Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CMP Issue

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
The0neThe0nly
Expert Cheater
Reputation: 0

Joined: 08 Dec 2009
Posts: 119
Location: In a box
PostPosted: Sun May 12, 2013 8:57 pm    Post subject: CMP Issue Reply with quote
In my game there is a function that generates multiple strings and I want to change one of them. Normally, I use breakpoints. But I'm going to make a Lua Trainer and make it automated. However, I'm having an issue with my AA code. It's supposed to compare ESI to a certain string, and if that string matches ESI then it moves another string into EDX. After that, it runs the original code at 004DAE3A and jumps to 004DAE43. If ESI does not match the string, it jumps over the part that moves the string into EDX and runs the original code at 004DAE3A and jumps to 004DAE43. However, when I breakpoint the mov that moves the string into EDX, I get no results even though I know that the location string is the same as ESI at one point when the function is ran. Help?
Code:
         alloc(newmem,2048)
         alloc(string,2048)
         alloc(location,2048)
         label(goto)

         location:
         db 47 65 6e 65 72 61 6c

         string:
         db 54 65 73 74 69 6e 67

         newmem:
         cmp esi,location
         jne goto
         mov edx,string
         
         goto:
         lea esp,[esp+30]
         call 004F6730
         jmp 004DAE43

         004DAE3A:
         jmp newmem
         nop
         nop
         nop
         nop
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Sun May 12, 2013 10:00 pm    Post subject: Re: CMP Issue This post has 1 review(s) Reply with quote
The0neThe0nly wrote:
It's supposed to compare ESI to a certain string, and if that string matches ESI then it moves another string into EDX.
You seem to think ESI contains your string, but remember, ESI is a 32bit=4byte register, so there is not enough room to store a string in a register (unless it is 4 character long or less). When your debugger displays 'esi= 123456= "General"' it means that the string "General" is at address 123456, and esi contains a pointer to that string.

What your code currently does is to check if the string in esi is at the address location.

If you want to compare the actual characters of 2 string there are 2 methods:
1-The quick and dirty:
Code:
alloc(newmem,2048)
label(string)   //no need to alloc more memory for those, just put them at the end of your code
label(goto)


newmem:
cmp dword [esi],'Gene' //see if the 4 first characters of the string pointed by esi are 'Gene'
jne goto
cmp dword [esi+4],'ral' //see if the 4 lasts characters of the string pointed by esi are 'ral'then 0.
jne goto
mov edx,string      //move into edx the ADDRESS of the string "Testing"

goto:
lea esp,[esp+30]
call 004F6730
jmp 004DAE43

string:
db 'Testing',0 //don't forget the ,0 to mark the end of your strings

004DAE3A:
jmp newmem
nop
nop
nop
nop

2-The clean way (has several variants):
Code:
alloc(newmem,2048)
label(string)   //no need to alloc more memory for those, just put them at the end of your code
label(location)
label(goto)


newmem:
push eax   //save eax

push esi //second parameter for lstrcmpA
push location //first parameter for lstrcmpA
call kernel32.lstrcmpA //will return 0 (in eax) if both strings are identical (case sensitive)
test eax,eax   //same as: cmp eax,0
jne goto   //je goto
mov edx,string
goto:
pop eax      //restore saved eax
lea esp,[esp+30]
call 004F6730
jmp 004DAE43

location:
db 'General',0 //don't forget the ,0 to mark the end of your strings

string:
db 'Testing',0

004DAE3A:
jmp newmem
nop
nop
nop
nop
Back to top
View user's profile Send private message
The0neThe0nly
Expert Cheater
Reputation: 0

Joined: 08 Dec 2009
Posts: 119
Location: In a box
PostPosted: Sun May 12, 2013 11:17 pm    Post subject: Reply with quote
Thanks Gniarf it seems to be working, but when I do
Code:
mov edx,string

it doesn't work properly. When I tried
Code:
mov [edx],string

the game crashed, but when I made a breakpoint and looked at edx after the mov, it doesn't move the string the right way. How do I move the string into the value of edx?

I used the dirty way, by the way.
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Mon May 13, 2013 1:34 pm    Post subject: Reply with quote
Code:
mov dword [edx], 'Test'
mov dword [edx+4], 'ing'

or
Code:
push eax

push string
push edx
call kernel32.lstrcpyA //copies the content of "string" into the string pointed by edx

pop eax


Now what do you think you did there ?
Code:
mov [edx],string
I'm not asking what you wanted to do, I'm asking you to take your time, look back at what you have written, and try to understand what this instruction actually does. (I don't take "no idea" for an answer)
Some questions to help you:
-In you case, what is edx? What is [edx]?
-What is "string"?
Back to top
View user's profile Send private message
The0neThe0nly
Expert Cheater
Reputation: 0

Joined: 08 Dec 2009
Posts: 119
Location: In a box
PostPosted: Mon May 13, 2013 5:00 pm    Post subject: Reply with quote
Thanks again for the reply, I want to move something much larger now, but it would be way too annoying to just do
Code:
mov dword [edx], 'Test'
mov dword [edx+4], 'ing'

every time. I tried your other way by the way (the one that calls kernel32.lstrcpyA), but it wasn't working. Is there any efficient way to move a much longer (629 Characters) string?

Quote:
I'm not asking what you wanted to do, I'm asking you to take your time, look back at what you have written, and try to understand what this instruction actually does. (I don't take "no idea" for an answer)
Some questions to help you:
-In you case, what is edx? What is [edx]?
-What is "string"?


I believe it moves the address of the string to the value of the address at edx. I realize I messed up Confused
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Mon May 13, 2013 5:44 pm    Post subject: Reply with quote
The0neThe0nly wrote:
Is there any efficient way to move a much longer (629 Characters) string?
Yes, the one with kernel32.lstrcpyA. If it doesn't work it's that you're doing something wrong, but I don't know what. Are you sure that edx contains the address of the string to overwrite? Are you sure that the buffer at address edx is large enough to hold 629 characters? Does your 629 char string contain one and only one 00, which must be at its end? What happens when you execute the kernel32.lstrcpyA example I posted above ("it wasn't working" is a bit vague, you know)?

The0neThe0nly wrote:
I believe it moves the address of the string to the value of the address at edx. I realize I messed up
Good answer. You actually overwrite the 4 first characters of the string pointed by edx with the address of "Testing".
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites