 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
 Posted: Fri Aug 19, 2016 3:30 pm Post subject: How to convert integer to float ? [Solved] |
 |
|
Every time i try to inject my code, the game just crashes 
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,88 43 1C D9 83 DC 00 00 00 83 EC 08 DD 1C 24 D9 83 D8 00 00 00 83 EC 08 DD 1C 24 E8) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
push ecx
push edx
//xor ecx,ecx
//xor edx,edx
mov ecx,[[_gamebase+34]+38]//A
//mov ecx,[_gamebase+34]
//mov ecx,[ecx+38]
mov edx,[_gamebase+4C]//B
shr edx//B=B/2
sub ecx,edx//A=A-B
// Convert integer to float (both signed):
//movd xmm0,ecx
//CVTsi2ss xmm0,xmm0
//fmov [ebx+D8],xmm0
fild dword ptr [ecx]
fstp dword ptr [ecx]
mov [ebx+D8],ecx //move result into [ebx+D8]
pop edx
pop ecx
code:
sub esp,08
fstp qword ptr [esp]
jmp return
INJECT+15:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+15:
db 83 EC 08 DD 1C 24
unregistersymbol(INJECT)
dealloc(newmem)
|
Can someone help me pls?
I tried everything i could imagine and nothing worked as expected. I checked that the code is injected and run from where it should be.
Last edited by _KRN_ on Sun Aug 21, 2016 3:09 pm; edited 2 times in total |
|
| Back to top |
|
 |
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Fri Aug 19, 2016 3:37 pm Post subject: |
|
|
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,88 43 1C D9 83 DC 00 00 00 83 EC 08 DD 1C 24 D9 83 D8 00 00 00 83 EC 08 DD 1C 24 E8) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
push ecx
push edx
//xor ecx,ecx
//xor edx,edx
mov ecx,[[_gamebase+34]+38]//A
//mov ecx,[_gamebase+34]
//mov ecx,[ecx+38]
mov edx,[_gamebase+4C]//B
shr edx//B=B/2
sub ecx,edx//A=A-B
// Convert integer to float (both signed):
//movd xmm0,ecx
//CVTsi2ss xmm0,xmm0
//fmov [ebx+D8],xmm0
fild dword ptr [ecx]
//fst dword ptr [ecx] //are you sure this is needed???
//mov [ebx+D8],ecx //move result into [ebx+D8]
fstp dword ptr [ebx+d8]
pop edx
pop ecx
code:
sub esp,08
fstp qword ptr [esp]
jmp return
INJECT+15:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+15:
db 83 EC 08 DD 1C 24
unregistersymbol(INJECT)
dealloc(newmem) |
That way?
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sat Aug 20, 2016 3:09 am Post subject: |
|
|
idn i need some help finishing my script
as u can see i tried many things but failed every time
|
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Sat Aug 20, 2016 4:03 am Post subject: |
|
|
| He did try to help you, the code he posted is different from the one you posted, take a closer look
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sat Aug 20, 2016 4:42 am Post subject: |
|
|
| hhhuut wrote: | | Code: |
fild dword ptr [ecx]
//fst dword ptr [ecx] //are you sure this is needed???
//mov [ebx+D8],ecx //move result into [ebx+D8]
fstp dword ptr [ebx+d8]
|
That way? |
im not sure about anything, this is actually my first try to make script on my own 
that "fst dword ptr [ecx]" was "fstP dword ptr [ecx]" before
im not even sure if my pointing on the values is correct
that _gamebase is address made by
| Code: | globalalloc(_gamebase,4)
//later inside
mov [_gamebase],eax |
with 4bytes holding address to the base of the the games interesting stuff
soo I dont know if i should point to it 
mov ecx,[[_gamebase+34]+38]
or
mov ecx,[[[_gamebase]+34]+38]
or
mov ecx,[_gamebase+34]+38
or
mov ecx,[[_gamebase]+34]+38
or
separately like in the commented thing below it???
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sat Aug 20, 2016 5:33 am Post subject: |
|
|
mov ecx,[_gamebase+34]
mov ecx, [ecx+38] //will crash your game if pointer is invalid
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sat Aug 20, 2016 6:25 am Post subject: |
|
|
| cooleko wrote: | mov ecx,[_gamebase+34]
mov ecx, [ecx+38] //will crash your game if pointer is invalid |
that is part of the problem 
im not sure how to address values in memory
i just found out that this
[img]X.png - normal way[/img]
is the same as this
[img]X better.png - better way[/img]
(cant post urls yet ??!!!  )
how can i use this same address in
how can i move the value pointed in the pictures into register?
| Description: |
|
| Filesize: |
2.96 KB |
| Viewed: |
15112 Time(s) |
|
| Description: |
|
| Filesize: |
4.35 KB |
| Viewed: |
15112 Time(s) |
|
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Sat Aug 20, 2016 7:24 am Post subject: |
|
|
Move it step by step
push eax
mov eax, [gamebase]
mov eax, [eax+34]
mov ecx, [eax+38]
pop eax
make sure to do null-checking because like cooleko said will crash your game if pointer is invalid
_________________
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sat Aug 20, 2016 8:20 am Post subject: |
|
|
| STN wrote: | Move it step by step
push eax
mov eax, [gamebase]
mov eax, [eax+34]
mov ecx, [eax+38]
pop eax
make sure to do null-checking because like cooleko said will crash your game if pointer is invalid |
thx
soo actually using invalid pointed causes it to crash (not just the fact it is invalid)
correct?
soo
mov ecx,[[[_gamebase]+34]+38]
is in fact impossible(make it crash) ???
Also as i stated in the other comments, im new to writing decent scripts soo how to do this null checking?
I dont know what value represents null (00 or ??), soo whats the code to check for null, and do i have to check every time i move or just on the end, at start?
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sun Aug 21, 2016 3:33 am Post subject: Solved ??? |
|
|
Ok guys, after all the struggle i found out how to do that (int -> float) conversion.
I made custom program in C# compiled and build it into .exe and than hacked using Cheat Engine XD
and it was doing the conversion like this
| Code: |
push ecx //ecx = int value to convert
fild dword ptr [esp]
fstp dword ptr [esp]
fld dword ptr [esp]
add esp,04
fstp dword ptr [ebx+D8] //finished float into destination
|
but i dont understand why it does it this wierd way?
also it worked without the middle like this
| Code: |
push ecx //ecx = int value to convert
fild dword ptr [esp]
fstp dword ptr [ebx+D8] //finished float into destination
|
Can someone explain why it works like this but not like this pls ?
| Code: |
fild dword ptr [ecx]
fstp dword ptr [ebx+D8]
|
Please explain all of this to me  ?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Aug 21, 2016 4:20 am Post subject: Re: Solved ??? |
|
|
| _KRN_ wrote: |
Can someone explain why it works like this but not like this pls ?
| Code: |
fild dword ptr [ecx]
fstp dword ptr [ebx+D8]
|
Please explain all of this to me ? |
Because ECX holds the value, not the address. There are no x87 instructions to move floating point values between the FPU registers and the CPU registers.
| _KRN_ wrote: | but i dont understand why it does it this wierd way?
also it worked without the middle like this |
It depends on compiler settings. Enabled/disabled optimizations, etc.
I personally would use something like this:
| Code: | push ecx
fild dword ptr [esp]
add esp,04
fstp dword ptr [ebx+D8] |
or this:
| Code: | cvtsi2ss xmm0,ecx
movss [ebx+D8],xmm0
|
(if xmm0 is used, you can try xmm1 up to xmm7)
_________________
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sun Aug 21, 2016 5:43 am Post subject: |
|
|
WOW thx i thought that was the problem but i just ignored it XD
but can u explain more in depth how that works?
i get that if u push the ecx than its value will be at [esp] correct?
but why the "add esp,4" or it has to be "add esp,04" ?
also how can i know if xmm0 isnt used?
can i push/pop xmm0 ?
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Sun Aug 21, 2016 6:10 am Post subject: |
|
|
Yes, by pushing values (can either be registers like "push ecx" or memory like "push [ebx+1234]") you place them on top of the stack, which is referenced to by esp, so the values can be accessed through [esp].
There is absolutely no difference between "add esp,4" and "add esp,04".
But the instruction is needed to revert the changes made by "push ecx".
In detail, when pushing a value onto the stack, the stack pointer (esp) is decremented by 4, while popping values with "pop eax" for example increments the stack pointer.
So you can see that the stack is accessed in reverse order (decrementing esp results in more space, while inrementing esp results in less space).
Maybe you get an idea of the "add esp,04" by rewriting the push instruction.
Instead of "push ecx" you could also write:
sub esp,04
mov [esp],ecx
As to how to know if xmm0 is used or not: You can either look at the disassembly of the current function or just try it out by moving your value into xmm0 and see if that has any effect (weird behaviour or crashes) on the application.
As to saving a xmm register, it's not as simple as "push xmm0".
Saving xmm0 on the stack:
sub esp,10 //16 bytes = 128 bit = size of a xmm register
movdqu [esp],xmm0
Restoring it from the stack:
movdqu xmm0,[esp]
add esp,10
|
|
| Back to top |
|
|
_KRN_
Newbie cheater
![]() Reputation: 0
Joined: 12 May 2016
Posts: 12
Location: Armchair
|
| Posted: Sun Aug 21, 2016 6:37 am Post subject: |
|
|
Soo i could do
| Code: |
push ecx
fild dword ptr [esp]
fstp dword ptr [ebx+D8]
pop ecx
|
rigth?
or the pop have to/can be before the fstp?
what does the fild even do? is it like push int into stack (or special float stack?)
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
