| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| LewcowVaal Advanced Cheater
 
  Reputation: 0 
 Joined: 30 Dec 2017
 Posts: 63
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 10:14 am    Post subject: Injection Copy RSI Register |   |  
				| 
 |  
				| I am trying to make an Injection Copy of the RSI register: 
 
  	  | Code: |  	  | label(code) label(owncoordcode)
 label(return)
 
 globalalloc(_baseycoord,4)
 
 newmem:
 
 code:
 cmp [rsi+34c],0
 jne owncoordcode
 movss [rsi+00000154],xmm10
 jmp return
 
 
 owncoordcode:
 mov [_baseycoord],rsi                         <----------
 movss [rsi+00000154],xmm10
 jmp return
 
 
 coordreadY:
 jmp newmem
 nop 4
 return:
 registersymbol(coordreadY)
 | 
 
 Not working, probably because of a byte lenght difference. If so, how can i get rsi into _baseycoord?
 
 Thanks ^^
 |  |  
		| Back to top |  |  
		|  |  
		| panraven Grandmaster Cheater
 
 ![]() Reputation: 62 
 Joined: 01 Oct 2008
 Posts: 958
 
 
 |  |  
		| Back to top |  |  
		|  |  
		| DanyDollaro Master Cheater
 
 ![]() Reputation: 3 
 Joined: 01 Aug 2019
 Posts: 334
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 12:18 pm    Post subject: |   |  
				| 
 |  
				| Oh apparently I still have to learn, consequently I will delete my post given the presence of misleading content, thanks Panraven   |  |  
		| Back to top |  |  
		|  |  
		| LewcowVaal Advanced Cheater
 
  Reputation: 0 
 Joined: 30 Dec 2017
 Posts: 63
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 3:16 pm    Post subject: |   |  
				| 
 |  
				|  	  | panraven wrote: |  	  | I've tested on ce 6.7 that 'globalalloc' will at least allocate 16 byte, for it seems always start on a 16 bytes boundary,  ie last hex-digit of globalalloc address is 0. 'alloc' will still packed so that next alloc in same script will be adjacent to previous.
 
 For OP's code, it is not working because not many x86 asm instruct can have 64bit constant/literal. It may need a register to hold the literal then do operation with that register,ie.
 
  	  | Code: |  	  | push    rax
 mov   rax,_baseycoord
 mov   [rax],rsi
 pop     rax
 
 | 
 | 
 
 Game crashes...
 Maybe u meant something like this?
 
 
  	  | Code: |  	  | push    rax
 mov   [rax],rsi
 mov   rax,_baseycoord
 pop     rax
 
 | 
 |  |  
		| Back to top |  |  
		|  |  
		| panraven Grandmaster Cheater
 
 ![]() Reputation: 62 
 Joined: 01 Oct 2008
 Posts: 958
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 3:37 pm    Post subject: |   |  
				| 
 |  
				| No, the rax in your version can be any number at the line mov [rax],rsi it will not be what you expect. 
 Paste more code in your script may get more accurate suggestion.
 
 For I guess, you're using 'alloc(newmem,size)' instead 'alloc(newmem,size,address_jump_from)'. The latter version will try alloc newmem NEAR address_jump_from, which may be necessary for 64-bit jump instruction to not overwrite game code unexpectedly.
 
  	  | Code: |  	  | alloc(newmem,$1000,coordreadY)
 
 | 
 _________________
 
 - Retarded. |  |  
		| Back to top |  |  
		|  |  
		| LewcowVaal Advanced Cheater
 
  Reputation: 0 
 Joined: 30 Dec 2017
 Posts: 63
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 5:58 pm    Post subject: |   |  
				| 
 |  
				|  	  | panraven wrote: |  	  | No, the rax in your version can be any number at the line mov [rax],rsi it will not be what you expect. 
 Paste more code in your script may get more accurate suggestion.
 
 For I guess, you're using 'alloc(newmem,size)' instead 'alloc(newmem,size,address_jump_from)'. The latter version will try alloc newmem NEAR address_jump_from, which may be necessary for 64-bit jump instruction to not overwrite game code unexpectedly.
 
  	  | Code: |  	  | alloc(newmem,$1000,coordreadY)
 
 | 
 | 
 
 
 Full code:
 
  	  | Code: |  	  | [ENABLE]
 
 aobscanmodule(coordreadY,UnityPlayer.dll,F3 44 0F 11 96 54 01 00 00)
 alloc(newmem,$1000,"UnityPlayer.dll"+EEF756)
 
 label(code)
 label(owncoordcode)
 label(return)
 
 globalalloc(_baseycoord,4)
 
 newmem:
 
 code:
 cmp [rsi+128],0
 jne owncoordcode
 movss [rsi+00000154],xmm10
 jmp return
 
 
 owncoordcode:
 push rax
 mov rax,_baseycoord
 mov [rax],rsi
 pop rax
 movss [rsi+00000154],xmm10
 jmp return
 
 
 coordreadY:
 jmp newmem
 nop 4
 return:
 registersymbol(coordreadY)
 
 [DISABLE]
 
 coordreadY:
 db F3 44 0F 11 96 54 01 00 00
 
 unregistersymbol(coordreadY)
 dealloc(newmem)
 
 | 
 
 EDIT: It was a typo error. It works
   
 So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct?
 |  |  
		| Back to top |  |  
		|  |  
		| ParkourPenguin I post too much
 
  Reputation: 152 
 Joined: 06 Jul 2014
 Posts: 4704
 
 
 | 
			
				|  Posted: Sat Mar 14, 2020 10:34 pm    Post subject: |   |  
				| 
 |  
				|  	  | LewcowVaal wrote: |  	  | So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct? | 
 It's an instruction set architecture limitation. It's not a valid addressing mode; there's simply no way for the processor to do that operation.
 
 If the globalalloc used the same third parameter as the newmem alloc, then CE could assemble the original instruction since the processor would be able to effectively do that operation using RIP-relative addressing.
 _________________
 
 I don't know where I'm going, but I'll figure it out when I get there. |  |  
		| Back to top |  |  
		|  |  
		| atom0s Moderator
 
  Reputation: 205 
 Joined: 25 Jan 2006
 Posts: 8587
 Location: 127.0.0.1
 
 | 
			
				|  Posted: Sun Mar 15, 2020 1:26 am    Post subject: |   |  
				| 
 |  
				| Side note, your globalalloc is for 4 bytes, but you are trying to store 8 in it. _________________
 
 - Retired. |  |  
		| Back to top |  |  
		|  |  
		| LewcowVaal Advanced Cheater
 
  Reputation: 0 
 Joined: 30 Dec 2017
 Posts: 63
 
 
 | 
			
				|  Posted: Sun Mar 15, 2020 5:14 am    Post subject: |   |  
				| 
 |  
				|  	  | ParkourPenguin wrote: |  	  |  	  | LewcowVaal wrote: |  	  | So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct? | 
 It's an instruction set architecture limitation. It's not a valid addressing mode; there's simply no way for the processor to do that operation.
 
 If the globalalloc used the same third parameter as the newmem alloc, then CE could assemble the original instruction since the processor would be able to effectively do that operation using RIP-relative addressing.
 | 
 
 Mh.. got it. I guess i have still a lot to learn
   
 
 
 
  	  | atom0s wrote: |  	  | Side note, your globalalloc is for 4 bytes, but you are trying to store 8 in it. | 
 
 I will fix that
  , even tho 4 byte works. Maybe because, as panraven said, from his tests he saw that globalalloc will always allocate a minimum of 16 bytes....   
 Anyway thanks guys! Very useful information, gonna add this topic to favorites.
 |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |