|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
paul44 Expert Cheater Reputation: 2
Joined: 20 Jul 2017 Posts: 152
|
Posted: Fri May 11, 2018 4:58 am Post subject: CMP in x64 ~ symbol only 4 bytes long... <= Solved |
|
|
I'm currently researching AC Rogue (x64), and bumped into following yesterday: when I compare a register with a symbol (from an aobscan), the debugger shows me that only the first 4 bytes are compared?! Even if I fill in the fixed hexvalue of 'BipedComponent', it still compares with the 1st 4 bytes... (also tried to explicitly "register" the symbol, but no luck either.
ps: 'goto address {BipedComponent'}' works fine.
Code:
[code]aobscanmodule(INJECT,ACC.exe,0F 28 41 30 48 8B CF)
alloc(newmem,$1000,"ACC.exe"+2249FD)
// "ACC.exe"+2249FD
aobscanmodule(BipedComponent,ACC.exe,48 8B 05 E9 27 B8 02)
//registersymbol(BipedComponent)
globalalloc(pPlayerCoord,8 )
label(code)
label(return)
newmem:
push rax
mov rax,[rbx]
mov rax,[rax+28]
//cmp rax,BipedComponent
cmp rax,1401DBC70
jne code
mov [pPlayerCoord],rcx
code:
pop rax
movaps xmm0,[rcx+30]
mov rcx,rdi
jmp return
[/code]
sidenote: I still can't seem to get the 'tagging' work correctly
Last edited by paul44 on Fri May 11, 2018 10:57 am; edited 1 time in total |
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Fri May 11, 2018 6:32 am Post subject: |
|
|
CMP only works on 32 bit immediates, so that's how it works. To compare 64 bits you have to use memory or a registry, or just use an offset and compare a few times.
http://www.felixcloutier.com/x86/CMP.html
Code: | //...
push rcx
mov rcx,BipedComponent
cmp rax,rcx
pop rcx
jne code
//... |
_________________
|
|
Back to top |
|
|
paul44 Expert Cheater Reputation: 2
Joined: 20 Jul 2017 Posts: 152
|
Posted: Fri May 11, 2018 10:57 am Post subject: Solved |
|
|
@TheyCallMeTim13: that was it. Thx!
I'm guessing here, but I assume that 'use an offset' means "cutting" qword into 2 dwords and have those CMP-ed...
If I recall well from a book I read, it is best to minimize either 'jump's and/or 'cmp's (cpu clockwise ~ speed). That said: push/pop-ing 2 registers is lightning fast, and obviously using the qword itself improves readability.
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Fri May 11, 2018 4:08 pm Post subject: |
|
|
"'use an offset' means "cutting" qword into 2 dwords and have those CMP-ed"?
Yes.
Basically I meant some thing like this.
Code: | //...
mov eax,[rax+28]
cmp eax,BipedComponent
jne code
mov eax,[rax+2C]
cmp eax,BipedComponent+4
jne code
//... |
But yeah, I think the other way is more readable.
_________________
|
|
Back to top |
|
|
Bennetty How do I cheat? Reputation: 0
Joined: 14 May 2018 Posts: 1
|
Posted: Mon May 14, 2018 2:46 am Post subject: |
|
|
Thanks for the reply.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|