 |
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
thirdfoot Newbie cheater
Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Wed Dec 30, 2020 5:50 pm Post subject: what does hashtag with numbers mean |
|
|
I'm using IsBadReadPtr at the moment since I need to test for a readable value set in a register at a shared instruction. It's working fine, but I see someone else just cmp against #8, #10, seemingly the integer that matches the number of bytes they want to check is readable. Seems so much easier, but I can't seem to find what exactly the hash sign does.
Code: | cmp [rax+10],#8
jne somewhere
cmp dword ptr [rax+18],'Some'
jne somewhere
cmp dword ptr [rax+1C],'Thin' |
Does #N make sure N bytes are readable at cmp addr? Seems a bit too easy... Awesome if I can use it but just wanna verify what it really is.
Thanks. |
|
Back to top |
|
 |
atom0s Moderator
Reputation: 205
Joined: 25 Jan 2006 Posts: 8587 Location: 127.0.0.1
|
Posted: Wed Dec 30, 2020 6:40 pm Post subject: |
|
|
# means the number will be interpreted as a non-hex number.
$ means the number will be interpreted as a hex number.
So if you do:
Then EAX will actually be 0x0539.
And if you do:
Then EAX will actually be 0x1337 _________________
- Retired. |
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4702
|
Posted: Wed Dec 30, 2020 6:59 pm Post subject: |
|
|
Numbers in instructions are by default parsed as hexadecimal integers. The # makes CE parse it as a decimal integer. It makes no difference for 8.
thirdfoot wrote: | I'm using IsBadReadPtr... | Use {$try} / {$except}
https://forum.cheatengine.org/viewtopic.php?p=5761822#5761822 _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
thirdfoot Newbie cheater
Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Thu Dec 31, 2020 7:45 am Post subject: |
|
|
I'm trying a new script with try/except instead of IsBadReadPtr, but the game instantly crashes in the try clause (where I'd expect it to without any checking) when trying cmp dword ptr [rdx+18],'Text', guessing due to at that specific time, rdx is 0. But should try/except not handle this?
I get:
Code: | FATAL EXCEPTION at 0x00007FFD5B670000
Violation when reading address 0x18
Code: 0xc0000005 |
With code like:
Code: | code:
{$try}
cmp dword ptr [rdx+18],'Text'
jne trysomethingelse
// Manipulate value.
mov rax,(double)100000000.00
// Orginal instructions.
mov [r14],rax
mov eax,[r12+08]
jmp return
{$except}
jmp originalcode |
Am I doing something blatantly wrong or will try/except not catch an exception like this. I also get it when simply trying to read the address and nothing else, like mov ecx,[rdx+18], or just comparing it with something. I wonder if the game perhaps does some kind of exception handling that discovers the same exception this does. It has a specially developed popup window with the opportunity to report the exception. |
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4702
|
Posted: Thu Dec 31, 2020 12:12 pm Post subject: |
|
|
Where is trysomethingelse or originalcode? Please provide the entire script- not just where you think the error is.
Also, this should go without saying, but make sure you aren't using an old version of CE. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
thirdfoot Newbie cheater
Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Thu Dec 31, 2020 12:44 pm Post subject: |
|
|
I have v7, try/except was introduced in 6.8. I have no doubt it crashes in the {$try} section. But to save time arguing, let me illustrate it with a simple full example.
This is an automatically generated AOB script I just made, it does absolutely nothing different from original code:
Code: | [ENABLE]
aobscanmodule(test,game.dll,49 89 06 41 8B 44 24 08)
alloc(newmem,$1000,test)
label(code)
label(return)
newmem:
code:
mov [r14],rax
mov eax,[r12+08]
jmp return
test:
jmp newmem
nop 3
return:
registersymbol(test)
[DISABLE]
test:
db 49 89 06 41 8B 44 24 08
unregistersymbol(test)
dealloc(newmem) |
Here I introduce try/except:
Code: | [ENABLE]
aobscanmodule(test,game.dll,49 89 06 41 8B 44 24 08)
alloc(newmem,$1000,test)
label(code)
label(return)
label(originalcode)
newmem:
code:
{$try}
cmp [rdx+10],1
jmp originalcode
{$except}
jmp originalcode
originalcode:
mov [r14],rax
mov eax,[r12+08]
jmp return
test:
jmp newmem
nop 3
return:
registersymbol(test)
[DISABLE]
test:
db 49 89 06 41 8B 44 24 08
unregistersymbol(test)
dealloc(newmem) |
And what do you know.
Code: | FATAL EXCEPTION at 0x00007FFD5B670000
Violation when reading address 0x10
Code: 0xc0000005 |
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4702
|
Posted: Thu Dec 31, 2020 1:40 pm Post subject: |
|
|
Can you replicate that behaviour in the CE tutorial? If not, the game is probably doing something weird with VEH; otherwise, it could be something wrong in your setup or a bug in CE. I can't try to replicate it right now, but I might be able to try later if someone else doesn't do it first.
It seems like you could just check for a null pointer and be fine. I'd recommend doing that anyway as it's faster than try/except in the failure case and faster than isbadreadptr in every case.
Code: | test rdx,rdx
jz originalcode
// not a null pointer, probably fine to read it
cmp [rdx+10],1
... |
If this still crashes, then I guess you can use isbadreadptr, but it could fail too since the check+access isn't atomic. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
thirdfoot Newbie cheater
Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Thu Dec 31, 2020 6:18 pm Post subject: |
|
|
I can't get the tutorial to crash, but it does show something about integrity error. I tried counter strike source, it crashes as well on the following.
Code: | {$try}
// Attempt to read invalid memory (anything under 0x10000).
cmp [10],1
{$except}
// Reading invalid memory didnt work, so hack some bullets instead.
mov ebx,(int)99
jmp originalcode |
I've tried testing against allocation memory ranges after 0x10000, but my other game seems to do some trickery when zoning between areas that makes alot of them invalid in the same way.
As far as my current game, I therefore can't just test against zero. I added check against minimum and maximum memory range as well as an extra check to a common memory value that finally got me over the finish line. Just unique enough to get me through the zoning problem.
IsBadReadPtr was really slow, to the point where it affected the FPS. It could not deal with zoning between areas either, would crash in the same way. It's called a lot since it's a shared instruction. But I'm glad to have tried it out and learned how to use it. As well as the pointers received in this thread for my original question.
Thanks a lot for the input and Happy New Year! |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|