I've spent about 6 hours debugging some code using Cheat Engine. I've come across something really weird.
The instruction reads:
imul esi,esi0A
What does this mean?
ESI = 5 before the instruction After the imul instruction it becomes 32.
Asked
Active
Viewed 89 times
1
Peter Cordes
- 328,167
- 45
- 605
- 847
Mugen
- 1,417
- 5
- 22
- 40
-
1Well, `0x0A` = 10, and 5 times 10 is 50 = `0x32`... – Iwillnotexist Idonotexist Mar 26 '19 at 17:34
-
Thanks! Any idea why we have esi twice? Shouldn't it have been just esi,0a? – Mugen Mar 26 '19 at 17:35
-
2No, since `imul` with an immediate constant must specify both the source and destination registers, per the Intel SDM. – Iwillnotexist Idonotexist Mar 26 '19 at 17:37
-
Then shouldn't it be imul esi,esi,0a? There's a comma missing. Anyhow, my question is answered. Would you like to post this as an answer so that I can mark it as complete? I think it'll be helpful for anyone else looking through nuances of cheat-engine. – Mugen Mar 26 '19 at 17:43
1 Answers
3
TL;DR
The instruction in question was probably intended to be
imul esi, esi, 0x0A
, but Cheat Engine probably forgot to print the comma ,.
Longer Version
The mathematical result you describe is consistent with 0x00000005 = 5 being multiplied by 0x0A = 10 to produce 0x00000032 = 50.
The Intel Software Developers' Manual, Volume 2A, §3.2 - IMUL - Signed Multiply documents the instruction's function and valid forms. Of the ones that allow immediate constants, the only available forms require specifying 1) the destination register, 2) the source register and 3) the immediate constant.
In this particular case, obviously these were intended to be respectively esi, esi, 0x0A. Cheat Engine only printed it incorrectly.
Iwillnotexist Idonotexist
- 13,297
- 4
- 43
- 66