View previous topic :: View next topic |
Author |
Message |
cannonfodderex Advanced Cheater Reputation: 0
Joined: 30 Oct 2012 Posts: 60
|
Posted: Wed Apr 05, 2017 10:09 am Post subject: Strange behavior in disassembler |
|
|
I found disassembler of CE showing complete different code when viewing the same address block.
This happens when I try to modify Sovereignty - Crown of Kings.
The game seems to be written with .net framework, but doesn't look like unity.
I searched and found unit hp, then with "find out what writes to this address", got a code that writes the hp, the line with ** is the code:
**0066A0C0 - 89 51 08 - mov [ecx+08],edx
0066A0C3 - 8B 49 04 - mov ecx,[ecx+04]
0066A0C6 - 85 C9 - test ecx,ecx
0066A0C8 - 74 08 - je 0066A0D2
0066A0CA - 8B 41 0C - mov eax,[ecx+0C]
0066A0CD - 8B 49 04 - mov ecx,[ecx+04]
0066A0D0 - FF D0 - call eax
0066A0D2 - C3 - ret
Then I used "find out what addresses this code writes to", got lots of unit hp addresses, so the code is probably right.
But when I scroll one line up in disassembler, all codes changed to:
0066A0BF - 00 89 51088B49 - add [ecx+498B0851],cl
0066A0C5 - 04 85 - add al,-7B { 133 }
0066A0C7 - C9 - leave
0066A0C8 - 74 08 - je 0066A0D2
0066A0CA - 8B 41 0C - mov eax,[ecx+0C]
0066A0CD - 8B 49 04 - mov ecx,[ecx+04]
0066A0D0 - FF D0 - call eax
0066A0D2 - C3 - ret
And one more line up, it becomes:
0066A0BE - 67 00 89 - add 0066A0BEcl
0066A0C1 - 51 - push ecx
0066A0C2 - 08 8B 490485C9 - or [ebx-367AFBB7],cl
0066A0C8 - 74 08 - je 0066A0D2
0066A0CA - 8B 41 0C - mov eax,[ecx+0C]
0066A0CD - 8B 49 04 - mov ecx,[ecx+04]
0066A0D0 - FF D0 - call eax
0066A0D2 - C3 - ret
No matter how I scroll back or forth, disassembler won't give the right code. The only thing I can do is close the disassembler and reopen it with "open ths disassembler at this location" from advanced options code list or "go to address" and input 0066A0C0.
Is it a bug? What can I do to view the codes before the right code?
CE version: 6.6
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Wed Apr 05, 2017 11:07 am Post subject: |
|
|
use the left-right arrows to scroll by 1 byte instead of letting ce guess
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
cannonfodderex Advanced Cheater Reputation: 0
Joined: 30 Oct 2012 Posts: 60
|
Posted: Wed Apr 05, 2017 9:28 pm Post subject: |
|
|
Do you mean arrow keys on the keyboard?
I tried all 4 of them ,the scroll bar and "select funtion", disassembler always change the code.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Thu Apr 06, 2017 1:56 am Post subject: |
|
|
yes, on the keyboard. just press left until it looks good
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
cannonfodderex Advanced Cheater Reputation: 0
Joined: 30 Oct 2012 Posts: 60
|
Posted: Thu Apr 06, 2017 7:41 am Post subject: |
|
|
Unfortunately, the codes change as soon as I press left, and never change back.
The codes is right only when the address of the right code is the first line in disassembler.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Thu Apr 06, 2017 7:47 am Post subject: |
|
|
then that means there is no earlier instruction
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Viloresi Expert Cheater Reputation: 0
Joined: 02 Feb 2017 Posts: 149
|
Posted: Thu Apr 06, 2017 7:52 am Post subject: |
|
|
Dark Byte wrote: | then that means there is no earlier instruction |
So it means that just a byte of an instruction access that address? I know this "problem" is related to the fact that CE tries to combine each byte into instructions... But I've never wondered why this happens sometimes :/
|
|
Back to top |
|
|
|