Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Reversing question

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris

PostPosted: Thu Jul 09, 2015 11:00 am    Post subject: Reversing question Reply with quote

Hi,
While "looking what accesses this variable" and seeing a ret instruction here, is it safe to assume that a class destructor is being used to clean dynamically allocated variable ?
Or is it the case for just any dynamically allocated variable that is ended through the use of "delete" ?
Or is it something else ?
thanks
Back to top
View user's profile Send private message
Syperus
Advanced Cheater
Reputation: 1

Joined: 05 Jun 2011
Posts: 61

PostPosted: Thu Jul 09, 2015 11:35 am    Post subject: Re: Reversing question Reply with quote

ulysse3131 wrote:
Hi,
While "looking what accesses this variable" and seeing a ret instruction here, is it safe to assume that a class destructor is being used to clean dynamically allocated variable ?
Or is it the case for just any dynamically allocated variable that is ended through the use of "delete" ?
Or is it something else ?
thanks


Do you have an specific code your looking at that you could share? Is it just ret or retn, or retf? But no it's not calling a destructor of the class. Those are usually called as a program is closing since classes usually have functions within it that are going to be used throughout the program. The only time you call the desctructor directly is when you create a new object using the new keyword to free up the resources after it is no longer needed. Otherwise you get into memory leaks.

Anyways back on topic. ret is returning (pop'n) the last value from the stack as you would return in high level languages (return 0, return 1 ect). retn means to return near, and retf means to return far. retn and retf were used back in the older days, but now a days all you need to do is call ret and the compiler will decipher which needs to be called. At least that's how I remember it. Been awhile since i've done anything with asm, but starting to get back into it.

Edit: Also this probably should have been posted in the Gereral Programming section since it's more related to programming and might get more replies if other programmers are looking in that section more. Js! Smile
Back to top
View user's profile Send private message
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris

PostPosted: Thu Jul 09, 2015 1:02 pm    Post subject: Reply with quote

Sweet answer, thanks ! Had only seen retn once, had no idea what it was, never seen retf.

But yes, this was a simple ret.
The variable holds the number of a specific inventory item, the same lines of codes update the amount of every inventory items.

So i was looking at the amount of potions and when i transfered every potion from my inventory to my bank (therefore no longer having potions in inventory) my variable took several values that made little sense, got zero'd and eventually deallocated if i remember correctly (turned into "??").

I could understand the asm of every code that accessed it except for ret, i was expecting code reading it, writing it, even add[] stuff (which there was). I am trying to make sense of how the inventory is handled (not even trying to cheat my item number) so here i was wondering where that ret came from.

It seems to me that this "The only time you call the desctructor directly is when you create a new object using the new keyword to free up the resources after it is no longer needed. Otherwise you get into memory leaks. " is what happened (ie i freed an inventory slot which the game probably renewed.

"Anyways back on topic. ret is returning (pop'n) the last value from the stack as you would return in high level languages (return 0, return 1 ect)"

That's interesting, so that means that if a variable is accessed by a ret then it is necassarily a stack variable ? Do you know which asm code is showing up when a variable is deallocated ?

Thanks for the section tip, next time i open one of those thread i will make sure i post it in the right place.
Back to top
View user's profile Send private message
Syperus
Advanced Cheater
Reputation: 1

Joined: 05 Jun 2011
Posts: 61

PostPosted: Thu Jul 09, 2015 6:03 pm    Post subject: This post has 1 review(s) Reply with quote

ulysse3131 wrote:
That's interesting, so that means that if a variable is accessed by a ret then it is necassarily a stack variable ?

Everything (variables, instructions, ect) is in the stack. The easiest way to think of a stack is to think of it like a can of Pringles. The last one in (push'd) is the first one out (pop'd). Same goes for deallocating in high level language. Last one allocated is the first one deallocated. The ret is usually the return of a function i.e. the end of it. Here's an example. I'm working on the game Alien Isolation. Here is the function for the health:
Code:

AI.exe+3AD730 - 56                    - push esi
AI.exe+3AD731 - 8B F1                 - mov esi,ecx
AI.exe+3AD733 - 66 83 7E 1C 00        - cmp word ptr [esi+1C],00
AI.exe+3AD738 - 0F85 88000000         - jne AI.exe+3AD7C6
AI.exe+3AD73E - 8B 4E 24              - mov ecx,[esi+24]
AI.exe+3AD741 - 8B 01                 - mov eax,[ecx]
AI.exe+3AD743 - 8B 50 1C              - mov edx,[eax+1C]
AI.exe+3AD746 - 57                    - push edi
AI.exe+3AD747 - FF D2                 - call edx
AI.exe+3AD749 - 8D 88 D02C0000        - lea ecx,[eax+00002CD0]
AI.exe+3AD74F - E8 FC96EDFF           - call AI.exe+286E50
AI.exe+3AD754 - 8B 7C 24 0C           - mov edi,[esp+0C]
AI.exe+3AD758 - 8B 4E 24              - mov ecx,[esi+24]
AI.exe+3AD75B - 85 FF                 - test edi,edi
AI.exe+3AD75D - 74 2A                 - je AI.exe+3AD789
AI.exe+3AD75F - 8B 01                 - mov eax,[ecx]
AI.exe+3AD761 - 8B 50 1C              - mov edx,[eax+1C]
AI.exe+3AD764 - FF D2                 - call edx
AI.exe+3AD766 - 8B 80 F42F0000        - mov eax,[eax+00002FF4]
AI.exe+3AD76C - 85 C0                 - test eax,eax
AI.exe+3AD76E - 74 0E                 - je AI.exe+3AD77E
AI.exe+3AD770 - 33 C9                 - xor ecx,ecx
AI.exe+3AD772 - 83 78 10 0A           - cmp dword ptr [eax+10],0A
AI.exe+3AD776 - 0F95 C1               - setne cl
AI.exe+3AD779 - 49                    - dec ecx
AI.exe+3AD77A - 23 C1                 - and eax,ecx
AI.exe+3AD77C - EB 02                 - jmp AI.exe+3AD780
AI.exe+3AD77E - 33 C0                 - xor eax,eax
AI.exe+3AD780 - 89 78 24              - mov [eax+24],edi
AI.exe+3AD783 - 8B 57 50              - mov edx,[edi+50]
AI.exe+3AD786 - 89 50 28              - mov [eax+28],edx
AI.exe+3AD789 - C7 46 0C 04000000     - mov [esi+0C],00000004
AI.exe+3AD790 - 85 FF                 - test edi,edi
AI.exe+3AD792 - 74 31                 - je AI.exe+3AD7C5
AI.exe+3AD794 - 8B BF 1C030000        - mov edi,[edi+0000031C]
AI.exe+3AD79A - 85 FF                 - test edi,edi
AI.exe+3AD79C - 74 27                 - je AI.exe+3AD7C5
AI.exe+3AD79E - 80 7F 48 00           - cmp byte ptr [edi+48],00
AI.exe+3AD7A2 - 74 21                 - je AI.exe+3AD7C5
AI.exe+3AD7A4 - 8B 46 24              - mov eax,[esi+24]
AI.exe+3AD7A7 - 8B 40 64              - mov eax,[eax+64]
AI.exe+3AD7AA - 8B 40 04              - mov eax,[eax+04]
AI.exe+3AD7AD - 83 F8 02              - cmp eax,02
AI.exe+3AD7B0 - 74 05                 - je AI.exe+3AD7B7
AI.exe+3AD7B2 - 83 F8 07              - cmp eax,07
AI.exe+3AD7B5 - 75 0E                 - jne AI.exe+3AD7C5
AI.exe+3AD7B7 - 6A 02                 - push 02
AI.exe+3AD7B9 - E8 02C4C8FF           - call AI.exe+39BC0
AI.exe+3AD7BE - 8B C8                 - mov ecx,eax
AI.exe+3AD7C0 - E8 ABC4C8FF           - call AI.exe+39C70
AI.exe+3AD7C5 - 5F                    - pop edi
AI.exe+3AD7C6 - 8B CE                 - mov ecx,esi
AI.exe+3AD7C8 - E8 9333FEFF           - call AI.exe+390B60
AI.exe+3AD7CD - 5E                    - pop esi
AI.exe+3AD7CE - C2 0400               - ret 0004

Notice at the end the ret 0004 is called. This is the end of that function and is returned.


ulysse3131 wrote:
Do you know which asm code is showing up when a variable is deallocated ?

I've seen it show up with add before. Something like
Code:
add $sp, 4
Back to top
View user's profile Send private message
gir489
Grandmaster Cheater
Reputation: 14

Joined: 03 Jan 2012
Posts: 835
Location: Maryland, United States

PostPosted: Fri Jul 10, 2015 4:48 pm    Post subject: Reply with quote

There might be a delay in the debugger's time the exception is thrown, and the time EIP is read.

Use VEH for reliability.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites