| View previous topic :: View next topic |
| Author |
Message |
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 206
|
 Posted: Wed Feb 17, 2021 1:40 pm Post subject: Working with floats: load & store... [Closed] |
 |
|
I'm currently working on Mirror's Edge, and adding a FOV feature to the table. UE engine uses a specific multiplier for that, but not very userfriendly to manipulate. So i want users to offer a more "common" FOV option. My struggle: can't get the (static) variable updated...
Table code: [ https://www.dropbox.com/s/9j6x29oj0keyw2w/ME_StoreFloat.png?dl=0 ]
Basically: i'm applying the 'rule of 3': 0.0087266 ~= 90 (fov). by using temp variables, users can enter a FOV value, and I'll do the math in the back, updating the (static) multiplier... My problem: as soon as I hit 'fstp dword ptr [ebx]' the game crashes...?
(plenty of examples doing "similar" stuff here and @stackoverflow (be it them examples do [esi+10] or something ~ should logically make no diff...)
ps: storing @ stack is no issue either; it's getting that mem_address updated. and btw: I can easily/manually change the value in the table, and that works fine. (but that would mean - as a user - that you'll have to do some guessing/calculations yourself...)
ps2: if anyone knows of a good manual/paper on float-handling, might pointing me in the right direction? I have a wiki page, but most of that is "basic" and just a command sum_up...
Last edited by paul44 on Thu Feb 18, 2021 12:19 pm; edited 1 time in total |
|
| Back to top |
|
 |
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Wed Feb 17, 2021 2:16 pm Post subject: |
|
|
| Are you popping a float you didn't load? If so just use fst instead of fstp. |
|
| Back to top |
|
|
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 206
|
| Posted: Thu Feb 18, 2021 3:25 am Post subject: |
|
|
^ I did load the float first (see dropbox image above), but just to be sure tried without pop-ing... and same thing...
as I said before: if i do something like 'fstp dword ptr [esp] - making sure to sub/add stack accordingly - I get that value onto the stack without probs...?!
ps: I did also verify if anything important on the float stack was still needed, but "apparently" not (within the level of my experience ofc).
oh yeah: if I do a 'fstp dword ptr [pFOVmul], that "works" fine as well, but basically overwrites my 'pointer' address... (and the game keeps running ofc) |
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Feb 18, 2021 8:03 am Post subject: |
|
|
| Code: | push ebx
mov ebx,[12440020]
lea ebx,[ebx]
fstp st(0)
pop ebx |
put a find what accesses trace on lea ebx,[ebx] and see what comes up |
|
| Back to top |
|
|
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 206
|
| Posted: Thu Feb 18, 2021 8:19 am Post subject: memory readonly |
|
|
^ I came to me as a "flash in the pan"... that mem_address is actually 'protected' and set as 'Read' (it is a 'green/static' address after all). As soon as i change its protection to Read/Write, it works as expected...
Basically - since the CE gui allows one to change such memory without problems - I have to conclude that the interface temporarily allows to write to that address, and then sets it back to 'read' (only)...
(checked protection prior/after manually change, and the memory(page) remains 'read').
However: when I change the protection manually, it sets that whole 'page' to read (i am not a mem-connaisseur, so i'm guessing that windows - and CE - manages memory_ranges per 'page' ~ being a certain amount of memory)...
Question: how can I manage this "feature" (re/set write flag on-the-fly) via the injected code (or if needed, using Lua)?
Also: I'll do some additional research to see when/where that value is called and "integrated". Perhaps I can then bypass the need to have this static value being overwritten altogether... |
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
|
| Back to top |
|
|
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 206
|
| Posted: Thu Feb 18, 2021 9:14 am Post subject: circumventing/ignoring static value... |
|
|
^@sbryzl: I just finished testing/rewriting the opcode; and now working fine. Basically, I no longer touch the static value itself (normally this stays untouched anyways), but recalc the Xmm0 value thereafter... seems to do its job just fine.
(still need to run through some chapters to see its overall effect though)
As for your reference, I will definitely try this out with my prev version to see if it can work this way as well... I'll update when done, and have this topic 'closed' then...
And thx for all your suggestions btw.
ps: I also learned - after some more reading/testing - that one can not store/move the float from the float stack directly into a register (such as ebx). It seems that this can only be done via some mem_location/var?!
You can (obviously) use the address - found in a register - to store it in that location; but one can then just directly store it there ofc...
-EDIT-
changing protection flags for memory works as well. in line with my example, i've added:
fullAccess([pFOVmul],4)
to the AA Enabled section; and ce will then set - at that location (?) - a complete page RWE... The code - shown in the pdf - will then work as expected.
ps: I did not check whether the 'page' started at that particular location, or if it did "unlock" the mem_page, which contained that mem_address.
ps2: I also did some searching to see if this can be undone - f.e. upon disabling the script - but there does not seem to be a command/option_flag for that?! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
