So I've been trying to find a delta multiplier (super speed), but I keep finding code like this and just can't figure out what's going on even after stepping thought the code.
[CODE=nasm]
Game+168E3C: 0F11 5C 24 70 - movups [rsp+70],xmm3
Game+168E41: 0F11 55 F0 - movups [rbp-10],xmm2
Game+168E45: FF 50 60 - call qword ptr [rax+60]
Game+168E48: 48 8B 58 08 - mov rbx,[rax+08]
Game+168E4C: F6 83 AE000000 02 - test byte ptr [rbx+000000AE],02
Game+168E53: 74 08 - je 14037751D
Game+168E55: 48 8B CB - mov rcx,rbx
Game+168E58: E8 43878600 - call 140BDFC60
Game+168E5D: 49 8B 8F F0000000 - mov rcx,[r15+000000F0] <<<--- AOB Starts Here
Game+168E64: 0F28 CE - movaps xmm1,xmm6
Game+168E67: 0FC6 CE 00 - shufps xmm1,xmm6,00
Game+168E6B: 0F28 C6 - movaps xmm0,xmm6
Game+168E6E: 0F59 4B 40 - mulps xmm1,[rbx+40]
Game+168E72: 48 83 C1 20 - add rcx,20
Game+168E76: 0FC6 C6 55 - shufps xmm0,xmm6,55
Game+168E7A: 0F59 43 50 - mulps xmm0,[rbx+50]
Game+168E7E: 48 8B 01 - mov rax,[rcx]
Game+168E81: 0F58 4B 70 - addps xmm1,[rbx+70]
Game+168E85: 0FC6 F6 AA - shufps xmm6,xmm6,-56
Game+168E89: 0F59 73 60 - mulps xmm6,[rbx+60]
//// INJECTING START ----------------------------------------------------------
Game+168E8D: 0F58 C8 - addps xmm1,xmm0
Game+168E90: 0F58 CE - addps xmm1,xmm6
//// INJECTING END ----------------------------------------------------------
Game+168E93: 0F28 C1 - movaps xmm0,xmm1
Game+168E96: F3 0F11 4D 24 - movss [rbp+24],xmm1
Game+168E9B: 0FC6 C1 55 - shufps xmm0,xmm1,55
Game+168E9F: 0FC6 C9 AA - shufps xmm1,xmm1,-56
Game+168EA3: F3 0F11 4D 2C - movss [rbp+2C],xmm1
Game+168EA8: F3 0F11 45 28 - movss [rbp+28],xmm0
Game+168EAD: FF 50 60 - call qword ptr [rax+60]
Game+168EB0: 48 8B 58 08 - mov rbx,[rax+08]
Game+168EB4: F6 83 AE000000 02 - test byte ptr [rbx+000000AE],02
Game+168EBB: 74 08 - je 140377585
Game+168EBD: 48 8B CB - mov rcx,rbx
Game+168EC0: E8 DB868600 - call 140BDFC60
Game+168EC5: 0F28 43 40 - movaps xmm0,[rbx+40]
Game+168EC9: 0F28 4B 50 - movaps xmm1,[rbx+50]
Game+168ECD: 49 8B 8F F0000000 - mov rcx,[r15+000000F0]
Game+168ED4: 44 0F28 73 50 - movaps xmm14,[rbx+50]
Game+168ED9: 48 83 C1 20 - add rcx,20
Game+168EDD: 44 0FC6 73 60 49 - shufps xmm14,[rbx+60],49
Game+168EE3: 0FC6 C8 A0 - shufps xmm1,xmm0,-60 [/CODE]
[ASM Help] Coord. write, not understanding ASM.
[ASM Help] Coord. write, not understanding ASM.
Having fiddled a bit with MMX, I can tell you the shuffling is used to bring 2nd or 3rd DWORD in XMMx to first position so you can then use one-param instructions like "movss". See your code:
[code=nasm]
Game+168E64: 0F28 CE - movaps xmm1,xmm6
Game+168E67: 0FC6 CE 00 - shufps xmm1,xmm6,00
Game+168E6B: 0F28 C6 - movaps xmm0,xmm6
Game+168E6E: 0F59 4B 40 - mulps xmm1,[rbx+40][/code]
XMM6 is moved into XMM1, then the shufps you can view it as A XOR B (so XMM1 XOR XMM6), 00-ing the result of non-equal DWORDs. I'm guessing after this you get a single DWORD in xmm1 (your xmm1 looks like this -> xxxxxxxx - 00000000 - 00000000 - 00000000). So, of course now 'mulps xmm1,[rbx+40]' (am guessing a FLOAT's stored here) works nicely :p
See more about it [URL='http://www.jaist.ac.jp/iscenter-new/mpc/altix/altixdata/opt/intel/vtune/doc/users_guide/mergedProjects/analyzer_ec/mergedProjects/reference_olh/mergedProjects/instructions/instruct32_hh/vc293.htm']here[/URL]. What I recommend is writing down xmm1 and xmm6 on a piece of paper, apply the theory from that page and see what you get as result. Similarly, try changing this: "shufps xmm1,xmm0,-60" to "shufps xmm1,xmm0,x" (where x is 0,1,2,3..) and see the result with each re-run to get a feel on it ;)
BR,
Sun
[code=nasm]
Game+168E64: 0F28 CE - movaps xmm1,xmm6
Game+168E67: 0FC6 CE 00 - shufps xmm1,xmm6,00
Game+168E6B: 0F28 C6 - movaps xmm0,xmm6
Game+168E6E: 0F59 4B 40 - mulps xmm1,[rbx+40][/code]
XMM6 is moved into XMM1, then the shufps you can view it as A XOR B (so XMM1 XOR XMM6), 00-ing the result of non-equal DWORDs. I'm guessing after this you get a single DWORD in xmm1 (your xmm1 looks like this -> xxxxxxxx - 00000000 - 00000000 - 00000000). So, of course now 'mulps xmm1,[rbx+40]' (am guessing a FLOAT's stored here) works nicely :p
See more about it [URL='http://www.jaist.ac.jp/iscenter-new/mpc/altix/altixdata/opt/intel/vtune/doc/users_guide/mergedProjects/analyzer_ec/mergedProjects/reference_olh/mergedProjects/instructions/instruct32_hh/vc293.htm']here[/URL]. What I recommend is writing down xmm1 and xmm6 on a piece of paper, apply the theory from that page and see what you get as result. Similarly, try changing this: "shufps xmm1,xmm0,-60" to "shufps xmm1,xmm0,x" (where x is 0,1,2,3..) and see the result with each re-run to get a feel on it ;)
BR,
Sun
Last edited by SunBeam on Thu Jan 01, 1970 12:00 am, edited 1 time in total.
[ASM Help] Coord. write, not understanding ASM.
about a month already, you may have solved the problem you're having already, but here are some personal tips on how to read what that byte at the shufps means, or how to write one easily.
to write the byte, the way I often use to plan the shuffling is this:
1. write down the 4 elements order on the notepad like this:
[code]4th 3rd 2nd 1st
11 10 01 00[/code]
2. then write down how you want it to become. e.g., I want to broadcast the 3rd element on all 4 elements. that means all 4 elements should be the 3rd element:
[code]10 10 10 10[/code]
3. now use the calculator to convert it back to hex, that would be 0xAA. and done.
4. or you want to reorder to 2 4 1 4, then:
[code]01 11 00 11[/code]
in hex: 0x73
so, for the 0x00 on the line Game+168e67 that SubBeam mentioned, just convert the 0x00 to binary, which is easy for 0x00:
[code]00 00 00 00[/code]
so, that means it's boardcasting the 1st element into all 4 elements.
EDIT:
EDIT2 (rewrote the example):
if you want to apply a multiplier (or force, etc.) to a vector that would apply to a coord, you can do something like this.
[code]
//xmm1 : the vector
//xmm2 : coord you want to manipulate
mov eax,(flaot)2 //multiplier to be appiled.
movd xmm0,eax // 4th 3rd 2nd 1st
// xmm0 becomes 0 0 0 2
shufps xmm0,xmm0,00 //broadcast the least significant element to all 4 elements.
//i.e. 2 2 2 2
//shufps xmm0,xmm0,c0 //consider using c0 if you want the 4th element stay zero.
//if use this: 0 2 2 2
//shufps xmm0,xmm0,e0 //use e0 if the vector is 2d.
//if use this: 0 0 2 2
mulps xmm1,xmm0 //applied the multiplier to vector.
addps xmm2,xmm1 //apply the vector to the coord.[/code]
to write the byte, the way I often use to plan the shuffling is this:
1. write down the 4 elements order on the notepad like this:
[code]4th 3rd 2nd 1st
11 10 01 00[/code]
2. then write down how you want it to become. e.g., I want to broadcast the 3rd element on all 4 elements. that means all 4 elements should be the 3rd element:
[code]10 10 10 10[/code]
3. now use the calculator to convert it back to hex, that would be 0xAA. and done.
4. or you want to reorder to 2 4 1 4, then:
[code]01 11 00 11[/code]
in hex: 0x73
so, for the 0x00 on the line Game+168e67 that SubBeam mentioned, just convert the 0x00 to binary, which is easy for 0x00:
[code]00 00 00 00[/code]
so, that means it's boardcasting the 1st element into all 4 elements.
EDIT:
EDIT2 (rewrote the example):
if you want to apply a multiplier (or force, etc.) to a vector that would apply to a coord, you can do something like this.
[code]
//xmm1 : the vector
//xmm2 : coord you want to manipulate
mov eax,(flaot)2 //multiplier to be appiled.
movd xmm0,eax // 4th 3rd 2nd 1st
// xmm0 becomes 0 0 0 2
shufps xmm0,xmm0,00 //broadcast the least significant element to all 4 elements.
//i.e. 2 2 2 2
//shufps xmm0,xmm0,c0 //consider using c0 if you want the 4th element stay zero.
//if use this: 0 2 2 2
//shufps xmm0,xmm0,e0 //use e0 if the vector is 2d.
//if use this: 0 0 2 2
mulps xmm1,xmm0 //applied the multiplier to vector.
addps xmm2,xmm1 //apply the vector to the coord.[/code]
Last edited by Cielos on Wed May 23, 2018 4:53 am, edited 3 times in total.
Who is online
Users browsing this forum: No registered users