 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
 Posted: Wed Jan 23, 2019 7:54 am Post subject: bug |
 |
|
cheat engine cant encode the following correctly, thus it cant decode it as well:
cheat engine assembles:
| Code: | mov [eax],eax // as 89 00 mov [rax],eax
mov [eax],rax // as 48 89 00 mov [rax],rax
mov [rax],rax // as 48 89 00 mov [rax],rax
mov [rax],eax // as 89 00 mov [rax],eax |
cheat engine disassembles:
| Code: | db 67 89 00 // as mov [rax],eax
db 67 48 89 00 // as mov mov [rax],rax
db 48 89 00 // as mov [rax],rax
db 89 00 // as mov [rax],eax |
original byte and opcode:
| Code: | db 67 89 00 // mov [eax],eax
db 67 48 89 00 // mov [eax],rax
db 48 89 00 // mov [rax],rax
db 89 00 // mov [rax],eax |
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Wed Jan 23, 2019 10:32 am Post subject: |
|
|
i don't see the bug.
Addressing always uses the registertype equal to the current addressing mode
so if you use [eax] in a 64 bit process you must have made a mistake and meant [rax]
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Wed Jan 23, 2019 2:04 pm Post subject: |
|
|
| Dark Byte wrote: | i don't see the bug.
Addressing always uses the registertype equal to the current addressing mode
so if you use [eax] in a 64 bit process you must have made a mistake and meant [rax] |
that means you are forcing the default addressing mode, even if intel provided an address size prefix.
you should not force to default addressing mode, even if beginners may make mistakes.
| Code: | alloc(longmode,256,$0)
registersymbol(longmode)
createthread(longmode)
longmode:
jmp short skip_data
nop
data:
dq 0
register_data:
dq 0
skip_data:
mov rdx,longmode
mov rax,FFFFFFFF00000000
or rax,rdx
mov qword ptr [register_data],rax
mov rdx,'DB CE'
db 67 48 89 50 03 // mov [eax+03],rdx
ret
{
67 - address size prefix
48 - REX prefix
longmode - add to address list (length 2-byte as hex) // points to entrypoint
"longmode"+03 - add to address list (string length 8) // points to data
"longmode"+0B - add to address list (length 8-byte as hex) // points to register_data
} |
by forcing to the defaults, mov [RAX+03],rdx writes to the wrong address.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Wed Jan 23, 2019 3:17 pm Post subject: |
|
|
Yeah, CE doesn't support the addressing switch flag at all right now.
But how many programs have you seen that use this ? (excluding hacks by other people)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Wed Jan 23, 2019 3:32 pm Post subject: |
|
|
maybe one program or so, and compilers will probably use the defaults. (32-bit operand size and 64-bit address size)
but hey CE will disassemble instructions with address size prefix incorrectly, and that can cause issues when storing register's address or so.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4297
|
| Posted: Wed Jan 23, 2019 11:43 pm Post subject: |
|
|
I don't see the point of adding it right now. Few people even know about it and even fewer will ever find any good reason to use it.
If you really want to enable it, you could use registerBinUtil or maybe registerAutoAssemblerPrologue / registerGlobalDisassembleOverride.
Note that some current AA scripts rely on this to reduce code duplication in portable code. e.g. some custom types assume [ecx] will be assembled as [rcx] when assembled as 64-bit code.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
