View previous topic :: View next topic |
Author |
Message |
Corruptor Advanced Cheater Reputation: 3
Joined: 10 Aug 2011 Posts: 82
|
Posted: Wed Oct 31, 2012 1:13 pm Post subject: CreateThread crashes |
|
|
Ok, this is a strange thing i cant seem to figure out.
This Code crashes the current process:
Code: | [ENABLE]
alloc(create, 2000)
CREATETHREAD(create)
create:
push 0000000C
push 00000000
add esp,8
ret
[DISABLE]
//code from here till the end of the code will be used to disable the cheat |
while this one works fine:
Code: | [ENABLE]
alloc(create, 2000)
CREATETHREAD(create)
create:
push 0000000C
push 00000000
pop eax
pop eax
ret
[DISABLE]
//code from here till the end of the code will be used to disable the cheat |
This is a major problem as basically every function on this planet increases esp to get rid of the parameters. Why is this happening?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Oct 31, 2012 1:34 pm Post subject: |
|
|
Weird. Is the target 64-bit by any chance?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Corruptor Advanced Cheater Reputation: 3
Joined: 10 Aug 2011 Posts: 82
|
Posted: Wed Oct 31, 2012 2:33 pm Post subject: |
|
|
I used the editor asuming its 32bit (as its lying in the system32 folder) but seemingly it isnt.... thank you for that. Kinda embarrassing
|
|
Back to top |
|
|
SteveAndrew Master Cheater Reputation: 30
Joined: 02 Sep 2012 Posts: 323
|
Posted: Thu Nov 01, 2012 2:18 pm Post subject: |
|
|
Corruptor wrote: | I used the editor asuming its 32bit (as its lying in the system32 folder) but seemingly it isnt.... thank you for that. Kinda embarrassing |
Okay so then it is 64-bit...
So then to fix it you had to double the amount you were popping off the stack right?
So then if you change it to:
Code: |
[ENABLE]
alloc(create, 2000)
CREATETHREAD(create)
create:
push 0000000C
push 00000000
add esp,10
ret
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
|
Then it doesn't crash right?
As previously you were popping 8 bytes off the stack (by adding 8 to ESP) which on 32-bit would pop off both of those pushed parameters... On 64-bit however it would only be popping off one of the parameters... (Since 32-bits == 4 bytes and 64-bits == 8 bytes)
So by doubling the amount being popped off (added to ESP) on 64-bit it nows pops both parameters off properly correct? (Of course it isn't truly popping them off as they aren't going into any register like in your first example (they were being popped off into eax) but you know what I mean.
So in 64-bit you can still use EAX,EBX,ECX,EDX, etc registers? I thought they now look like: RAX,RBX,RCX,RDX, etc... Or is it kind like how on 32-bit as opposed to 16-bit you can still use AX,BX,CX,DX,etc registers?
I should really just test this myself but I've got to go out and do something right now...
_________________
Last edited by SteveAndrew on Thu Nov 01, 2012 2:23 pm; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Nov 01, 2012 2:22 pm Post subject: |
|
|
almost correct, but remember that ce's default value type is hexadecimal.
so, "add rsp,10" (or #16)
(esp will work most of the time fine as well, but it's recommended to use rsp)
and yes, you can still use those 32-bit registers.
As for address specifiers those can only be 64-bit though. But ce is lenient enough and doesn't bitch if you use a 32-bit register as address specifier.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Thu Nov 01, 2012 2:23 pm; edited 1 time in total |
|
Back to top |
|
|
SteveAndrew Master Cheater Reputation: 30
Joined: 02 Sep 2012 Posts: 323
|
Posted: Thu Nov 01, 2012 2:23 pm Post subject: |
|
|
Dark Byte wrote: | almost correct, but remember that ce's default value type is hexadecimal.
so, "add rsp,10" (or #16)
(esp will work most of the time fine as well, but it's recommended to use rsp) |
Yes that's right, that's what I meant but for some reason I was thinking in decimal...
So in 64-bit you can still use EAX,EBX,ECX,EDX, etc registers? I thought they now look like: RAX,RBX,RCX,RDX, etc... Or is it kind like how on 32-bit as opposed to 16-bit you can still use AX,BX,CX,DX,etc registers?
_________________
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Nov 01, 2012 2:27 pm Post subject: |
|
|
The same as 32-bit/16-bit.
but unlike 32-bit using a 16-bit instruction requiring a prefix (0x66) in 64-bit you need a prefix(0x4*) if you wish to use the 64-bit (R) instructions.
So mov eax,1234 is the same encoding as in 32-bit. And mov rax,1234 adds a prefix
Also, for some reason it added 1 byte specifiers for some registers like si (sil) and di (dil)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
SteveAndrew Master Cheater Reputation: 30
Joined: 02 Sep 2012 Posts: 323
|
Posted: Thu Nov 01, 2012 2:56 pm Post subject: |
|
|
Dark Byte wrote: | The same as 32-bit/16-bit.
but unlike 32-bit using a 16-bit instruction requiring a prefix (0x66) in 64-bit you need a prefix(0x4*) if you wish to use the 64-bit (R) instructions.
So mov eax,1234 is the same encoding as in 32-bit. And mov rax,1234 adds a prefix
Also, for some reason it added 1 byte specifiers for some registers like si (sil) and di (dil) |
Well that's pretty cool! Yeah I've been avoiding 64-bit programming / learning 64-bit assembler for a long time, but now have decided it's time to step up and start doing it! And to my surprise its really not as complicated as I thought it would be. Which is good
Anyways as you've probably already read I've gotten a completely new computer now, and it's fast! But now I'm still having issues with DBVM even with a supported CPU, so I was hoping you could look into it as I really want to get DBVM going for me!
Here's my thread posted in the DBVM section:
http://forum.cheatengine.org/viewtopic.php?t=559050
Either way I'm enjoying my new computer, but having DBVM working would just be the icing on the cake Help me out with DBVM when you've got time, or is there source to DBVM available that I can play around with? I'm not sure if you've released the source to that particular part of CE... (Sorry for going offtopic but the DBVM forum isn't that active so it might not get noticed there)
_________________
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Nov 01, 2012 4:47 pm Post subject: |
|
|
I replied to that topic.
The source: http://code.google.com/p/cheat-engine/source/browse/trunk/dbvm/
The sourcecode is a complete chaotic mess and has been known to cause hardcore coders' eyes to explode after trying to read it
To compile you need a 64-bit linux with both nasm and yasm installed. (and gcc)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|