Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CMP in x64 ~ symbol only 4 bytes long... <= Solved

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
paul44
Cheater
Reputation: 0

Joined: 20 Jul 2017
Posts: 29

PostPosted: Fri May 11, 2018 4:58 am    Post subject: CMP in x64 ~ symbol only 4 bytes long... <= Solved Reply with quote

I'm currently researching AC Rogue (x64), and bumped into following yesterday: when I compare a register with a symbol (from an aobscan), the debugger shows me that only the first 4 bytes are compared?! Even if I fill in the fixed hexvalue of 'BipedComponent', it still compares with the 1st 4 bytes... (also tried to explicitly "register" the symbol, but no luck either.

ps: 'goto address {BipedComponent'}' works fine.

Code:

[code]aobscanmodule(INJECT,ACC.exe,0F 28 41 30 48 8B CF)
alloc(newmem,$1000,"ACC.exe"+2249FD)

// "ACC.exe"+2249FD

aobscanmodule(BipedComponent,ACC.exe,48 8B 05 E9 27 B8 02)
//registersymbol(BipedComponent)

globalalloc(pPlayerCoord,8 )

label(code)
label(return)

newmem:
push rax
mov rax,[rbx]
mov rax,[rax+28]
//cmp rax,BipedComponent
cmp rax,1401DBC70
jne code
mov [pPlayerCoord],rcx
code:
pop rax
movaps xmm0,[rcx+30]
mov rcx,rdi
jmp return
[/code]

sidenote: I still can't seem to get the 'tagging' work correctly Rolling Eyes


Last edited by paul44 on Fri May 11, 2018 10:57 am; edited 1 time in total
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 15

Joined: 24 Feb 2017
Posts: 451
Location: 'Merica

PostPosted: Fri May 11, 2018 6:32 am    Post subject: Reply with quote

CMP only works on 32 bit immediates, so that's how it works. To compare 64 bits you have to use memory or a registry, or just use an offset and compare a few times.
http://www.felixcloutier.com/x86/CMP.html

Code:
//...
push rcx
mov rcx,BipedComponent
cmp rax,rcx
pop rcx
jne code
//...

_________________
Back to top
View user's profile Send private message
paul44
Cheater
Reputation: 0

Joined: 20 Jul 2017
Posts: 29

PostPosted: Fri May 11, 2018 10:57 am    Post subject: Solved Reply with quote

@TheyCallMeTim13: that was it. Thx!

I'm guessing here, but I assume that 'use an offset' means "cutting" qword into 2 dwords and have those CMP-ed...
If I recall well from a book I read, it is best to minimize either 'jump's and/or 'cmp's (cpu clockwise ~ speed). That said: push/pop-ing 2 registers is lightning fast, and obviously using the qword itself improves readability.
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 15

Joined: 24 Feb 2017
Posts: 451
Location: 'Merica

PostPosted: Fri May 11, 2018 4:08 pm    Post subject: Reply with quote

"'use an offset' means "cutting" qword into 2 dwords and have those CMP-ed"?
Yes.

Basically I meant some thing like this.

Code:
//...
mov eax,[rax+28]
cmp eax,BipedComponent
jne code
mov eax,[rax+2C]
cmp eax,BipedComponent+4
jne code
//...


But yeah, I think the other way is more readable.

_________________
Back to top
View user's profile Send private message
Bennetty
How do I cheat?
Reputation: 0

Joined: 14 May 2018
Posts: 1

PostPosted: Mon May 14, 2018 2:46 am    Post subject: Reply with quote

Thanks for the reply.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites