Hello everyone! Today I will discuss about this gadget: "0:FB78H" and its usage. First, you can take a look in this image:
Here's a few of instructions about this gadget. If you look at this image, do you feel familiar with "0:8EA4" gadget you used to see on @RH_QDG post? If yes, you were correct! This is just ER2-table-traversing version, it has almost the same usage of EA-table-traversing, but it's easier. So how does it work? It's easy, first, it loads value it needs from [lbk]ER2[rbk] to ER0, then check if ER0 != 0 or ER0 == 0. Suppose that ER0 != 0, this time it will jump to 0:FB6C, and then compare with ER8. If ER0 == ER8, then ER0 = 0, POP ER8, and return to PC; otherwise it will execute ER2 += 2, then continue traversing until it set ER0 = 0. If ER0 = 0 then it will immediately execute ER0 = ER8, POP ER8, and return to PC.
Here's a few of instructions about this gadget. If you look at this image, do you feel familiar with "0:8EA4" gadget you used to see on @RH_QDG post? If yes, you were correct! This is just ER2-table-traversing version, it has almost the same usage of EA-table-traversing, but it's easier. So how does it work? It's easy, first, it loads value it needs from [lbk]ER2[rbk] to ER0, then check if ER0 != 0 or ER0 == 0. Suppose that ER0 != 0, this time it will jump to 0:FB6C, and then compare with ER8. If ER0 == ER8, then ER0 = 0, POP ER8, and return to PC; otherwise it will execute ER2 += 2, then continue traversing until it set ER0 = 0. If ER0 = 0 then it will immediately execute ER0 = ER8, POP ER8, and return to PC.
