Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with inline __asm
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Sun Feb 21, 2010 5:43 pm    Post subject: Help with inline __asm Reply with quote

I want to use a jump back in my asm code to make a loop, but what address should I put to the jump?It is going like that:

Code:

__asm
{
                        mov ebp,0x00000014
         mov ecx,0x02DE2FD0

         movzx edx,byte ptr [esi] <-- I want to jump back here
         mov eax,[ecx+04]
         xor edx,eax
         and edx,000000ff
         add edx,edi
         shr eax,08
         sub ebp,01
         jne back there
}
Back to top
View user's profile Send private message
Reak
I post too much
Reputation: 0

Joined: 15 May 2007
Posts: 3496

PostPosted: Sun Feb 21, 2010 5:57 pm    Post subject: Reply with quote

Code:
__asm
{
         mov ebp,0x00000014
         mov ecx,0x02DE2FD0
    loop:
         movzx edx,byte ptr [esi]
         mov eax,[ecx+04]
         xor edx,eax
         and edx,000000ff
         add edx,edi
         shr eax,08
         sub ebp,01
         jne loop
}
Back to top
View user's profile Send private message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Sun Feb 21, 2010 6:02 pm    Post subject: Reply with quote

thx, that 's valid in C/C++? the loop: is strange. Ohh, I forgot to mention that when jumping, I don't want to lose the register values, so the loop will continue correctly.
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Sun Feb 21, 2010 6:29 pm    Post subject: Reply with quote

you can do as Reak suggested or alternatively:

Code:
__asm
{
         mov ebp,0x00000014
         mov ecx,0x02DE2FD0
    @@:
         movzx edx,byte ptr [esi]
         mov eax,[ecx+04]
         xor edx,eax
         and edx,000000ff
         add edx,edi
         shr eax,08
         sub ebp,01
         jne @b
}


that assembly code does not seem all that useful though..
Back to top
View user's profile Send private message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Sun Feb 21, 2010 6:38 pm    Post subject: Reply with quote

Why did you put @@: and then @b, I don't understand that.
This code is the encryption part of a network packet. I just used static values for ebp and ecx,, there's also esi involved there... doesn't matter.. I just need to loop every byte till ebp is 0;

this is the complete of it...is it valid? cause there something else I have to do to complete it, I can't test it yet...

Code:

                        mov ebp, 0x00000014 //20 bytes, 20 loops
         mov ecx, encAddr2     // encryption's space
         mov esi, buffer          //my buffer's location

         mov [ecx+04],0xffffffff
         mov edi,[ecx]
         shl edi,08

   jump:       movzx edx,byte ptr [esi] //jump here
         mov eax,[ecx+04]
         xor edx,eax
         and edx,000000ff
         add edx,edi
         shr eax,08
         xor eax,[edx*4+00fe2fd0]
         add esi,01
         sub ebp,01
         mov [ecx+04],eax
         jne jump
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Sun Feb 21, 2010 6:51 pm    Post subject: This post has 1 review(s) Reply with quote

oh. i had not expected you to use ebp as a general purpose register. in general that one is reserved for the use of the stack although if you are careful in asm it is possible to use it for other things.

the @@: defines an anonymous label at that point. the @b means to do a jump ( in this case jne ) to the closest previous anonymous label. this saves you thinking of unique label names.

basically writing a name that does not start in a number or is a reserved word preceded by a colon means you are defining a label there. whenever you refer to that label it will refer to the effective address of it after assemble time.

a label does not insert any code into your application, it just gives you something to refer to for jmps or other purposes

you might want to make sure you are preserving ebp before/after your code though else your program will crash. also, your application will not expect esi/edi to be changed either. you need to push/pop those if you are going to use them. registers you can trash are eax/ecx/edx

and btw it appears that you are moving to the same place for the result of the encryption, that is [ecx+04]. at each iteration of your loop ecx is also unaffected so the 'encryption result' is just being overwritten continuously. not sure if you meant to do that

in fact the way you are doing it, the first instruction of the loop could be hoisted out and the code modified to make it more efficient. by this i mean that 'mov [ecx+04],eax' is not actually necessarily except in its first instance. in every other case you could just do with eax. then after your loop save eax to memory with that instruction
Back to top
View user's profile Send private message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Sun Feb 21, 2010 7:21 pm    Post subject: Reply with quote

I am still newbie in assembly. I don't know all the details and I know I may be doing something wrong, but for this:

Quote:
and btw it appears that you are moving to the same place for the result of the encryption, that is [ecx+04]. at each iteration of your loop ecx is also unaffected so the 'encryption result' is just being overwritten continuously. not sure if you meant to do that


I must leave it as it is, because at the beggining of the jump where
movzx edx,byte ptr [esi],
edx holds the value of the current byte from the buffer. then it copies the data from [ecx+04] to the eax, and eax is making calculations with edx, all that in the end writes back to [ecx+04] with a different value!!,, and the next loop will have a new value at [ecx+04]. I think the same is done from the server-side,, if at the end of the loop [ecx+04] has incorrect data in it,, the server does the check and kicks me., I must construct the packet correctly as the client does, and this code is from client.

EDIT: and for push/pop ,, yee I think I have to save those :// It crashes xD

just in case I push/pop all that change:

Code:
push ebp
         push ecx
         push esi
         push edi

         mov ebp,0x00000014 //20 bytes, 20 loops
         mov ecx,encAddr2 //to meros tou encryption
         mov esi,lolz //buffer location

         mov [ecx+0x04],0xffffffff
         mov edi,[ecx]
         shl edi,0x08

jump:      movzx edx,byte ptr [esi] //jump here
         mov eax,[ecx+0x04]
         xor edx,eax
         and edx,0x000000ff
         add edx,edi
         shr eax,0x08
         xor eax,[edx*0x4+0x00fe2fd0]
         add esi,0x01
         sub ebp,0x01
         mov [ecx+0x04],eax
         jne jump
         
         pop ebp
         pop ecx
         pop esi
         pop edi


or I have to pop to the other way??

EDIT2: my prog still crashes,, I will debug a little bit now...

I changed ebp to edx,, even if I push it to the stack,, it crashes,, maybe because the value it had, is needed on push,pop
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Sun Feb 21, 2010 8:34 pm    Post subject: Reply with quote

You are popping the registers in the wrong order.

Code:
LIFO :: Last In, First Out
FILO :: First In, Last Out

_________________
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Mon Feb 22, 2010 5:40 am    Post subject: Reply with quote

i mean your loop can be changed like so:

Code:
         mov eax,[ecx+0x04]

@@:      movzx edx,byte ptr [esi] //jump here
         xor edx,eax
         and edx,0x000000ff
         add edx,edi
         shr eax,0x08
         xor eax,[edx*0x4+0x00fe2fd0]
         add esi,0x01
         sub ebp,0x01
         jne @b

         mov [ecx+0x04],eax
Back to top
View user's profile Send private message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Mon Feb 22, 2010 6:11 am    Post subject: Reply with quote

Quote:
i mean your loop can be changed like so:


I think I got it...
I don't have to
Code:

mov eax,[ecx+0x04]
......
......
[ecx+0x04] ,mov eax


Quote:
You are popping the registers in the wrong order.


yea it was wrong.,, stack is a FILO

So I changed my code like this now, Is this correct?

Code:
             
push ecx //just saving the last values for these registers
push esi   
push edi
push edx

mov edx,0x06 //20 bytes, 20 loops
push edx <-- push 0x06 on the stack
mov ecx,encAddr2 //to meros tou encryption
mov esi,lolz //buffer location

mov [ecx+0x04], 0xffffffff
mov eax, [ecx+0x04]
mov edi, [ecx]
shl edi, 0x08

jump:   
   
movzx edx,byte ptr [esi] //jump here
xor edx,eax
and edx,0x000000ff
add edx,edi
shr eax,0x08
xor eax,[edx*0x4+0x00fe2fd0]
add esi,0x01
pop edx <-- pop 0x06 in edx
sub edx,0x01  <-- decrease by 1
push edx  <-- put the new value back to stack
jne jump <-- if edx is not 0 jump to label jump:

mov [ecx+0x04],eax         
pop edx <-- remove edx garbage from stack
pop edx //restore old values back to registers
pop edi 
pop esi
pop ecx


I just want to make it work,,, don't need any optimizations. I don't even know if it works the right way, and if it gonna do what I want it to.


Last edited by kot1990 on Mon Feb 22, 2010 6:19 am; edited 1 time in total
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Mon Feb 22, 2010 6:16 am    Post subject: Reply with quote

seems okay at a first glance. however i would not use edx like how you are if i was you. pushing/popping is not really all that fast. bear in mind that stack is essentially memory. i would just make use of another register. say, ebx

Code:
mov [ecx+0x04], 0xffffffff
mov eax, [ecx+0x04]


can be replaced by :

Code:
mov eax, 0xffffffff


since you are not using that buffer at all at any later points
Back to top
View user's profile Send private message
kot1990
Expert Cheater
Reputation: 1

Joined: 06 Sep 2009
Posts: 131
Location: Greece

PostPosted: Mon Feb 22, 2010 6:30 am    Post subject: Reply with quote

thx Very Happy , I was just looking at it and thinking...
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Mon Feb 22, 2010 6:36 am    Post subject: Reply with quote

btw since you are push/pop'ing so many registers you might wanna check out pushad/popad. note that these 2 instructions are not efficient since they do extra and unneeded work but some people prefer them due to 'tidier' code
Back to top
View user's profile Send private message
&Vage
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Jul 2008
Posts: 1053

PostPosted: Tue Feb 23, 2010 5:55 pm    Post subject: Reply with quote

I recommend you use pushad, and popad; instead of pushing and popping all those register in and out of the stack.
Back to top
View user's profile Send private message
smartz993
I post too much
Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA

PostPosted: Tue Feb 23, 2010 6:01 pm    Post subject: Reply with quote

&Vage wrote:
I recommend you use pushad, and popad; instead of pushing and popping all those register in and out of the stack.


I recommend you read the post above you.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites