Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Injection Copy RSI Register

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 63
PostPosted: Sat Mar 14, 2020 10:14 am    Post subject: Injection Copy RSI Register Reply with quote
I am trying to make an Injection Copy of the RSI register:

Code:
label(code)
label(owncoordcode)
label(return)

globalalloc(_baseycoord,4)

newmem:

code:
  cmp [rsi+34c],0
  jne owncoordcode
  movss [rsi+00000154],xmm10
  jmp return


owncoordcode:
  mov [_baseycoord],rsi                         <----------
  movss [rsi+00000154],xmm10
  jmp return


coordreadY:
  jmp newmem
  nop 4
return:
registersymbol(coordreadY)


Not working, probably because of a byte lenght difference. If so, how can i get rsi into _baseycoord?

Thanks ^^
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 62

Joined: 01 Oct 2008
Posts: 958
PostPosted: Sat Mar 14, 2020 12:11 pm    Post subject: This post has 1 review(s) Reply with quote
I've tested on ce 6.7 that 'globalalloc' will at least allocate 16 byte, for it seems always start on a 16 bytes boundary, ie last hex-digit of globalalloc address is 0.
'alloc' will still packed so that next alloc in same script will be adjacent to previous.

For OP's code, it is not working because not many x86 asm instruct can have 64bit constant/literal. It may need a register to hold the literal then do operation with that register,ie.
Code:

push    rax
  mov   rax,_baseycoord
  mov   [rax],rsi
pop     rax

_________________
- Retarded.
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334
PostPosted: Sat Mar 14, 2020 12:18 pm    Post subject: Reply with quote
Oh apparently I still have to learn, consequently I will delete my post given the presence of misleading content, thanks Panraven Surprised
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 63
PostPosted: Sat Mar 14, 2020 3:16 pm    Post subject: Reply with quote
panraven wrote:
I've tested on ce 6.7 that 'globalalloc' will at least allocate 16 byte, for it seems always start on a 16 bytes boundary, ie last hex-digit of globalalloc address is 0.
'alloc' will still packed so that next alloc in same script will be adjacent to previous.

For OP's code, it is not working because not many x86 asm instruct can have 64bit constant/literal. It may need a register to hold the literal then do operation with that register,ie.
Code:

push    rax
  mov   rax,_baseycoord
  mov   [rax],rsi
pop     rax


Game crashes...
Maybe u meant something like this?

Code:

push    rax
  mov   [rax],rsi
  mov   rax,_baseycoord
pop     rax
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 62

Joined: 01 Oct 2008
Posts: 958
PostPosted: Sat Mar 14, 2020 3:37 pm    Post subject: Reply with quote
No, the rax in your version can be any number at the line mov [rax],rsi it will not be what you expect.

Paste more code in your script may get more accurate suggestion.

For I guess, you're using 'alloc(newmem,size)' instead 'alloc(newmem,size,address_jump_from)'. The latter version will try alloc newmem NEAR address_jump_from, which may be necessary for 64-bit jump instruction to not overwrite game code unexpectedly.
Code:

alloc(newmem,$1000,coordreadY)

_________________
- Retarded.
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 63
PostPosted: Sat Mar 14, 2020 5:58 pm    Post subject: Reply with quote
panraven wrote:
No, the rax in your version can be any number at the line mov [rax],rsi it will not be what you expect.

Paste more code in your script may get more accurate suggestion.

For I guess, you're using 'alloc(newmem,size)' instead 'alloc(newmem,size,address_jump_from)'. The latter version will try alloc newmem NEAR address_jump_from, which may be necessary for 64-bit jump instruction to not overwrite game code unexpectedly.
Code:

alloc(newmem,$1000,coordreadY)



Full code:
Code:

[ENABLE]

aobscanmodule(coordreadY,UnityPlayer.dll,F3 44 0F 11 96 54 01 00 00)
alloc(newmem,$1000,"UnityPlayer.dll"+EEF756)

label(code)
label(owncoordcode)
label(return)

globalalloc(_baseycoord,4)

newmem:

code:
  cmp [rsi+128],0
  jne owncoordcode
  movss [rsi+00000154],xmm10
  jmp return


owncoordcode:
  push rax
  mov rax,_baseycoord
  mov [rax],rsi
  pop rax
  movss [rsi+00000154],xmm10
  jmp return


coordreadY:
  jmp newmem
  nop 4
return:
registersymbol(coordreadY)

[DISABLE]

coordreadY:
  db F3 44 0F 11 96 54 01 00 00

unregistersymbol(coordreadY)
dealloc(newmem)


EDIT: It was a typo error. It works Smile

So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4703
PostPosted: Sat Mar 14, 2020 10:34 pm    Post subject: Reply with quote
LewcowVaal wrote:
So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct?

It's an instruction set architecture limitation. It's not a valid addressing mode; there's simply no way for the processor to do that operation.

If the globalalloc used the same third parameter as the newmem alloc, then CE could assemble the original instruction since the processor would be able to effectively do that operation using RIP-relative addressing.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sun Mar 15, 2020 1:26 am    Post subject: Reply with quote
Side note, your globalalloc is for 4 bytes, but you are trying to store 8 in it.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 63
PostPosted: Sun Mar 15, 2020 5:14 am    Post subject: Reply with quote
ParkourPenguin wrote:
LewcowVaal wrote:
So basically i am using RAX as _baseycoord. I am doing all this because of a compiler limitation. Correct?

It's an instruction set architecture limitation. It's not a valid addressing mode; there's simply no way for the processor to do that operation.

If the globalalloc used the same third parameter as the newmem alloc, then CE could assemble the original instruction since the processor would be able to effectively do that operation using RIP-relative addressing.


Mh.. got it. I guess i have still a lot to learn Rolling Eyes



atom0s wrote:
Side note, your globalalloc is for 4 bytes, but you are trying to store 8 in it.


I will fix that Very Happy , even tho 4 byte works. Maybe because, as panraven said, from his tests he saw that globalalloc will always allocate a minimum of 16 bytes.... Confused

Anyway thanks guys! Very useful information, gonna add this topic to favorites.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites