View previous topic :: View next topic |
Author |
Message |
sbryzl Master Cheater
Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Mon Aug 08, 2016 11:39 pm Post subject: compare immediate dword |
|
|
Can any registers be used for this, maybe it's not possible. CE either wants to treat it like a pointer or refuse to compile it.
So just as a hypothetical example:
cmp [edx+8],int(12345678)
Is there any way to do the immediate compare or do I first have to assign the value to a location and use a pointer?
|
|
Back to top |
|
 |
cooleko Grandmaster Cheater
Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Tue Aug 09, 2016 1:31 am Post subject: |
|
|
Integer:
cmp [edx+8], (int)12345678
cmp [edx+8], #12345678
Float:
cmp [edx+8], (float)12345678
Double:
cmp [edx+6], ebx
jne fail
cmp [edx+10], ebx+4
jne fail
Success:
cmp word ptr [],2 bytes
cmp byte ptr [], byte
|
|
Back to top |
|
 |
sbryzl Master Cheater
Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Aug 09, 2016 2:33 am Post subject: |
|
|
First one gives a cannot compile error.
[img]s10.postimg.org/wv589sva1/cmperror.png[/img]
*edit* I see I typed it wrong to get the error. It will compile but becomes a pointer instead of immediate value.
Second one compiles but shows as a pointer rather than an immediate value.
Float compare actually did work but I'm not using float values.
|
|
Back to top |
|
 |
hhhuut Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Tue Aug 09, 2016 3:11 am Post subject: |
|
|
The first one doesn't work because you didn't look closely what cooleko wrote.
In your script, you seem to have written "cmp [edx+8], int(12345678)", as shown in the error message, but you have to write "cmp [edx+8], (int)12345678" instead (like a type-cast in C)!
|
|
Back to top |
|
 |
sbryzl Master Cheater
Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Aug 09, 2016 11:21 am Post subject: |
|
|
I edited right after I posted saying that i noticed I typed it in wrong and after correction it would compile, but an issue still remains.
Both
cmp [edx+8], (int)12345678
cmp [edx+8], #12345678
will not use the number as an immediate value but rather as a pointer.
*edit*
But wait a moment. This looks like a bug in the disassembler display.
[img]s9.postimg.org/q24euad9r/asmdisplay.png[/img]
The disassembler will show the compare to a pointer
cmp [edx+08],daorigins.exe+7C614E
cmp [edx+08],daorigins.exe+7C614E
, but when I click on it, it shows up as an immediate compare and I see now it is using the correct opcode too.
|
|
Back to top |
|
 |
hhhuut Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Tue Aug 09, 2016 11:30 am Post subject: |
|
|
No, everything is just as it is supposed to be.
First, the "issue" with CE's disassembler is always that you get displayed some address name (i.e. also with mono names) and when you doubleclick the assembler line to put a new one there, it just shows an absolute value.
Which also leads to the second point: Your compare value is just fine, CE only displays it as a static address, because the "daorigins.exe" happens to be located at some spot in the memory your compare value accidentally matches.
Goto View -> Show module addresses and untick the box and you'll see that your immediate value is there.
|
|
Back to top |
|
 |
sbryzl Master Cheater
Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Aug 09, 2016 11:44 am Post subject: |
|
|
This explains it so it will no longer cause me confusion, thanks.
|
|
Back to top |
|
 |
|