Open OllyDbg, and use Ctrl+G to get to address 4937F4 (there's some free space there). Type in
MOV EAX,FFFFFFFF and click Assemble. Don't save your changes to the executable.
So OllyDbg automatically converted that to
MOV EAX,-1. It switched the unsigned notation to the signed notation.Conditional Jumps
You know those special jump instructions that you use after CMP? We'll expand our repertoire today with some new ones.
First come the instructions that you already know about:
CMP A,B = Compare A and B. This instruction will set a series of "assembly flags", which are stored inside the EFLAGS register.
These conditional jump instructions check for changes in the assembly flags. Use them directly after a CMP instruction.
JE C = Jump to address C if A and B are equal (A and B are from the previous CMP command).
JNE C = Jump to address C if A and B are not equal.
JG C = Jump to C if A is greater than B. Treats A and B as signed numbers.
JGE C = Jump to C if A is greater than or equal to B. Treats A and B as signed numbers.
JL C = Jump to C if A is less than B. Treats A and B as signed numbers.
JLE C = Jump to C if A is less than or equal to B. Treats A and B as signed numbers.
And here are the new ones:
JA C = Jump to C if A is above B. Treats A and B as unsigned numbers.
JB C = Jump to C if A is below B. Treats A and B as unsigned numbers.
JBE C = Jump to C if A is below or equal to B. Treats A and B as unsigned numbers.
JNB C = Jump to C if A is not below B. Treats A and B as unsigned numbers.
All right - now we understand that some conditional jumps (JG, JGE, JL, JLE) will treat numbers as signed. Other conditional jumps (JA, JB, JBE, JNB) will treat numbers as unsigned. The jumps that Misery would use are JG, JGE, JL, and JLE. The jumps that Balrog would use are JA, JB, JBE, and JNB. Both Misery and Balrog can use JNE and JE. In essence, JNE and JE don't care whether a number is signed or unsigned.
Previous Lesson: Redefining Negatives
Next Lesson: Sign-Extension
Table of Contents