 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
lazybug
Newbie cheater
![]() Reputation: 0
Joined: 06 Dec 2011
Posts: 10
|
 Posted: Mon Feb 20, 2012 4:47 am Post subject: What the error of the CEA for search encode float value |
 |
|
Hi:
The game apply enocded float value to attribut of it's object. I found the encode/decode codes. and I write a cea for search the encoded data in game by CE.
the key of the data is stored in the address of the data minus 4.
but when I search the value ,the error msgbox popup with access violation.
any ideas?
ps: the type of the data is float (4bytes)
| Code: |
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(tmpvalue,4)
label(loccc)
TypeName:
db 'Encode Test',0
ByteSize:
dd 4
tmpvalue:
dd 4
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
push ebp
mov ebp,esp
push ebx
push ecx
push edi
push esi
mov eax,dword ptr [ebp+8] //key addr
lea ebx,dword ptr [eax+4] //data addr
mov ecx,dword ptr [ebx]
mov [tmpvalue],ecx
mov eax,dword ptr [tmpvalue]
mov bl, al
xor bl, byte ptr [edi+3]
mov byte ptr [tmpvalue], bl
mov ecx, 3
loccc:
lea esi, dword ptr [tmpvalue+ecx]
lea edx, dword ptr [ecx-1]
mov ecx, edx
and ecx, 3
mov al, [ecx+edi]
xor al,byte ptr [esi]
mov ecx,edx
test ecx,ecx
mov byte ptr [esi],bl
mov bl,al
ja loccc
mov byte ptr [tmpvalue], al
mov eax,dword ptr [tmpvalue]
pop esi
pop edi
pop ecx
pop ebx
pop ebp
ret 4
// not use!
ConvertBackRoutine:
push ebp
mov ebp,esp
push eax
push ecx
mov ecx,dword ptr [ebp+8]
mov eax,dword ptr [ebp+c]
xor ecx,087654321
mov dword ptr [eax],ecx
pop ecx
pop eax
pop ebp
ret 8
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Mon Feb 20, 2012 5:54 am Post subject: |
|
|
If I read your code correctly then bytesize should be 8: 4 bytes for the actual value followed by 4 bytes for the key that is directly after it
also:
| Code: |
xor bl, byte ptr [edi+3]
|
Where do you get EDI from ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
lazybug
Newbie cheater
![]() Reputation: 0
Joined: 06 Dec 2011
Posts: 10
|
| Posted: Mon Feb 20, 2012 8:50 pm Post subject: oops! |
|
|
Thks for reply!
I miss a instruction when I copy the codes from a c++ editor.
| Code: |
mov eax,dword ptr [ebp+8] //key addr
mov edi,eax
lea ebx,dword ptr [eax+4] //data addr
|
I fixed it then the search can run without error msgbox. but the display value is displayed as Int value. How to modify the script to seacrh the encode value as a float? and is there exmples for CEA custom scan ?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Tue Feb 21, 2012 1:28 am Post subject: |
|
|
change
| Code: |
mov byte ptr [tmpvalue], al
mov eax,dword ptr [tmpvalue]
|
to
| Code: |
mov byte ptr [tmpvalue], al
cvtss2si eax,[tmpvalue]
|
That converts the tmpvalue to an integer
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
lazybug
Newbie cheater
![]() Reputation: 0
Joined: 06 Dec 2011
Posts: 10
|
| Posted: Thu Feb 23, 2012 1:50 am Post subject: |
|
|
I'm sorry .It's not working ,even I change the last code to cvtss2si eax,[tmpvalue]
the value is not displayed as float type.
the contents in the found list is as :
cvtss2si eax,[tmpvalue]
[img][/img]
| Description: |
|
| Filesize: |
11.4 KB |
| Viewed: |
6370 Time(s) |
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Thu Feb 23, 2012 3:23 am Post subject: |
|
|
Multiply the output with 10 before converting to an integer, and instead of looking for 0.2 look for 2
| Code: |
alloc(tmpxmm,16)
alloc(value10,4)
value10:
dd (float)10
...
movups [tmpxmm],xmm0 //save the xmm0 register (tip: use movaps if you're sure tmpxmm is on a 16 byte boundary)
movss xmm0,[tmpvalue] //load the float value into xmm0
mulss xmm0,[value10] //multiply by 10
cvtss2si eax,xmm0 //convert the result to integer
movups xmm0,[tmpxmm] //restore xmm0
|
edit: Actually, not even sure if CE cares if xmm is modified or not, during custom scans it doesn't do anything with float
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Fri Feb 24, 2012 5:52 am; edited 1 time in total |
|
| Back to top |
|
|
lazybug
Newbie cheater
![]() Reputation: 0
Joined: 06 Dec 2011
Posts: 10
|
| Posted: Thu Feb 23, 2012 8:43 pm Post subject: |
|
|
Thks I'll try it.
if next version of CE support multi data type custom scan will be better. 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
