WEBVTT 1 00:00.890 --> 00:02.180 Hello and welcome back. 2 00:02.180 --> 00:05.270 In this lesson, we will take a look at how the - register 3 00:05.300 --> 00:05.960 works. 4 00:06.290 --> 00:12.830 The - register works with the signed operations. 5 00:12.830 --> 00:15.230 That means it can be positive or negative numbers. 6 00:15.350 --> 00:20.120 So if the target -, the target register is too small, 7 00:20.120 --> 00:29.390 for example, if you are using - or - or -, is only one byte, the range of it is -128 to positive 8 00:29.390 --> 00:30.350 127. 9 00:30.350 --> 00:35.900 If we perform arithmetic operations which exceed this range, go beyond this range, 10 00:35.900 --> 00:40.850 either is too big, bigger than 127, or less than -128, 11 00:40.850 --> 00:43.190 then the flag will be set. 12 00:43.400 --> 00:46.430 So let's try to do this now and see how it works in 13 00:46.430 --> 00:47.990 x64dbg. 14 00:49.190 --> 00:54.110 So we put a breakpoint here, we run to it, and we step to this new line here. 15 00:54.110 --> 00:57.590 Now we put something in the - register. 16 00:57.590 --> 01:01.400 Let's say we put, right-click, modify, for signed, 17 01:01.400 --> 01:05.060 we put positive 127. 18 01:05.300 --> 01:08.210 Let's say positive 127. 19 01:08.210 --> 01:11.420 So positive 127 is 7F in hex. 20 01:11.510 --> 01:15.950 So now we try to add ten to it to make it overflow. 21 01:15.950 --> 01:17.420 So let's see what happens. 22 01:17.570 --> 01:25.310 We add to -, ten, and then click okay. 23 01:25.400 --> 01:34.790 Now we step over this and watch your overflow flag. Step over, and you see the overflow flag is set, 24 01:34.790 --> 01:36.740 meaning that an overflow has occurred. 25 01:37.730 --> 01:39.920 Adding ten to 127 26 01:39.920 --> 01:43.910 is bigger than the one byte. 27 01:44.090 --> 01:47.690 So therefore, it overflows and overflow is set. 28 01:48.440 --> 01:57.350 So the same thing happens to negative if we minus something from this number and it 29 01:57.350 --> 01:58.490 overflows. 30 01:58.490 --> 02:00.620 Then the overflow will also be set. 31 02:00.620 --> 02:02.240 So let's try that now. 32 02:02.240 --> 02:06.590 Now we will experiment with - register instead. 33 02:06.590 --> 02:08.570 So we now try the - register. 34 02:09.920 --> 02:15.440 We put a negative value, -128, negative 128, 35 02:15.440 --> 02:15.860 let's say. 36 02:17.940 --> 02:22.680 So negative 128 is 80 in hex. 37 02:23.160 --> 02:24.960 So -128. 38 02:25.470 --> 02:28.470 So now we try to minus ten from this -. 39 02:30.580 --> 02:33.580 Sub -, ten. 40 02:36.360 --> 02:43.650 Here we step over, and you see the - flag is still maintained as one, meaning that when we minus ten 41 02:43.650 --> 02:46.890 from -128, it overflows. 42 02:46.890 --> 02:48.450 So the - is set. 43 02:49.110 --> 02:49.590 All right. 44 02:49.590 --> 02:50.790 So the same. 45 02:50.790 --> 02:54.720 So now, how do we, let's try to change this. 46 02:54.720 --> 03:01.200 Now let's say we perform operation on the word instead of the byte. 47 03:01.320 --> 03:02.160 See what happens. 48 03:02.160 --> 03:07.530 So now we go back to -, modify this. 49 03:07.530 --> 03:11.670 We put a value of positive 127. 50 03:11.670 --> 03:21.330 Let's say this time we are going to add ten to see whether it overflows. 51 03:21.330 --> 03:23.850 So we add, instead of -, 52 03:23.850 --> 03:24.930 this time we use -. 53 03:25.260 --> 03:32.010 We add ten to it, and - has a wider range, -32768 to positive 32767. 54 03:32.010 --> 03:33.360 So it shouldn't overflow. 55 03:34.680 --> 03:35.670 So let's try that. 56 03:35.670 --> 03:39.600 Now we step over this, and we see the overflow is cleared. 57 03:39.630 --> 03:44.010 That means overflow did not happen because the 58 03:44.010 --> 03:49.500 word, which is two bytes, is large enough to accommodate 127 plus ten. 59 03:50.010 --> 03:51.750 So that's why it didn't overflow. 60 03:52.320 --> 03:55.020 So now let's try the reverse with minus. 61 03:55.020 --> 03:56.130 Let's try -. 62 03:56.130 --> 04:04.170 This time, modify the value and put a negative 128. 63 04:04.740 --> 04:09.450 This time we are going to minus ten from - instead of -. 64 04:10.170 --> 04:17.490 So now we subtract from - the value of negative ten. 65 04:19.890 --> 04:21.060 And we step over. 66 04:23.680 --> 04:29.710 So you notice the flag is cleared, meaning that there is no overflow. 67 04:29.860 --> 04:34.510 This is how the - flag works in the x64dbg and assembly. 68 04:34.540 --> 04:35.650 That's all for this video. 69 04:35.650 --> 04:36.940 Thank you for watching.