Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How do i read an instruction in an address in C++?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
LongBeardedLion
Expert Cheater
Reputation: 0

Joined: 10 Apr 2020
Posts: 109

PostPosted: Tue Jun 30, 2020 8:35 am    Post subject: How do i read an instruction in an address in C++? Reply with quote

So i have this instruction that changes each time i open the game:

JMP myGame.1001238F in address 762634B5. Thats how it is displayed in x32dbg. Precisely:

762634B5 - JMP myGame.1001238F

If i click it twice it displays just this:

jmp 0x1001238F

Since this address 0x1001238F it jumps to changes each time the game starts, but the address where this is instruction is stored is permanent, I would like to know how can i read the instruction in address 762634B5 , so that i can get the address it jumps to, the instruction JMP myGame.XXXXXXXX .

I need the address in XXXXXXX.
All i know in C++ is to read the memory. Meaning the bytes that are stored in an address. I dont know how to read the instruction that contains an address. Any tips here?

I followed it in dump. Nothing there too. How should i proceed?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Tue Jun 30, 2020 9:21 am    Post subject: Reply with quote

If the opcode is E9, the next four bytes are a rel32 displacement from the next instruction. Get the address of the next instruction (i.e. that instruction plus 5 bytes, or the operand plus 4) and add the rel32 displacement to it.
https://www.felixcloutier.com/x86/jmp

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LongBeardedLion
Expert Cheater
Reputation: 0

Joined: 10 Apr 2020
Posts: 109

PostPosted: Tue Jun 30, 2020 10:39 am    Post subject: Reply with quote

Thank you.

So if i have:

762634B5 | E9 D5EEDA99 | jmp myGame.1001238F

How do i calculate it?

How does the value in dump that is E9 D5EEDA99 turn into 1001238F?

rel32? Something to do with 32 byte value?
I tried finding a relation between this.
Maybe its not that simple?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 78

Joined: 06 Jul 2014
Posts: 2637

PostPosted: Tue Jun 30, 2020 10:52 am    Post subject: Reply with quote

The operand of the E9 jmp opcode is a relative 32-bit displacement from the next instruction.
Code:
762634B5:  E9 D5EEDA99  // jmp myGame.1001238F
762634BA:  ??           // the next instruction

0x762634BA + 0x99DAEED5 = 11001238F mod 2^32 = 1001238F
(mod 2^32 is used for 32-bit processes)

You could also interpret the operand as a signed displacement, but with the way two's complement works the end result is the same. (one could argue that could be slightly more dangerous in C++ because signed integer overflow is UB; unsigned overflow is well defined)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LongBeardedLion
Expert Cheater
Reputation: 0

Joined: 10 Apr 2020
Posts: 109

PostPosted: Tue Jun 30, 2020 12:07 pm    Post subject: Reply with quote

Thats awesome. Thank you. Smile Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites