| View previous topic :: View next topic |
| Author |
Message |
makotech222
Expert Cheater
![]() Reputation: 0
Joined: 12 May 2011
Posts: 199
|
 Posted: Sun Jan 31, 2021 10:52 am Post subject: Question on Big Endian in aob script |
 |
|
I have the following instruction in my aob script:
movbe [r8+rax],edx
I want to have it write a constant BE value of 512. It won't compile with just:
movbe [r8+rax],512
Is there a way to write a constant value with movbe?
Thanks!
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sun Jan 31, 2021 11:43 am Post subject: |
|
|
Edit: cmovbe != movbe
| This idiot wrote: | The "be" in movbe stands for below or equal, not big endian.
movbe is a variant of movcc that moves data if rflags indicates a below-or-equal condition.
| Code: | cmp eax,ebx
movbe [edx],eax |
This moves eax into the memory at edx if eax <= ebx (unsigned comparison); else, do nothing.
There is no encoding of the movcc set of instructions that accepts immediate values. You'll need to move that into edx beforehand:
| Code: | mov edx,512 // mov instructions don't modify rflags; this is fine
movbe [r8+rax],edx |
Or use an unconditional move if the condition doesn't matter to you:
Or use a jcc instead for more complicated conditional logic:
| Code: | ja notBelowOrEqual
// your code here
mov [r8+rax],512
notBelowOrEqual: |
|
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Sun Jan 31, 2021 12:43 pm; edited 1 time in total |
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Sun Jan 31, 2021 11:45 am Post subject: |
|
|
| mov [r8+rax],12050000
|
|
| Back to top |
|
|
makotech222
Expert Cheater
![]() Reputation: 0
Joined: 12 May 2011
Posts: 199
|
| Posted: Sun Jan 31, 2021 12:25 pm Post subject: |
|
|
| ParkourPenguin wrote: | The "be" in movbe stands for below or equal, not big endian.
movbe is a variant of movcc that moves data if rflags indicates a below-or-equal condition.
| Code: | cmp eax,ebx
movbe [edx],eax |
This moves eax into the memory at edx if eax <= ebx (unsigned comparison); else, do nothing.
There is no encoding of the movcc set of instructions that accepts immediate values. You'll need to move that into edx beforehand:
| Code: | mov edx,512 // mov instructions don't modify rflags; this is fine
movbe [r8+rax],edx |
Or use an unconditional move if the condition doesn't matter to you:
Or use a jcc instead for more complicated conditional logic:
| Code: | ja notBelowOrEqual
// your code here
mov [r8+rax],512
notBelowOrEqual: |
|
Cheat engine seems to disagree on movbe? Screenshot says 'Move Data after swapping bytes'
Just to note, i'm doing a table for rpcs3, which is entirely in big endian.
| Description: |
|
| Filesize: |
5.82 KB |
| Viewed: |
1328 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sun Jan 31, 2021 12:41 pm Post subject: |
|
|
Shit, that was cmovcc, not movcc... nevermind.
The reason why it doesn't work is still the same: there is no movbe instruction that takes an immediate as an argument.
Make do with mov and reverse the byte order in the immediate yourself. sbryzl gave the answer.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
makotech222
Expert Cheater
![]() Reputation: 0
Joined: 12 May 2011
Posts: 199
|
| Posted: Sun Jan 31, 2021 12:49 pm Post subject: |
|
|
| ParkourPenguin wrote: | Shit, that was cmovcc, not movcc... nevermind.
The reason why it doesn't work is still the same: there is no movbe instruction that takes an immediate as an argument.
Make do with mov and reverse the byte order in the immediate yourself. sbryzl gave the answer. |
Yup, managed to do it that way. Thank you both a lot!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
