 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
rave420
Newbie cheater
![]() Reputation: 0
Joined: 25 Dec 2014
Posts: 18
|
 Posted: Sun Apr 30, 2017 3:24 pm Post subject: 64 Bit Adresses and Auto Assembler help needed |
 |
|
I'm trying to create a cheat for Ashes of the Singularity.
What i want to do is create an AOB Scan script that finds the code that updates player resources, and use it as a point to create base for my other offsets i found.
Normally, with 32 bit applications i would find a piece of code that accesses the desired address, AOB scan for it, do a code injection and move the memory address in the register into a global variable like [_playerbase]
However, this is my first time with 64 bit applications and my usual approach does not work.
Here's the bit of relevant Assembly Code, RCX contains the desired address that i would like to move into [_pbase]
| Code: | 7FF67316A43E - F3 0F58 99 20030000 - addss xmm3,[rcx+00000320]
7FF67316A446 - F3 0F11 01 - movss [rcx],xmm0 <<
7FF67316A44A - F3 0F10 41 08 - movss xmm0,[rcx+08]
RCX=00007FF67481B230 |
This is how i would normally do this, it does not work here. The script does not inject.
| Code: | [ENABLE]
aobscanmodule(INJECT,AshesEscalation_DX11.exe,F3 0F 11 01 F3 0F 10 41 08)
alloc(newmem,$1000,"AshesEscalation_DX11.exe"+17A446)
label(code)
label(return)
globalalloc(_pbase,16)
newmem:
code:
mov [_pbase],rcx
movss [rcx],xmm0
movss xmm0,[rcx+08]
jmp return
INJECT:
jmp newmem
nop
nop
nop
nop
return:
registersymbol(INJECT) |
I'm assuming my problem here is that i'm trying to use MOV to move a 64 bit address when there's another instruction i should be using instead, i did some research but i'm at the end of the road here. Maybe my globalalloc uses the wrong type or length, could be, i tried a few different sizes.
I need some help, please.
|
|
| Back to top |
|
 |
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Mon May 01, 2017 8:59 am Post subject: |
|
|
Try this or something similar with another 64bit register.
| Code: | code:
push r8
mov r8,_pbase
// mov [_pbase],rcx
mov [r8],rcx
pop r8
movss [rcx],xmm0 |
|
|
| Back to top |
|
|
rave420
Newbie cheater
![]() Reputation: 0
Joined: 25 Dec 2014
Posts: 18
|
| Posted: Mon May 01, 2017 11:24 am Post subject: |
|
|
Hey sbryzl,
| Code: | push r8
mov r8,_pbase
mov [r8],rcx
// mov [_pbase],r8
pop r8
movss [rcx],xmm0
movss xmm0,[rcx+08] |
seems to work, the address in rcx gets moved into r8 just fine. Any time i try to move the value of any register into my globalalloc [_pbase] however, it no longer wants to inject. What size of alloc should i use for [_pbase]? I currently use globalalloc(_pbase,16), the value that needs to be moved into it is "00007FF69864B230"
|
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Mon May 01, 2017 11:52 am Post subject: |
 |
|
| It doesn't matter what size you alloc, it will still haveat least $1000 bytes available. You say rcx gets moved into r8 fine but do you mean it gets moved into the pointer [r8]? Becasue r8 will be carrying the address of _pbase therefore the instruction mov [r8],rcx will put rcx at [_pbase].
|
|
| Back to top |
|
|
rave420
Newbie cheater
![]() Reputation: 0
Joined: 25 Dec 2014
Posts: 18
|
| Posted: Mon May 01, 2017 1:20 pm Post subject: |
|
|
 thank you
| Quote: | push r8
mov r8,_pbase
mov [r8],rcx
pop r8 |
i put brackets around _pbase, that didn't work. The above code works just fine and does what i want. I ought to take a break every now and then.
|
|
| Back to top |
|
|
hemersonkla1
Cheater
![]() Reputation: 0
Joined: 24 Jun 2015
Posts: 34
|
| Posted: Thu May 04, 2017 6:33 am Post subject: Help asm 64x delphi. |
|
|
hi friends i need a help. I have this function for a delphi trainer it works fine in 32x but if compiling to use in a 64x browser I have errors, how can I convert it to work in 64x? I thank you.
| Code: | function SSE_FindByte(const Data; const Value: Byte; const len: Integer): Integer;
asm
PUSH EBX
PUSH ESI
PUSH EDI
AND EDX, $FF
MOV [ESP - 4], ECX
CMP ECX, 0
JLE @@FIN
LEA EDI, [EAX + 16 * 1]
LEA ESI, [EAX + ECX * 1]
AND EDI, not 15
CMP ECX, 16
JL @@LOOP0_S
CMP EAX, EDI
JE @@SSE
CMP EDI, ESI
CMOVG EDI, ESI
JMP @@LOOP0_S
@@TAIL:
OR ESI, EBX
BSF EBX, ESI
JNZ @@FinSSE
NEG ECX
@@LOOP0_S:
ADD ECX, 1
@@LOOP0:
SUB ECX, 1
JZ @@Fin
MOV BL, [EAX]
ADD EAX, 1
CMP BL, DL
JE @@Fin
CMP EAX, EDI
JNE @@LOOP0
SUB ECX, 1
@@SSE:
MOV EDI, ESI
CMP ECX, 32
JL @@LOOP0_S
MOV ESI, EDX
MOV [ESP - 8], not 0
SHL ESI, 8
MOV [ESP - 12], $FEFEFEFE
OR ESI, EDX
MOVD XMM1, [ESP - 8]
MOV EDX, ESI
MOVD XMM2, [ESP - 12]
SHL ESI, 16
PXOR XMM3, XMM3
OR EDX, ESI
SHUFPS XMM1, XMM1, 0
MOVD XMM0, EDX
SHUFPS XMM2, XMM2, 0
SHUFPS XMM0, XMM0, 0
MOVAPS XMM6, [EAX]
MOVAPS XMM7, [EAX + 16]
@@SSE_LOOP:
PXOR XMM6, XMM0
PXOR XMM7, XMM0
PADDUSB XMM6, XMM2
PADDUSB XMM7, XMM2
PSUBB XMM6, XMM1
PSUBB XMM7, XMM1
PMOVMSKB ESI, XMM6
PMOVMSKB EBX, XMM7
ADD EAX, 32
SHL EBX, 16
SUB ECX, 32
JL @@TAIL
MOVAPS XMM6, [EAX]
MOVAPS XMM7, [EAX + 16]
OR ESI, EBX
BSf EBX, ESI
JZ @@SSE_LOOP
@@FinSSE:
ADD ECX, 32
SUB ECX, EBX
@@Fin:
MOV EAX, [ESP - 4]
MOV EBX, -1
SUB EAX, ECX
CMP ECX, 0
POP EDI
CMOVE EAX, EBX
POP ESI
POP EBX
end; |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
