|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Sun Feb 21, 2010 5:43 pm Post subject: Help with inline __asm |
|
|
I want to use a jump back in my asm code to make a loop, but what address should I put to the jump?It is going like that:
Code: |
__asm
{
mov ebp,0x00000014
mov ecx,0x02DE2FD0
movzx edx,byte ptr [esi] <-- I want to jump back here
mov eax,[ecx+04]
xor edx,eax
and edx,000000ff
add edx,edi
shr eax,08
sub ebp,01
jne back there
}
|
|
|
Back to top |
|
|
Reak I post too much Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Sun Feb 21, 2010 5:57 pm Post subject: |
|
|
Code: | __asm
{
mov ebp,0x00000014
mov ecx,0x02DE2FD0
loop:
movzx edx,byte ptr [esi]
mov eax,[ecx+04]
xor edx,eax
and edx,000000ff
add edx,edi
shr eax,08
sub ebp,01
jne loop
} |
|
|
Back to top |
|
|
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Sun Feb 21, 2010 6:02 pm Post subject: |
|
|
thx, that 's valid in C/C++? the loop: is strange. Ohh, I forgot to mention that when jumping, I don't want to lose the register values, so the loop will continue correctly.
|
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Sun Feb 21, 2010 6:29 pm Post subject: |
|
|
you can do as Reak suggested or alternatively:
Code: | __asm
{
mov ebp,0x00000014
mov ecx,0x02DE2FD0
@@:
movzx edx,byte ptr [esi]
mov eax,[ecx+04]
xor edx,eax
and edx,000000ff
add edx,edi
shr eax,08
sub ebp,01
jne @b
} |
that assembly code does not seem all that useful though..
|
|
Back to top |
|
|
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Sun Feb 21, 2010 6:38 pm Post subject: |
|
|
Why did you put @@: and then @b, I don't understand that.
This code is the encryption part of a network packet. I just used static values for ebp and ecx,, there's also esi involved there... doesn't matter.. I just need to loop every byte till ebp is 0;
this is the complete of it...is it valid? cause there something else I have to do to complete it, I can't test it yet...
Code: |
mov ebp, 0x00000014 //20 bytes, 20 loops
mov ecx, encAddr2 // encryption's space
mov esi, buffer //my buffer's location
mov [ecx+04],0xffffffff
mov edi,[ecx]
shl edi,08
jump: movzx edx,byte ptr [esi] //jump here
mov eax,[ecx+04]
xor edx,eax
and edx,000000ff
add edx,edi
shr eax,08
xor eax,[edx*4+00fe2fd0]
add esi,01
sub ebp,01
mov [ecx+04],eax
jne jump
|
|
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Sun Feb 21, 2010 6:51 pm Post subject: |
|
|
oh. i had not expected you to use ebp as a general purpose register. in general that one is reserved for the use of the stack although if you are careful in asm it is possible to use it for other things.
the @@: defines an anonymous label at that point. the @b means to do a jump ( in this case jne ) to the closest previous anonymous label. this saves you thinking of unique label names.
basically writing a name that does not start in a number or is a reserved word preceded by a colon means you are defining a label there. whenever you refer to that label it will refer to the effective address of it after assemble time.
a label does not insert any code into your application, it just gives you something to refer to for jmps or other purposes
you might want to make sure you are preserving ebp before/after your code though else your program will crash. also, your application will not expect esi/edi to be changed either. you need to push/pop those if you are going to use them. registers you can trash are eax/ecx/edx
and btw it appears that you are moving to the same place for the result of the encryption, that is [ecx+04]. at each iteration of your loop ecx is also unaffected so the 'encryption result' is just being overwritten continuously. not sure if you meant to do that
in fact the way you are doing it, the first instruction of the loop could be hoisted out and the code modified to make it more efficient. by this i mean that 'mov [ecx+04],eax' is not actually necessarily except in its first instance. in every other case you could just do with eax. then after your loop save eax to memory with that instruction
|
|
Back to top |
|
|
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Sun Feb 21, 2010 7:21 pm Post subject: |
|
|
I am still newbie in assembly. I don't know all the details and I know I may be doing something wrong, but for this:
Quote: | and btw it appears that you are moving to the same place for the result of the encryption, that is [ecx+04]. at each iteration of your loop ecx is also unaffected so the 'encryption result' is just being overwritten continuously. not sure if you meant to do that |
I must leave it as it is, because at the beggining of the jump where
movzx edx,byte ptr [esi],
edx holds the value of the current byte from the buffer. then it copies the data from [ecx+04] to the eax, and eax is making calculations with edx, all that in the end writes back to [ecx+04] with a different value!!,, and the next loop will have a new value at [ecx+04]. I think the same is done from the server-side,, if at the end of the loop [ecx+04] has incorrect data in it,, the server does the check and kicks me., I must construct the packet correctly as the client does, and this code is from client.
EDIT: and for push/pop ,, yee I think I have to save those :// It crashes xD
just in case I push/pop all that change:
Code: | push ebp
push ecx
push esi
push edi
mov ebp,0x00000014 //20 bytes, 20 loops
mov ecx,encAddr2 //to meros tou encryption
mov esi,lolz //buffer location
mov [ecx+0x04],0xffffffff
mov edi,[ecx]
shl edi,0x08
jump: movzx edx,byte ptr [esi] //jump here
mov eax,[ecx+0x04]
xor edx,eax
and edx,0x000000ff
add edx,edi
shr eax,0x08
xor eax,[edx*0x4+0x00fe2fd0]
add esi,0x01
sub ebp,0x01
mov [ecx+0x04],eax
jne jump
pop ebp
pop ecx
pop esi
pop edi |
or I have to pop to the other way??
EDIT2: my prog still crashes,, I will debug a little bit now...
I changed ebp to edx,, even if I push it to the stack,, it crashes,, maybe because the value it had, is needed on push,pop
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Sun Feb 21, 2010 8:34 pm Post subject: |
|
|
You are popping the registers in the wrong order.
Code: | LIFO :: Last In, First Out
FILO :: First In, Last Out |
_________________
|
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Mon Feb 22, 2010 5:40 am Post subject: |
|
|
i mean your loop can be changed like so:
Code: | mov eax,[ecx+0x04]
@@: movzx edx,byte ptr [esi] //jump here
xor edx,eax
and edx,0x000000ff
add edx,edi
shr eax,0x08
xor eax,[edx*0x4+0x00fe2fd0]
add esi,0x01
sub ebp,0x01
jne @b
mov [ecx+0x04],eax |
|
|
Back to top |
|
|
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Mon Feb 22, 2010 6:11 am Post subject: |
|
|
Quote: | i mean your loop can be changed like so: |
I think I got it...
I don't have to
Code: |
mov eax,[ecx+0x04]
......
......
[ecx+0x04] ,mov eax
|
Quote: | You are popping the registers in the wrong order. |
yea it was wrong.,, stack is a FILO
So I changed my code like this now, Is this correct?
Code: |
push ecx //just saving the last values for these registers
push esi
push edi
push edx
mov edx,0x06 //20 bytes, 20 loops
push edx <-- push 0x06 on the stack
mov ecx,encAddr2 //to meros tou encryption
mov esi,lolz //buffer location
mov [ecx+0x04], 0xffffffff
mov eax, [ecx+0x04]
mov edi, [ecx]
shl edi, 0x08
jump:
movzx edx,byte ptr [esi] //jump here
xor edx,eax
and edx,0x000000ff
add edx,edi
shr eax,0x08
xor eax,[edx*0x4+0x00fe2fd0]
add esi,0x01
pop edx <-- pop 0x06 in edx
sub edx,0x01 <-- decrease by 1
push edx <-- put the new value back to stack
jne jump <-- if edx is not 0 jump to label jump:
mov [ecx+0x04],eax
pop edx <-- remove edx garbage from stack
pop edx //restore old values back to registers
pop edi
pop esi
pop ecx
|
I just want to make it work,,, don't need any optimizations. I don't even know if it works the right way, and if it gonna do what I want it to.
Last edited by kot1990 on Mon Feb 22, 2010 6:19 am; edited 1 time in total |
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Mon Feb 22, 2010 6:16 am Post subject: |
|
|
seems okay at a first glance. however i would not use edx like how you are if i was you. pushing/popping is not really all that fast. bear in mind that stack is essentially memory. i would just make use of another register. say, ebx
Code: | mov [ecx+0x04], 0xffffffff
mov eax, [ecx+0x04] |
can be replaced by :
Code: | mov eax, 0xffffffff |
since you are not using that buffer at all at any later points
|
|
Back to top |
|
|
kot1990 Expert Cheater Reputation: 1
Joined: 06 Sep 2009 Posts: 131 Location: Greece
|
Posted: Mon Feb 22, 2010 6:30 am Post subject: |
|
|
thx , I was just looking at it and thinking...
|
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Mon Feb 22, 2010 6:36 am Post subject: |
|
|
btw since you are push/pop'ing so many registers you might wanna check out pushad/popad. note that these 2 instructions are not efficient since they do extra and unneeded work but some people prefer them due to 'tidier' code
|
|
Back to top |
|
|
&Vage Grandmaster Cheater Supreme Reputation: 0
Joined: 25 Jul 2008 Posts: 1053
|
Posted: Tue Feb 23, 2010 5:55 pm Post subject: |
|
|
I recommend you use pushad, and popad; instead of pushing and popping all those register in and out of the stack.
|
|
Back to top |
|
|
smartz993 I post too much Reputation: 2
Joined: 20 Jun 2006 Posts: 2013 Location: USA
|
Posted: Tue Feb 23, 2010 6:01 pm Post subject: |
|
|
&Vage wrote: | I recommend you use pushad, and popad; instead of pushing and popping all those register in and out of the stack. |
I recommend you read the post above you.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|