View previous topic :: View next topic |
Author |
Message |
Merlini Advanced Cheater Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Wed May 10, 2017 8:07 pm Post subject: Why doesn't this compile in AA? lea rdx, [rdx+8+rcx*8] |
|
|
In AA this doesn't compile
lea rdx, [rdx+8+rcx*8]
but this does
lea rdx, [rdx+8+ecx*8]
Is this specific to CE or is that error in general?
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Thu May 11, 2017 12:02 am Post subject: |
|
|
Seems like a size issue.
CE doesn't compile lea rdx, [rdx+8+ecx*8] but rather compiles it as lea edx,[edx+ecx*8+08]
lea rdx, [rdx+8+rcx*8] is fine and should be compiled as such whereas lea rdx, [rdx+8+ecx*8] isn't and shouldn't be compiled or converted.
_________________
|
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
Posted: Thu May 11, 2017 2:59 am Post subject: |
|
|
The valid instructions are the x86 and x64 variants (you can't mix-up x64 with x86 like you'd want to):
Code: | 00000000FF7A1000 | 48 8D 54 CA 08 | LEA RDX,QWORD PTR DS:[RDX+RCX*8+8] |
00000000FF7A1005 | 67 8D 54 CA 08 | LEA EDX,DWORD PTR DS:[EDX+ECX*8+8] |
00000000FF7A100A | 90 | NOP |
00000000FF7A100B | 90 | NOP |
00000000FF7A100C | 90 | NOP |
00000000FF7A100D | 90 | NOP | |
BR,
Sun
Last edited by SunBeam on Fri May 12, 2017 3:42 am; edited 2 times in total |
|
Back to top |
|
|
Merlini Advanced Cheater Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Thu May 11, 2017 1:57 pm Post subject: |
|
|
SunBeam wrote: |
Make sure the address you put in RCX/ECX is correctly defined in the script. Example:
Code: |
MyAddr:
dd 0
mov rcx,MyAddr
lea rdx,[rdx+rcx*8+8] |
This will get compiled as "ecx" not "rcx", because MyAddr is a DWORD, not a QWORD. So "dd 0" should be "dq 0". |
SunBeam,
Are you saying that you could get CE's AA to correctly compile
lea rdx,[rdx+rcx*8+8]?
I could not compile this in CE 6.6 AA properly.
And I think STN was pointing out (if I understood him)
that even the
lea rdx,[rdx+ecx*8+8]
which seems to compile in AA isn't doing what we expect it to do.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu May 11, 2017 2:18 pm Post subject: |
|
|
Don't try to use 64-bit registers when working with a 32-bit process.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Merlini Advanced Cheater Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Thu May 11, 2017 2:30 pm Post subject: |
|
|
ParkourPenguin wrote: | Don't try to use 64-bit registers when working with a 32-bit process. |
Using 64bit process.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu May 11, 2017 2:54 pm Post subject: |
|
|
For me, when targeting a 64-bit process, using rcx as the index register works fine and using ecx gives an error. Vise versa for a 32-bit process (what you're experiencing). I don't believe you're targeting a 64-bit process.
Attach CE to the game, go to Table -> Show cheat table Lua script, copy and paste this code in, click "execute", and post what the results are.
Code: | print('CE version:\t',tostring(getCEVersion()))
print('CE is 64-bit:\t',tostring(cheatEngineIs64Bit()))
print('target is 64-bit:\t',tostring(targetIs64Bit()))
assert(autoAssemble('globalalloc(foo,32)'),'globalalloc failed')
print('index reg rcx:\t',tostring(autoAssemble('foo:\r\nlea rdx,[rdx+8+rcx*8]')))
print('index reg ecx:\t',tostring(autoAssemble('foo:\r\nlea rdx,[rdx+8+ecx*8]'))) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Thu May 11, 2017 6:39 pm Post subject: |
|
|
Code: |
CE version: 6.7
CE is 64-bit: true
target is 64-bit: true
index reg rcx: true
index reg ecx: true
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Thu May 11, 2017 7:06 pm Post subject: |
|
|
In 64bit CE6.7SVN:
Code: | 67 8D 54 CA 08 - lea edx,[rdx+ecx*8+08]
8D 54 CA 08 - lea edx,[rdx+rcx*8+08]
67 48 8D 54 CA 08 - lea rdx,[rdx+ecx*8+08]
48 8D 54 CA 08 - lea rdx,[rdx+rcx*8+08] |
_________________
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu May 11, 2017 8:33 pm Post subject: |
|
|
(In my previous post, I was using CE 6.6)
The lea instruction can address a memory location using mod 32 arithmetic instead of mod 64 arithmetic when using the address size override prefix (0x67). The size of the base register should match the index register:
Code: | 67 48 8D 54 CA 08 - lea rdx,[edx+ecx*8+08]
48 8D 54 CA 08 - lea rdx,[rdx+rcx*8+08] |
CE 6.6 has a couple bugs with regards to the first instruction: CE can't assemble it and doesn't properly disassemble it.
(Source: Intel 64 & 32 Architectures Software Developer's Manual Vol. 2A section 3.2 "LEA—Load Effective Address")
I doubt this information helps OP at all since I still think their target is 32-bit.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Merlini Advanced Cheater Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Thu May 11, 2017 8:41 pm Post subject: |
|
|
ParkourPenguin wrote: | For me, when targeting a 64-bit process, using rcx as the index register works fine and using ecx gives an error. Vise versa for a 32-bit process (what you're experiencing). I don't believe you're targeting a 64-bit process. |
Code: | CE version: 6.6
CE is 64-bit: true
target is 64-bit: true
index reg rcx: true
index reg ecx: false |
Works!
So you were absolutely right and I was wrong.
I was at work when I replied last and since the only program I've been using
CE on had been 64bit I automatically assumed it was 64bit.
I must have somehow attached to a 32bit process.
My apologies for creating a hasty and confusing thread without
doing due diligence on my part.
Thank you to all those who chimed in.
|
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
Posted: Fri May 12, 2017 3:41 am Post subject: |
|
|
My bad on my previous post.
I gave x64dbg "lea rdx, [rdx+8+ecx*8]" to compile and it worked, but I didn't check the result. What it actually did was to compile the x86 version -> "lea edx, [edx+ecx*8+8]"
So, without checking the result, I thought it was some issue with CE
BR,
Sun
|
|
Back to top |
|
|
|