| View previous topic :: View next topic |
| Author |
Message |
dlpb
Advanced Cheater
![]() Reputation: 0
Joined: 11 Dec 2013
Posts: 78
|
 Posted: Fri Jan 26, 2018 1:15 am Post subject: Bug: and FFFFFFFF |
 |
|
| when using "and FFFFFFFF" Cheat Engine insists on using "And FF" - which is not the same thing. Ex: And eax, FFFFFFFF
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25859
Location: The netherlands
|
| Posted: Fri Jan 26, 2018 3:23 am Post subject: |
|
|
And have you checked the result of EAX after execution ? It's possible it's using the size sign extended version of the instruction (where it takes an 8 bit value and sign extend it based on the most significant bit), which does exactly the same, but takes less bytes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Fri Jan 26, 2018 7:55 am Post subject: |
|
|
whats the size of the register?
and CE assembles:
as:
which is pretty much the same, i dont think when its a memory location it will make any difference either.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
dlpb
Advanced Cheater
![]() Reputation: 0
Joined: 11 Dec 2013
Posts: 78
|
| Posted: Sat Jan 27, 2018 8:37 pm Post subject: |
|
|
When you are dealing with masks, surely FF FF FF FF is not at all the same as FF, which will be seen as 00 00 00 FF? This will mask out the first 24 bits but not the last (reverse order).
I didn't check the result, so perhaps the compiler does a trick where it doesn't care. But if that's the case, how would I add a mask of 00 00 00 FF? Will CE always default to FF?
The size of the register is obvious. I told you it was eax.
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Sat Jan 27, 2018 9:48 pm Post subject: |
|
|
I think it's just a special version of and, see these variously assembled versions (x86 tutorial, not sure if these change at all in x64 but I know some do so...)
| Code: |
address - Bytes - instruction { typed instruction }
Tutorial-i386.exe+290 - 83 E0 FF - and eax,-01 { and eax, FFFFFFFF }
Tutorial-i386.exe+293 - 25 FF000000 - and eax,000000FF { and eax, 00000000FF }
Tutorial-i386.exe+298 - 25 FF000000 - and eax,000000FF { and eax, 00FF }
Tutorial-i386.exe+29D - 25 000000FF - and eax,FF000000 { and eax,FF000000 }
Tutorial-i386.exe+2A2 - 66 25 FF00 - and ax,00FF { and ax, FF }
Tutorial-i386.exe+2A6 - 24 FF - and al,-01 { and al, FF }
Tutorial-i386.exe+2A8 - 25 FF000000 - and eax,000000FF { and eax, FF}
|
|
|
| Back to top |
|
|
dlpb
Advanced Cheater
![]() Reputation: 0
Joined: 11 Dec 2013
Posts: 78
|
| Posted: Sat Jan 27, 2018 11:19 pm Post subject: |
|
|
| Thanks! CE also allows 000000FF if that's what is entered literally. Still, I'd think entering 'and eax,FF' into CE should yield the above value and not a version of "FFFFFFFF".
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Sun Jan 28, 2018 12:41 am Post subject: |
|
|
Because you're using a registry as an operand, the immediate gets turned in to the same size as the registry, this is common/expected behavior in assemblers.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
