| View previous topic :: View next topic |
| Author |
Message |
TheByteSize
Advanced Cheater
![]() Reputation: 0
Joined: 06 Aug 2015
Posts: 62
|
 Posted: Tue Sep 08, 2015 5:25 pm Post subject: registersymbol size |
 |
|
| I'm trying to store an address into a registersymbol. But as default, symbol can only accept up to 8 digits, how can I increase that size?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25856
Location: The netherlands
|
| Posted: Tue Sep 08, 2015 5:48 pm Post subject: |
|
|
Why do you think symbols can only accept 8 digits ?
It works fine with 64-bit addresses
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
TheByteSize
Advanced Cheater
![]() Reputation: 0
Joined: 06 Aug 2015
Posts: 62
|
| Posted: Tue Sep 08, 2015 5:58 pm Post subject: |
|
|
| Dark Byte wrote: | Why do you think symbols can only accept 8 digits ?
It works fine with 64-bit addresses |
I tried to store the address from RAX into baseAdr(symbol) and when I reuse the symbol as pointer, it's missing leading 1 digit.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Sep 08, 2015 6:03 pm Post subject: |
|
|
Post the code in question and we can let you know where you went wrong.
mov [baseAdr],rax
Should've worked just fine.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25856
Location: The netherlands
|
| Posted: Tue Sep 08, 2015 6:16 pm Post subject: |
|
|
Is baseAdr located within 2GB of the assembler code that accesses it? (are you properly using the 3th parameter of alloc ? )
if not, then you'll have to deal with the possibility that the distance can be bigger
in which case you'll have to code like this:
| Code: |
push rbx
mov rbx,baseAdr
mov [rbx],rax
pop rbx
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
TheByteSize
Advanced Cheater
![]() Reputation: 0
Joined: 06 Aug 2015
Posts: 62
|
| Posted: Tue Sep 08, 2015 6:35 pm Post subject: |
|
|
EAX has 142AC9C88
but GMP has 42AC9C88 (8 digits only) 
| Code: |
aobscanmodule(MoneyReadAOB,mgsvtpp.exe,8B 00 89 86 F4 12 00 00) // should be unique
registersymbol(MoneyReadAOB)
alloc(newmem,2048,"mgsvtpp.exe"+3CDE7C3)
label(code)
label(return)
label(GMP)
registersymbol(GMP)
newmem:
mov [GMP],eax
code:
mov eax,[rax]
mov [rsi+000012F4],eax
jmp return
GMP:
dd 0
MoneyReadAOB:
jmp newmem
nop
nop
nop
return:
[DISABLE]
MoneyReadAOB:
db 8B 00 89 86 F4 12 00 00
unregistersymbol(GMP)
unregistersymbol(MoneyReadAOB)
dealloc(newmem)
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25856
Location: The netherlands
|
| Posted: Tue Sep 08, 2015 6:41 pm Post subject: |
|
|
EAX can not contain 142AC9C88 as EAX is a 32-bit register
RAX (which is 64-bit) does contain 142AC9C88, but EAX will contain 42AC9C88
so use:
and replace
with
Just in case you ever decide to add code or other variables after it
Or better yet, replace label(GMP) with
| Code: |
alloc(GMP,8,"mgsvtpp.exe"+3CDE7C3)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
TheByteSize
Advanced Cheater
![]() Reputation: 0
Joined: 06 Aug 2015
Posts: 62
|
| Posted: Tue Sep 08, 2015 6:55 pm Post subject: |
|
|
RAX is what I needed instead of EAX.
Thanks for pointing out EAX is 32 bit only.
Code works as intended now.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
