| View previous topic :: View next topic |
| Author |
Message |
mouser
Advanced Cheater
![]() Reputation: 0
Joined: 08 Mar 2015
Posts: 50
|
 Posted: Tue Oct 04, 2016 4:21 pm Post subject: How to handle movsd ? |
 |
|
What I usually do when looking for camera manipulation is something like this:
I find camera y, breakpoint on write and it looks like this:
| Code: | | movss [esi+64],xmm4 |
I see Y is at the offset of 64, then i nop out the instruction, create a label and registersymbol for the esi register then it looks like this:
| Code: |
//movss [esi+64],xmm4
mov [label],esi |
Make a pointer in the table with the name "label" and the offset of 64 and assign hotkeyes to it so I can move the camera around.
Works most of the time.
But now I've stumbled across the movsd instruction, using the above example of how to make a script for manilpulatiion of the camera, how would I achieve the same with this instruction? Screenshot of mem viewer at the bottom, above the highlighted call.
Reading the x86 instruction set reference it's saying this:
| Code: | | movsd - Move doubleword at address DS:(E)SI to address |
which left me a bit confused, it's probably very clear to you guys but why is the E in brackets? Why is it written that way?
| Description: |
|
| Filesize: |
52.77 KB |
| Viewed: |
9680 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Oct 04, 2016 4:28 pm Post subject: |
|
|
movsd copies 4 bytes from esi to edi, and increases esi and edi with 4
3 movsd instructions will copy 16 bytes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mouser
Advanced Cheater
![]() Reputation: 0
Joined: 08 Mar 2015
Posts: 50
|
| Posted: Tue Oct 04, 2016 4:47 pm Post subject: |
|
|
Hi Dark Byte, does that mean that when I intent to move the camera around that I have to use the edi register? How can I see the offset of edi (to get to xyz of the camera)? Or is there no offset because there is nothing defined after the instruction?
Then I don't understand how the camera is build here, I've never seen a game that builds its camera like this.
I mean this
| Code: | //movsd
mov [label],edi |
probably wouldn't work, right?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Oct 04, 2016 4:57 pm Post subject: |
|
|
read this:
as
| Code: |
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
mov eax, [esi+8]
mov [edi+8], eax
add edi, c
add esi, c
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mouser
Advanced Cheater
![]() Reputation: 0
Joined: 08 Mar 2015
Posts: 50
|
| Posted: Wed Oct 05, 2016 5:26 am Post subject: |
|
|
Hm, I think I lack the knowledge/imagination to think through that or better: to think of a script that would make this workable in the way I want it to.
I instinctively want to target edi here in some form.
When you say
That means c (hex=decimal 12)? so 3x4 for each of the 3 adresses?
Is movsd exactly the same as :
| Code: |
mov eax, [esi]
mov [edi], eax
add edi, 4
add esi, 4 |
?
So when injected as code it still would do exactly the same thing?
|
|
| Back to top |
|
|
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Wed Oct 05, 2016 6:16 am Post subject: |
|
|
| mouser wrote: | Hm, I think I lack the knowledge/imagination to think through that or better: to think of a script that would make this workable in the way I want it to.
I instinctively want to target edi here in some form.
When you say
That means c (hex=decimal 12)? so 3x4 for each of the 3 adresses?
Is movsd exactly the same as :
| Code: |
mov eax, [esi]
mov [edi], eax
add edi, 4
add esi, 4 |
?
So when injected as code it still would do exactly the same thing? |
Well, you have to restore the eax register to the original value, movsd doesn't really use eax, DarkByte gave you a pseudocode of what it does.
_________________
|
|
| Back to top |
|
|
mouser
Advanced Cheater
![]() Reputation: 0
Joined: 08 Mar 2015
Posts: 50
|
| Posted: Wed Oct 05, 2016 2:07 pm Post subject: |
|
|
I put a breakpoint on it and a break and trace (screenshot). This is the only way to see what is going on inside the movsd, right?
Or is it more complex than just looking at it that way? (I didn't check the value of cam Y but I believe I see it in the xmm0 register here, seems a bit too high though)
Is it better to inject somewhere else regardless to get control over the camera? I'm lacking the skills to even have an overview of what is happeng where at the movsd.
| Description: |
|
| Filesize: |
223.75 KB |
| Viewed: |
9550 Time(s) |
|
| Description: |
|
| Filesize: |
38.81 KB |
| Viewed: |
9550 Time(s) |
|
| Description: |
|
| Filesize: |
103.05 KB |
| Viewed: |
9550 Time(s) |
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
