Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE Tutorial Step 4: Code Injection with double value help.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Forevah Newbie
How do I cheat?
Reputation: 0

Joined: 10 Nov 2017
Posts: 2

PostPosted: Fri Nov 10, 2017 9:12 am    Post subject: CE Tutorial Step 4: Code Injection with double value help. Reply with quote

Hello all,

I have been practicing solving the built-in CE tutorials using different methods. I am currently now trying to solve them using AoB injections, but stuck at the double value for the ammo.

I have found another topic here in which it demonstrates the assignment of a double value requires memory allocation. I have imitated the code into mine to no avail.

Here's what I have. I am using the 64 bit version of the tutorial:

[code]aobscanmodule(INJECT,Tutorial-x86_64.exe,F2 0F 5C C1 F2 0F 11 83 C0 07 00 00)
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2C04C)
alloc(dblstore,8,"Tutorial-x86_64.exe"+2C04C)

dblstore:
dq (double)5000

label(code)
label(return)

newmem:
push ebx
mov ebx,[dblstore]
mov [rbx+000007C0],ebx
jmp return

code:
movsd [rbx+000007C0],xmm0
jmp return

INJECT+4:
jmp newmem
nop
nop
nop

return:
registersymbol(INJECT)[/code]

Thank you in advance
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 342

Joined: 09 May 2003
Posts: 20066
Location: The netherlands

PostPosted: Fri Nov 10, 2017 9:29 am    Post subject: Reply with quote

ebx is only 4 bytes long.
so you need to copy twice (once at the address and once at +4)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
FreeER
Master Cheater
Reputation: 12

Joined: 09 Aug 2013
Posts: 344

PostPosted: Fri Nov 10, 2017 9:31 am    Post subject: Reply with quote

Code:
mov ebx,[dblstore]
only moves 4 bytes (ebx is a 4 byte / 32bit register) but a double takes 8 bytes, you also don't pop the pushed ebx which will cause problems.

You can just use
Code:
dblstore:
dq (double)5000

newmem:
code:
  movsd xmm0, [dblstore]
  movsd [rbx+000007C0],xmm0
  jmp return


though if you want to use mov then you can either use an x64 / 8 byte register or do the move twice in 4 byte portions.
Code:
code:
  push rax
  mov rax, [dblstore]
  mov [rbx+000007C0],rax
  pop rax
  jmp return


or
Code:

code:
  push rax
  mov eax, [dblstore]
  mov [rbx+000007C0],eax
  mov eax, [dblstore+4]
  mov [rbx+000007C4],eax
  pop rax
  jmp return
Back to top
View user's profile Send private message
ParkourPenguin
Grandmaster Cheater Supreme
Reputation: 54

Joined: 06 Jul 2014
Posts: 1814
Location: Arcadian Suburbia

PostPosted: Fri Nov 10, 2017 10:08 am    Post subject: Reply with quote

Forevah Newbie wrote:
I have found another topic here in which it demonstrates the assignment of a double value requires memory allocation.

Some instructions require a memory accesses to be aligned (e.g. movaps requires 16-byte alignment). Allocating memory on a specific boundary is one way of doing this.
In this case, alignment isn't necessary because mov can address unaligned memory, but it's still good practice to keep memory accesses aligned.

Forevah Newbie wrote:
Code:
newmem:
push ebx
mov ebx,[dblstore]
mov [rbx+000007C0],ebx
jmp return

As others have mentioned, ebx is a 4 byte register and a double takes up 8 bytes. You're only moving the lower 4 bytes of the double.
ebx is being pushed onto the stack but never popped off. This might cause a crash.
ebx is used to store the double, but rbx is used to address the destination. Since ebx is the lower 32 bits of rbx, that mov corrupts the destination address, and ebx is written to an unknown memory address.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 4

Joined: 01 Feb 2016
Posts: 581

PostPosted: Fri Nov 10, 2017 11:02 am    Post subject: Reply with quote

ParkourPenguin wrote:
Some instructions require a memory accesses to be aligned (e.g. movaps requires 16-byte alignment). Allocating memory on a specific boundary is one way of doing this.
In this case, alignment isn't necessary because mov can address unaligned memory, but it's still good practice to keep memory accesses aligned.

i always wanted to learn about "mem align" and what it means and some technical things, if you can write something about this or explain a bit that would be great and i appreciate it.
cause i read intel software devs manual but i couldn't get much tho, so yeah if you have some links or know some websites that have some basic to depth explanation please link then or just post the name of that site.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Back to top
View user's profile Send private message
FreeER
Master Cheater
Reputation: 12

Joined: 09 Aug 2013
Posts: 344

PostPosted: Fri Nov 10, 2017 11:17 am    Post subject: Reply with quote

I don't know much about memory alignment myself but the basic idea seems to be that the hardware works faster if values are at addresses divisible by a power of two, some instructions require it. To know what alignment to use just pick the smallest power of two larger than the size of the value, structures (larger than 16 bytes) should be 16-byte aligned. https://software.intel.com/en-us/articles/data-alignment-when-migrating-to-64-bit-intel-architecture/ and https://stackoverflow.com/questions/381244/purpose-of-memory-alignment
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 4

Joined: 01 Feb 2016
Posts: 581

PostPosted: Fri Nov 10, 2017 12:24 pm    Post subject: Reply with quote

i know the basics of mem align too, especially for integer data type were byte is by default 1 byte, word 2 byte, dword 4 byte, qword 8, float 4 byte, double 8 byte.

but what about 10 byte float or 16 byte double (from intel site they also said there is 32 and 64 how would it be? and 128!) or even four packed 4 byte integer, how it would be in memory tho or even how its being processed tho.
i would also learn about data packing.

also how could i align my data in my script for less CPU cycles.
another question is movaps should be faster than movups?

i have seen many instructions like these two and many more of packed and unpacked, aligned and unaligned.
something strange that i noticed is a double data type using an alignment of 8 (e.g. address: xxxxxxx8) and the instruction was ACCESSED this address was movup thus im a lil bit confused about these instructions and their relation to mem alignment and addressing.

one more thing which one is faster movss (for xmm reg) or movaps?
from what i and maybe everyone noticed that usually we see movss and barely see movaps.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Back to top
View user's profile Send private message
Forevah Newbie
How do I cheat?
Reputation: 0

Joined: 10 Nov 2017
Posts: 2

PostPosted: Fri Nov 10, 2017 5:46 pm    Post subject: Reply with quote

Thanks everyone for the patience of answering such a basic question. I learned a lot.
Back to top
View user's profile Send private message
ParkourPenguin
Grandmaster Cheater Supreme
Reputation: 54

Joined: 06 Jul 2014
Posts: 1814
Location: Arcadian Suburbia

PostPosted: Fri Nov 10, 2017 7:55 pm    Post subject: This post has 2 review(s) Reply with quote

A value is aligned if it is stored at an address that is some multiple of the value's size. For example, for a 4-byte value, any address ending in 0, 4, 8, or C is aligned. A double is 8 bytes, so it would be aligned if it were stored at any address ending in 0 or 8.

The idea that all memory accesses should be aligned is a common requirement imposed by hardware and language specifications. The short answer as to "why" is that it's faster. A longer answer can be found on StackOverflow.

With regards to Intel x64 Architecture, many instructions don't impose that requirement, but still recommend it. There are some instructions (e.g. movaps) that do impose that requirement and will generate an exception upon a violation, but many of those instructions have counterparts (e.g. movups) that permit unaligned memory access.

According to Intel:
Quote:
Alignment of Words, Doublewords, Quadwords, and Double Quadwords

Words, doublewords, and quadwords do not need to be aligned in memory on natural boundaries. The natural boundaries for words, double words, and quadwords are even-numbered addresses, addresses evenly divisible by four, and addresses evenly divisible by eight, respectively. However, to improve the performance of programs, data structures (especially stacks) should be aligned on natural boundaries whenever possible. The reason for this is that the processor requires two memory accesses to make an unaligned memory access; aligned accesses require only one memory access. A word or doubleword operand that crosses a 4-byte boundary or a quadword operand that crosses an 8-byte boundary is considered unaligned and requires two separate memory bus cycles for access.

Some instructions that operate on double quadwords require memory operands to be aligned on a natural boundary. These instructions generate a general-protection exception (#GP) if an unaligned operand is specified. A natural boundary for a double quadword is any address evenly divisible by 16. Other instructions that operate on double quadwords permit unaligned access (without generating a general-protection exception). However, additional memory bus cycles are required to access unaligned data from memory.


OldCheatEngineUser wrote:
but what about 10 byte float or 16 byte double
Technically speaking, pretty much everything dealing with floating point data types is governed by IEEE 754-2008 (Wikipedia).

Intel defines a few floating point data types that correspond to formats in IEEE 754:
  • Half Precision: 16 bits, largely unused.
  • Single Precision: 32 bits, aka "single" or "float"
  • Double Precision: 64 bits, aka "double"
  • Double Extended Precision: 80 bits, used internally in x87
Intel does not currently define any 128-bit floating point data type, but this may change in the next few years.

The extended precision floating point data type is used internally in the x87 FPU. You can ignore its existence and be fine for the most part.

OldCheatEngineUser wrote:
even four packed 4 byte integer, how it would be in memory tho or even how its being processed tho.
i would also learn about data packing.
The xmm registers are 128 bits in length, so they can store 16 bytes, 8 words, 4 dwords, 2 qwords, or 1 dqword. So 4 floats or 2 doubles can be put into a single xmm register.

There are instructions that operate on all values in these registers at the same time. These are referred to as single-instruction-multiple-data (i.e. SIMD) instructions.

That's more or less the basics of it. There are a lot of instruction set extensions Intel has put out that deal with SIMD: MMX, SSE1 - SSE 4.2, and AVX, among others.

OldCheatEngineUser wrote:
how could i align my data in my script for less CPU cycles.
Store individually accessible data at an address that is some multiple of the data's size.

For a double value like in OP's case, it should be stored at an address that is some multiple of 8.
For a single byte, it can be stored anywhere since every address is some multiple of 1.
For 3 packed floats (e.g. X/Y/Z coordinates) that are used in SIMD instructions, they should be stored at an address that is some multiple of 16 (e.g. any address ending in 0).

Alignment should almost always be rounded up to the nearest power of 2.

OldCheatEngineUser wrote:
another question is movaps should be faster than movups?
Yes, especially if movups is accessing an unaligned address. If they're both accessing aligned addresses, the difference should be significantly less (if not negligible), but using movaps in that case is still a good way to verify the software is working correctly.

OldCheatEngineUser wrote:
one more thing which one is faster movss (for xmm reg) or movaps?

That's comparing apples with oranges. movss is used to move one single-precision floating point value while movaps is used to move 4 at once. The difference will almost certainly be negligible from the user's perspective, so use whichever makes more semantic sense.


If you're interested in getting a complete story, I'd recommend reading the documentation provided by Intel here. Volume 1 contains a brief overview of most topics and volume 2 is the instruction set reference.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 4

Joined: 01 Feb 2016
Posts: 581

PostPosted: Sat Nov 11, 2017 3:48 am    Post subject: Reply with quote

thanks Pp, that was useful.
now couple things are making sense to me tho, i already read the isdm pdf of course not all volumes but only the things that i was interested in.

you also know this thing that sometimes when someone explain something in some words and some way you might dont get it, same thing here i didnt get much from intel explaining way or term maybe but i got yours a lil bit.

i really appreciate it, rep+ Pp.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites