Posted: Thu Apr 14, 2016 4:42 am Post subject: Large Offset in Pointer
I have a rather large offset
and cheat engine won't let me input the pointer:
[05B25358]+807B1348
(05B25358 points to 7FFF0000 in this case)
7FFF0000 + 807B1348 = 1007A1348 (9 placeholders)
Normally, addresses have 8 placeholders, but I'm
trying to hack a 64-bit game. When I try to use code
injection to get the address instead, it only gives me
007A1348 instead of 1007A1348. How do I bypass the
8 placeholder limitation?
With regards to the add instruction, there is no addressing mode that allows you to add an imm64 value to a register. The maximum it allows you is an imm32. The only time the add instruction modifies the upper 32 bits of a register is when it needs to sign extend it due to it being negative. Interestingly enough, it doesn't modify the upper 32 bits if it's a positive result.
Regardless of that, just move the value you're adding into another 64-bit register and add that to rax.
Code:
mov rax,7FFF0000
mov rcx,807B1348
add rax,rcx
mov [missile],rax
ret
PS:You don't have to push/pop rax if you're in your own thread. You should be returning an NTSTATUS if you're going to return so that ntdll.RtlExitUserThread can clean up the thread, but evidently it doesn't matter since nothing uses it. If you're still concerned about that, just zero out eax just before the ret and you'll be fine. _________________
I don't know where I'm going, but I'll figure it out when I get there.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum