Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Why might the same instruction look different on a diff PC?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Tue Mar 31, 2020 7:28 pm    Post subject: Why might the same instruction look different on a diff PC? Reply with quote

On my main PC, I'm searching for a health value in a game. When I get to "find what writes to this..." the return instruction looks like:

Code:
    mov [r13+rax+000005E4],r14d


On another PC, the same process, looking for the same value in the same game looks like:

Code:
   crc32 r8d,[r13+rbp+00000000]


Both PC's have the same OS, using the same version of CE and the same version of game.

Why might that be?


Last edited by Drivium on Wed Apr 01, 2020 10:19 am; edited 1 time in total
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Tue Mar 31, 2020 10:52 pm    Post subject: Reply with quote

Code:
crc32 esi,[r13+rax+000000E4]

That's almost certainly the wrong disassembly. You should post the machine code too (array of bytes), but I think it should be disassembled as a movbe opcode instead.

Regardless, the operands shouldn't change (I think), so that instruction still isn't writing to the address. Are you sure you clicked "Find out what writes to this address" and not what accesses? Is there a string mov instruction nearby? (e.g. rep movsb)

I'm guessing that's an emulator of some type. Is the emulator / virtual machine / interpreter the same version with the same settings between both systems? Even if it is, it might not use some features if the cpu doesn't support it (no clue when movbe was added).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Wed Apr 01, 2020 10:30 am    Post subject: Reply with quote

I was wrong about the other PC instruction, corrected in OP (was going from memory).

This PC has been consistently different for every game (within same emulator) than my main PC. If I can determine what's different, it would help me help OTHER users who have trouble with my tables.

I created 2 short videos showing my search process and the instruction differences between the 2 PC's. Both Windows 10, same version of emulator, same version of game, searching for same health value.

Main PC Demo
https://drive.google.com/open?id=1p4XBPCDf8_yKIdZHBqj2Bl5qpSsoM9_n

Other PC Demo
https://drive.google.com/open?id=1wsjrTLWDeO8zasOAlNpKTcmHYLC4KH6o
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Wed Apr 01, 2020 7:18 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Is the emulator / virtual machine / interpreter the same version with the same settings between both systems? Even if it is, it might not use some features if the cpu doesn't support it (no clue when movbe was added).

Looks like a difference in how the code is JIT compiled. Your main pc uses bswap then mov, while the other pc just uses movbe (again, CE disassembler bug).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Thu Apr 02, 2020 9:49 am    Post subject: Reply with quote

Yes, same versions with same settings.

Any idea what CPU settings I could change or check?

Main PC is i7-3770k and other is i7-4330k (secondary is more powerful)
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 379

Joined: 09 May 2003
Posts: 22655
Location: The netherlands

PostPosted: Thu Apr 02, 2020 11:08 am    Post subject: Reply with quote

It's not really a option you can change unless you use a virtual machine to mask that feature
This lua code can be used to predict what it will be
Code:

if (cpuid(1).ECX & (1 << 22)>0) then
  print("Can use MOVBE")
else
  print("Can NOT use MOVBE")
end


but besides that check it may check if your cpu has a known bug or not that makes the result of movbe unreliable

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Thu Apr 02, 2020 12:21 pm    Post subject: Reply with quote

Dark Byte wrote:
...but besides that check it may check if your cpu has a known bug or not that makes the result of movbe unreliable


Is there a way to force it to trust the result of movbe? (if it sounds like I don't know what I'm talking about, it's because I don't) Smile
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Thu Apr 02, 2020 12:52 pm    Post subject: Reply with quote

I doubt the emulator would give you a magic option that makes the JIT compiler produce machine code compatible across different systems. I guess you could hack the JIT compiler to make it think the cpu doesn't support movbe (the other way should crash on incompatible systems), but that sounds like more work than it's worth.

The reliable way to do this would be to change the emulated code instead of the interpretation of that code. It's never going to change from system to system, but you'll need to either catch it before it's JIT compiled or trigger a recompilation somehow. This can vary greatly depending on how the emulator works, and cemu being proprietary doesn't help at all. This too is likely more work than it's worth to you.

An easier approach would be to scan for multiple patterns until one of them works. The default pattern should be calculated from cpuid as DB showed, and if for some reason the emulator didn't want to do use movbe anyway (e.g. problem with movbe on that microarchitecture), try the other pattern. If nothing works, give the user some general information on how they can do it themselves. You can't plan for everything the JIT compiler could produce on every possible hardware combination.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Thu Apr 02, 2020 1:38 pm    Post subject: Reply with quote

Don't suppose you could produce a mock-up of your "easier approach" for reference? Smile
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Thu Apr 02, 2020 2:15 pm    Post subject: Reply with quote

Code:
local patterns = {
  "12 34 ab cd", -- with movbe support
  "56 78 90 ef"  -- w/o  movbe support
}

-- reorder patterns based on cpuid support
local movbe_support = cpuid(1).ECX & (1 << 22)>0
if !movbe_support then
  patterns[0], patterns[1] = patterns[1], patterns[0]
end

for _,p in ipairs(patterns) do
  local res = AOBScan(p,'+X-C-W')
  if res then
    print('Pattern: ' .. p)
    print('Address: ' .. getNameFromAddress(res[0]))
    for i = 1, res.Count - 1, 1 do
      print('         ' .. getNameFromAddress(res[i]))
    end
    res.destroy()
    -- optionally break here if you don't care if the other pattern exists
    break
  end
end

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Thu Apr 02, 2020 4:42 pm    Post subject: Reply with quote

This would go in the "Show cheat table lua script" area? Also, which behavior would indicate that it's working? Ultimately, the goal is to have the cheats I find/create on my main PC work on the other and to work for other people in the same situation.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Thu Apr 02, 2020 6:26 pm    Post subject: Reply with quote

Yes, that is Lua code. You can place it in the main Lua script for the cheat table and/or in a {$lua} block in an AA script. {$lua} blocks can return strings that are substituted back into the script, so e.g. you could do this in the for loop:
Code:
if res then
  return ('define(INJECT,%s)'):format(getNameFromAddress(res[0]))
end


Those print statements should print something if you fill in the AoB patterns correctly.

If you're asking me to write a table/script for you, then no. I don't know what precisely you want to do and I'm not inclined to learn. Read the code, learn from it, and adapt it to what you're trying to do.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Drivium
Advanced Cheater
Reputation: 0

Joined: 16 Apr 2013
Posts: 73

PostPosted: Mon Jun 29, 2020 6:36 pm    Post subject: Reply with quote

The lua code above errored for me at !.

Used this as a test:

Code:
local patterns = {

  "B6 27 48 0C 81 02 1C 22", -- with movbe support
  "B6 27 48 0C 81 02 1C 22"  -- w/o  movbe support
}

-- reorder patterns based on cpuid support
local movbe_support = cpuid(1).ECX & (1 << 22)>0
if !movbe_support then
  patterns[0], patterns[1] = patterns[1], patterns[0]
end

for _,p in ipairs(patterns) do
  local res = AOBScan(p,'+X-C-W')
  if res then
    print('Pattern: ' .. p)
    print('Address: ' .. getNameFromAddress(res[0]))
    for i = 1, res.Count - 1, 1 do
      print('         ' .. getNameFromAddress(res[i]))
    end
    res.destroy()
    -- optionally break here if you don't care if the other pattern exists
    break
  end
end
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Mon Jun 29, 2020 7:06 pm    Post subject: Reply with quote

Sorry, I think I was thinking of C at the time of writing that. Replace it with "not":
Code:
if not movbe_support then

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites