointers and have played with AOB script's, code injections and now I'm trying to grasp the concept of assembly and how the code is laid out. So the point of this post is to make sure I'm on the right track in the understanding, to correct any miss information before they become a bad habits, and to get clarification on other relevant aspects of assembly.

For example, let say our code is:

mov [rsi+08],rbx

from my understanding we have mov(move) the value of rbx into rsi with a offset of 08. Also, we know [rsi+08] is an address because of the []'s leaving rbx as a registry. (registries are stored in the processer, addresses are in ram that was copied from the exe/dll(that's also in ram now)). If this information is correct my questions are;

-If something is in-between []'s, is it guaranteed to be an address and alike, if its outside of the []'s, that's a registry?
-If rbx is a registry, does that mean rax, rcx, rdx, etc. and the xmm0-12 (I cant remember how many xmms we have) are also registries?
-Last, can registries be edited? I know the base addresses can't, or at least by my understanding they can't/shouldn't be edited.
(Nevermind, I just figured out they can be edited)


Any input is more than greatly appreciated so really, thanks for your time!!!

[Toga]

Hey there
a standard answer would be like "google x86//x64 instruction set"
but that wouldn't be very kind.

i am far as an expert but here's a very summarily and simplified explenation

Registers:
The point of having registers is that the cpu has very ver fast access to them (buffers).
Way faster as accessing memory.
So it's more optimal for the cpu todo things like accessing values or doing calculations with those registers as it would be doing with memory.

hence they can be editted.

for example if rdi contains address 05FFH (just saying something):
jmp rdi // jump to the address rdi is containing
is faster as
jmp 05FFH // slower because it's not in a register


about the brackets: mov [rsi+08],rbx
- mov rsi, rbx => change the current value (address in this case) of rsi to rbx
- mov [rsi], rbx => change the memory address where rsi is pointing to, to rbx ( look at rsi as a C pointer)
- mov [rsi+08], rbx => same as above but with an offset of 8 ( look at it as a data structure )

here's a nice link with good info also telling normaly used purpose of each register (and more)
[Link]

[Do0ks]

Hey there
a standard answer would be like "google x86//x64 instruction set"
but that wouldn't be very kind.

i am far as an expert but here's a very summarily and simplified explenation

Registers:
The point of having registers is that the cpu has very ver fast access to them (buffers).
Way faster as accessing memory.
So it's more optimal for the cpu todo things like accessing values or doing calculations with those registers as it would be doing with memory.

hence they can be editted.

for example if rdi contains address 05FFH (just saying something):
jmp rdi // jump to the address rdi is containing
is faster as
jmp 05FFH // slower because it's not in a register


about the brackets: mov [rsi+08],rbx
- mov rsi, rbx => change the current value (address in this case) of rsi to rbx
- mov [rsi], rbx => change the memory address where rsi is pointing to, to rbx ( look at rsi as a C pointer)
- mov [rsi+08], rbx => same as above but with an offset of 8 ( look at it as a data structure )

here's a nice link with good info also telling normally used purpose of each register (and more)
[Link]

Hey! Thanks for the reply, and what you have to say makes a lot of sense! I have a lot to learn about the differences of x86, x64. From what i understand the r is things like rsi resembles x64 while e in something like esi would indicate x86. I also understand x64 can handle more bytes then x64 (understandable because x86 is older technology named after a old processor I believe.)

I did read about the registry being more quicker. from my understanding its basically a micro hard drive on the processor that can store a small bit of information for pretty much instant access/processing rather the cpu reaching out to the ram or worst, it reaching out to the Hard drive which i would think can get very expensive.

Anyway, going back to the bracket, what you said makes perfect sense to me! That's what i was thinking and i'm glad i'm on the right track with that!

Thanks for the reply again! You're the bomb!

Also, Thanks for sharing that cheat sheet with me! That's going to help a bunch!