Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


few x64 bugs

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
m0us
Newbie cheater
Reputation: 0

Joined: 25 Apr 2013
Posts: 11
PostPosted: Thu Apr 25, 2013 9:03 am    Post subject: few x64 bugs Reply with quote
hi. i'm running win8 9200 x64 pro.

1st - gui scan space address bounds is incorrect - it should be max for usermode - 0x000007FFFFFFFFFF, otherwise if the kernel query memory enabled - you will hit the error message. this is not comfortable to write right value every time.

2nd - possible disassembler engine pointers overflow. auto assemble->code inject:

Tutorial-x86_64.exe+2B6B2 - E9 4949FCFF - jmp FFFF0000
works normally but looks bogus
and you will see something like
10002B6B2 - FF 8B 60070000 - dec [rbx+00000760]
FFFF0000 - 83 83 60070000 03 - add dword ptr [rbx+00000760],03
FFFF0007 - FF 8B 60070000 - dec [rbx+00000760]

also, with kernel memory access enabled, autoassemble crashes the CE
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands
PostPosted: Thu Apr 25, 2013 9:14 am    Post subject: Reply with quote
I'm not sure what you mean with pointer overflow with 2
If I do a code injection at Tutorial-x86_64.exe+2B6B2 it generates this script: (ce 6.2)
Code:

alloc(newmem,2048,"Tutorial-x86_64.exe"+2B6B2) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
dec [rbx+00000760]

exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B6B2:
jmp newmem
nop
returnhere:


And when executed changes
Code:

10002B6B2 - FF 8B 60070000 - dec [rbx+00000760]

into
Code:

10002B6B2 - E9 4949FCFF           - jmp FFFF0000
10002B6B7 - 90                    - nop


and FFFF0000 contains the code:
Code:

FFFF0000 - FF 8B 60070000        - dec [rbx+00000760]
FFFF0006 - E9 ADB60300           - jmp 10002B6B8

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
m0us
Newbie cheater
Reputation: 0

Joined: 25 Apr 2013
Posts: 11
PostPosted: Thu Apr 25, 2013 9:52 am    Post subject: Reply with quote
Quote:
and FFFF0000 contains the code:


yep, sorry, anything ok, allocated page is really at this address. i was confused and supposed that the ip variable was 32bit and overflowed Rolling Eyes
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites