Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Working with floats: load & store... [Closed]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 206

PostPosted: Wed Feb 17, 2021 1:40 pm    Post subject: Working with floats: load & store... [Closed] Reply with quote

I'm currently working on Mirror's Edge, and adding a FOV feature to the table. UE engine uses a specific multiplier for that, but not very userfriendly to manipulate. So i want users to offer a more "common" FOV option. My struggle: can't get the (static) variable updated...

Table code: [ https://www.dropbox.com/s/9j6x29oj0keyw2w/ME_StoreFloat.png?dl=0 ]

Basically: i'm applying the 'rule of 3': 0.0087266 ~= 90 (fov). by using temp variables, users can enter a FOV value, and I'll do the math in the back, updating the (static) multiplier... My problem: as soon as I hit 'fstp dword ptr [ebx]' the game crashes...?
(plenty of examples doing "similar" stuff here and @stackoverflow (be it them examples do [esi+10] or something ~ should logically make no diff...)

ps: storing @ stack is no issue either; it's getting that mem_address updated. and btw: I can easily/manually change the value in the table, and that works fine. (but that would mean - as a user - that you'll have to do some guessing/calculations yourself...)

ps2: if anyone knows of a good manual/paper on float-handling, might pointing me in the right direction? I have a wiki page, but most of that is "basic" and just a command sum_up...


Last edited by paul44 on Thu Feb 18, 2021 12:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Wed Feb 17, 2021 2:16 pm    Post subject: Reply with quote

Are you popping a float you didn't load? If so just use fst instead of fstp.
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 206

PostPosted: Thu Feb 18, 2021 3:25 am    Post subject: Reply with quote

^ I did load the float first (see dropbox image above), but just to be sure tried without pop-ing... and same thing...
as I said before: if i do something like 'fstp dword ptr [esp] - making sure to sub/add stack accordingly - I get that value onto the stack without probs...?!
ps: I did also verify if anything important on the float stack was still needed, but "apparently" not (within the level of my experience ofc).

oh yeah: if I do a 'fstp dword ptr [pFOVmul], that "works" fine as well, but basically overwrites my 'pointer' address... (and the game keeps running ofc)
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Feb 18, 2021 8:03 am    Post subject: Reply with quote

Code:
push ebx
mov ebx,[12440020]
lea ebx,[ebx]
fstp st(0)
pop ebx


put a find what accesses trace on lea ebx,[ebx] and see what comes up
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 206

PostPosted: Thu Feb 18, 2021 8:19 am    Post subject: memory readonly Reply with quote

^ I came to me as a "flash in the pan"... that mem_address is actually 'protected' and set as 'Read' (it is a 'green/static' address after all). As soon as i change its protection to Read/Write, it works as expected...

Basically - since the CE gui allows one to change such memory without problems - I have to conclude that the interface temporarily allows to write to that address, and then sets it back to 'read' (only)...
(checked protection prior/after manually change, and the memory(page) remains 'read').
However: when I change the protection manually, it sets that whole 'page' to read (i am not a mem-connaisseur, so i'm guessing that windows - and CE - manages memory_ranges per 'page' ~ being a certain amount of memory)...

Question: how can I manage this "feature" (re/set write flag on-the-fly) via the injected code (or if needed, using Lua)?

Also: I'll do some additional research to see when/where that value is called and "integrated". Perhaps I can then bypass the need to have this static value being overwritten altogether...
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Feb 18, 2021 8:38 am    Post subject: Reply with quote

You can use fullaccess if you have a symbol to pass it before enabling.

https://wiki.cheatengine.org/index.php?title=Auto_Assembler:fullAccess
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 206

PostPosted: Thu Feb 18, 2021 9:14 am    Post subject: circumventing/ignoring static value... Reply with quote

^@sbryzl: I just finished testing/rewriting the opcode; and now working fine. Basically, I no longer touch the static value itself (normally this stays untouched anyways), but recalc the Xmm0 value thereafter... seems to do its job just fine.
(still need to run through some chapters to see its overall effect though)

As for your reference, I will definitely try this out with my prev version to see if it can work this way as well... I'll update when done, and have this topic 'closed' then...

And thx for all your suggestions btw.

ps: I also learned - after some more reading/testing - that one can not store/move the float from the float stack directly into a register (such as ebx). It seems that this can only be done via some mem_location/var?!
You can (obviously) use the address - found in a register - to store it in that location; but one can then just directly store it there ofc...


-EDIT-
changing protection flags for memory works as well. in line with my example, i've added:

fullAccess([pFOVmul],4)

to the AA Enabled section; and ce will then set - at that location (?) - a complete page RWE... The code - shown in the pdf - will then work as expected.

ps: I did not check whether the 'page' started at that particular location, or if it did "unlock" the mem_page, which contained that mem_address.
ps2: I also did some searching to see if this can be undone - f.e. upon disabling the script - but there does not seem to be a command/option_flag for that?!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites