Need help with logic of IMUL

Bare metal programming in PureBasic, for experienced users
Taken17
New User
New User
Posts: 4
Joined: Fri Jul 15, 2022 6:59 pm

Need help with logic of IMUL

Post by Taken17 »

Hi,

I'm having trouble understanding what this section of code is actually doing. The only way I've gotten it to loop through without erroring out is using the format of "%d %d %d %d %d %d". I've inputted "1 2 6 x x x" using 1 2 6 so far makes it through without erroring it out, but I can't figure out what the code is expecting for the next set of X's in Olly. Any help is greatly appreciated.

Formatting section:

; =============== S U B R O U T I N E =======================================
.text:004015E0
.text:004015E0 ; Attributes: bp-based frame
.text:004015E0
.text:004015E0 ; int __cdecl sub_4015E0(char *Buffer, int)
.text:004015E0 sub_4015E0 proc near ; CODE XREF: sub_401020+E↑p
.text:004015E0
.text:004015E0 var_4 = dword ptr -4
.text:004015E0 Buffer = dword ptr 8
.text:004015E0 arg_4 = dword ptr 0Ch
.text:004015E0
.text:004015E0 push ebp
.text:004015E1 mov ebp, esp
.text:004015E3 push ecx
.text:004015E4 mov eax, [ebp+arg_4]
.text:004015E7 add eax, 20
.text:004015EA push eax
.text:004015EB mov ecx, [ebp+arg_4]
.text:004015EE add ecx, 16
.text:004015F1 push ecx
.text:004015F2 mov edx, [ebp+arg_4]
.text:004015F5 add edx, 12
.text:004015F8 push edx
.text:004015F9 mov eax, [ebp+arg_4]
.text:004015FC add eax, 8
.text:004015FF push eax
.text:00401600 mov ecx, [ebp+arg_4]
.text:00401603 add ecx, 4
.text:00401606 push ecx
.text:00401607 mov edx, [ebp+arg_4]
.text:0040160A push edx
.text:0040160B push offset aDDDDDD ; "%d %d %d %d %d %d"
.text:00401610 mov eax, [ebp+Buffer]
.text:00401613 push eax ; Buffer
.text:00401614 call ds:sscanf
.text:0040161A add esp, 20h
.text:0040161D mov [ebp+var_4], eax
.text:00401620 cmp [ebp+var_4], 6
.text:00401624 jge short loc_40162B
.text:00401626 call sub_401750


I believe this is what is comparing what digits it is expecting.
; =============== S U B R O U T I N E =======================================
.text:00401020
.text:00401020 ; Attributes: bp-based frame
.text:00401020
.text:00401020 ; int __cdecl sub_401020(char *Buffer)
.text:00401020 sub_401020 proc near ; CODE XREF: sub_4012E0+158↓p
.text:00401020
.text:00401020 var_20 = dword ptr -20h
.text:00401020 var_1C = dword ptr -1Ch
.text:00401020 var_4 = dword ptr -4
.text:00401020 Buffer = dword ptr 8
.text:00401020
.text:00401020 push ebp
.text:00401021 mov ebp, esp
.text:00401023 sub esp, 1Ch
.text:00401026 lea eax, [ebp+var_1C]
.text:00401029 push eax ; int
.text:0040102A mov ecx, [ebp+Buffer]
.text:0040102D push ecx ; Buffer
.text:0040102E call sub_4015E0
.text:00401033 add esp, 8
.text:00401036 mov edx, 4
.text:0040103B imul edx, 0
.text:0040103E cmp [ebp+edx+var_1C], 1
.text:00401043 jz short loc_40104A
.text:00401045 call sub_401750
.text:0040104A ; ---------------------------------------------------------------------------
.text:0040104A
.text:0040104A loc_40104A: ; CODE XREF: sub_401020+23↑j
.text:0040104A mov [ebp+var_4], 1
.text:00401051 jmp short loc_40105C
.text:00401053 ; ---------------------------------------------------------------------------
.text:00401053
.text:00401053 loc_401053: ; CODE XREF: sub_401020:loc_40107E↓j
.text:00401053 mov eax, [ebp+var_4]
.text:00401056 add eax, 1
.text:00401059 mov [ebp+var_4], eax
.text:0040105C
.text:0040105C loc_40105C: ; CODE XREF: sub_401020+31↑j
.text:0040105C cmp [ebp+var_4], 6
.text:00401060 jge short loc_401080
.text:00401062 mov ecx, [ebp+var_4]
.text:00401065 add ecx, 1
.text:00401068 mov edx, [ebp+var_4]
.text:0040106B imul ecx, [ebp+edx*4+var_20]
.text:00401070 mov eax, [ebp+var_4]
.text:00401073 cmp [ebp+eax*4+var_1C], ecx
.text:00401077 jz short loc_40107E
.text:00401079 call sub_401750
.text:0040107E ; ---------------------------------------------------------------------------
.text:0040107E
.text:0040107E loc_40107E: ; CODE XREF: sub_401020+57↑j
.text:0040107E jmp short loc_401053
.text:00401080 ; ---------------------------------------------------------------------------
.text:00401080
.text:00401080 loc_401080: ; CODE XREF: sub_401020+40↑j
.text:00401080 mov esp, ebp
.text:00401082 pop ebp
.text:00401083 retn
.text:00401083 sub_401020 endp
Taken17
New User
New User
Posts: 4
Joined: Fri Jul 15, 2022 6:59 pm

Re: Need help with logic of IMUL

Post by Taken17 »

Please disregard. I figured out the calculation. You took the first number and multiplied by 2. Then the next number was multiplied by 3, the next by 4, etc. Going from 120 to 720 you multiplied by 6
Post Reply