Cheat Engine

reverser69 · Posted: Mon Dec 25, 2017 4:03 pm Post subject: problem with assembler

hi
I wanna assemble this:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"ACU.exe"+55D873F)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

cmp rdx,1455D7223
je patch1

cmp rdx,1455F1E0C
je patch2

cmp rdx,1455D87CA
je patch3
jmp originalcode

patch1:
mov eax,D11ABCAB
jmp originalcode

patch2:
mov eax,6795B2CE
jmp originalcode

patch3:
mov eax,074A8DA2A

originalcode:
mov [rbp+00],eax
jmp ACU.exe+55D5D0A

exit:
jmp returnhere

"ACU.exe"+55D873F:
jmp newmem
nop
nop
nop
returnhere:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"ACU.exe"+55D873F:
mov [rbp+00],eax
jmp ACU.exe+55D5D0A
//Alt: db 89 45 00 E9 C3 D5 FF FF

but what is assembled is this:
cmp rdx,455D7223 { [0] }
je 147850035
nop
nop
nop
nop
cmp rdx,455F1E0C { [00000000] }
je 147850048
nop
nop
nop
nop
cmp rdx,455D87CA { [0] }
je 14785005B
nop
nop
nop
nop
jmp 147850060
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax,D11ABCAB { -786776917 }
jmp 147850060
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax,6795B2CE { ["WKjtp¯e??qޞ??tx?????????h3????Cpت????i葅?–c?,?m?I"] }
jmp 147850060
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax,74A8DA2A { [0] }
mov [rbp+00],eax
jmp ACU.exe+55D5D0A
jmp ACU.exe+55D8747

why?????

OldCheatEngineUser · Jul 26, 2020

explain what are you trying to do.

you are comparing rdx with hex value, is it a floating point value? or an address?

if its an address is it dynamic? or static?

if its static then put the module address, same thing for patch x labels.

reverser69 · Posted: Mon Dec 25, 2017 4:17 pm Post subject:

patchx are instant values

and rdx are static addres

OldCheatEngineUser · Jul 26, 2020

static addresses 0{000}0000 the bytes inside the curly brackets can change.
so make sure you put the module address instead.

in your case ACU.exe+xxxxx

reverser69 · Posted: Mon Dec 25, 2017 4:45 pm Post subject:

i just want them to get treated as values not addresses.ce assembles them as address.

cmp rdx,140007ECA
becomes:
cmp rdx,40007ECA

i put moddle addres but same problem 140007ECA become 40007ECA

OldCheatEngineUser · Jul 26, 2020

put them in square brackets [ ... ]
so you can compare the value of that address with rdx

reverser69 · Posted: Tue Dec 26, 2017 3:22 am Post subject:

I think I'm not explaining good enough
cmp rdx,140007ECA:
140007ECA is an immediate value like 6. but ce assemble it as an address.
my problem also is that 140007ECA is assembled 40007ECA. I don't know if it's a x64-x86 issue or not.
or I don't understand you
can you please correct this script for me?
cmp rdx,140007ECA //constant
je patch1
cmp rdx,1455F1E0C //constant
je patch2
cmp rdx,1455D87CA //constant
je patch3
jmp originalcode

patch1:
mov eax,D54F1D3C //constant
jmp originalcode
patch2:
mov eax,6795B2CE //constant
jmp originalcode
patch3:
mov eax,74A8DA2A //constant

originalcode:
mov [rbp+00],eax
jmp ACU.exe+2890347

panraven · Posted: Tue Dec 26, 2017 6:13 am Post subject:

In x86-64 instructions, 'mov' should be the only instruction having a 64-bit (8 bytes) imm values, so CE truncate the higher 4 bytes in the 'cmp' instruction. Note the 'jmp' instruction encode a 64-bit values (jump target address) as 32-bit offset from that 'jmp' instruction.

Here a sample code to move the 64-bit imm values to a data area (jmpTable) and use memory addressing with relative offset to access them.

reverser69 · Posted: Wed Dec 27, 2017 6:18 am Post subject:

great.thanks.I already solved the issue in some newb way but this code is handier.