Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Question: Dissecting code using other debugger

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Rudo
Advanced Cheater
Reputation: 2

Joined: 27 Jun 2015
Posts: 80

PostPosted: Wed Apr 19, 2017 8:57 am    Post subject: Question: Dissecting code using other debugger Reply with quote

So I was trying to update a few cheats from justa_dude's old Terraria CT. I used WinDBG to dissect the game and got everything I needed to update the cheat. But here is one thing I don't really get why:

So here is what the intructions look like in CE's Memory View:
Code:
2DB358CE: 8B 40 28           -  mov eax,[eax+28]
2DB358D1: FF 50 1C           -  call dword ptr [eax+1C]
2DB358D4: 3B 45 9C           -  cmp eax,[ebp-64]
2DB358D7: 0F 8D B0 01 00 00  -  jnl 2DB35A8D
2DB358DD: 8B 45 A4           -  mov eax,[ebp-5C]
2DB358E0: 0B 45 A0           -  or eax,[ebp-60]
2DB358E3: 74 0A              -  je 2DB358EF


But when I dissect the function using WinDBG, it looks something like this:
Code:
41fa555b 8b4028          mov     eax,dword ptr [eax+28h]
41fa555e ff501c          call    dword ptr [eax+1Ch]
41fa5561 3b459c          cmp     eax,dword ptr [ebp-64h]
41fa5564 0f8d5e010000    jge     41fa56c8
41fa556a 8b45a4          mov     eax,dword ptr [ebp-5Ch]
41fa556d 0b45a0          or      eax,dword ptr [ebp-60h]
41fa5570 740c            je      41fa557e


(they changed the jump jnl to jge, but I don't think it matters)
So my questions:
1) Why does the 2 intructions different?
Code:
2DB358CE: 8B 40 28           -  mov eax,[eax+28]

compare to
Code:
41fa555b 8b4028          mov     eax,dword ptr [eax+28h]

I thought they would be the same... both intructions would be mov eax,[eax+28] or
mov eax,dword ptr [eax+28h].

2) What is the "h" thing stand for? (e.x: [eax+28h]) and why it doesn't appear in CE.

English is not my mother tongue so I am very sorry if I cause any confusion.

Edit: h stands for hex. Silly me.


Last edited by Rudo on Wed Apr 19, 2017 9:15 am; edited 2 times in total
Back to top
View user's profile Send private message
rog9001
Expert Cheater
Reputation: 2

Joined: 22 Dec 2015
Posts: 214
Location: Jupiter

PostPosted: Wed Apr 19, 2017 9:06 am    Post subject: Reply with quote

1. They are the same thing its just in the second one
Code:

mov eax,dword ptr [eax+28h]

its saying that its moving into eax (dword ptr) a unsigned 32-bit unit of data (in other words a value which is in the range 0 - 4,294,967,295).

2. "h" stands for "hex" its just saying that the offset is in hex nothing else.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Apr 19, 2017 9:11 am    Post subject: Reply with quote

Well it's obviously just a matter of showing the same thing differently since you're looking at the same thing, just with different tools Smile

1. CE separates each byte to make it easier to read while WinDBG doesn't, it's still the same 3 bytes in the same order making up the same instruction.

CE also doesn't bother showing the implied "dword ptr" since that's the default (I think it is for most assemblers/debuggers, could be wrong however), though it does if it's something else, eg a byte ptr.

2. The h suffix is the same as the 0x prefix in most programming languages, a way to show that the number is in hexadecimal rather than decimal. CE simply has chosen to make most things hexadecimal by default so doesn't bother with a prefix or suffix for hexadecimal

extra. As for the jnl and jge, you can think of, say, 9 as "not less" than 3 or as "greater than (or equal to)" 3; 3 itself would be equal to three and not greater than 3.
Back to top
View user's profile Send private message
Rudo
Advanced Cheater
Reputation: 2

Joined: 27 Jun 2015
Posts: 80

PostPosted: Wed Apr 19, 2017 9:20 am    Post subject: Reply with quote

Thanks you for the quick replies. Everything is solved.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites