Cheat Engine

[ulysse31]

Hello,

I am reversing a packet encryption function, there are 2 instructions which I cannot seem to understand.
They are always together :

016B8336 - 1B C0 - sbb eax,eax
016B8338 - F7 D8 - neg eax

I ve done research and tried to figure out for a significant amount of time, every source I found on the web said that :

sbb eax,eax will do eax = eax - eax - (CF value (carry flag value)).
Therefore the result of this instruction could either be FFFFFFFF which is minus 1 either 0.

neg eax is going to do eax = 0-eax.
Sources say it will set the carry flag to 0 if eax is 0 and otherwise it will set the carry flag to 1.
Source :
http://www.blueraja.com/blog/285/branchless-conditionals-compiler-optimization-technique

This is what I have seen with debugging :
sbb eax,eax is a mystery to me. Sometimes if CF = 1 it sets eax to FFFFFFFF as you would expect but sometimes it sets EAX to 0 even tho CF is 1.
Then I have also seen sbb eax,eax turn eax into FFFFFFFF while CF was 0, if someone could explain me why that happens i'd be very gratefull.

As for neg eax, I witness the exact opposite of what i was expecting by reading net sources :
if eax is 0, neg eax always sets the CF to 1 instead of 0 and if eax is not 0 the neg simply switches the CF flag (turns it to 1 if it was 0 and to 0 if it was 1).

[atom0s]

For SBB, take a look at this:
http://x86.renejeschke.de/html/file_module_x86_id_286.html

The example of what would make use of SBB is something like this: