View previous topic :: View next topic |
Author |
Message |
LtO Advanced Cheater Reputation: 0
Joined: 09 Mar 2015 Posts: 71
|
Posted: Fri Mar 02, 2018 2:02 pm Post subject: short to byte/hex in as3? |
|
|
I would like to change a value in a game, it's in the code as pushshort 10000 (which represents 10 seconds), with bytecode 25 90 4e. I'd like to change it to a much higher value (and if it does fit the same space in memory or I guess it would crash my game)... How do I convert another short number to hex here?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Fri Mar 02, 2018 2:33 pm Post subject: |
|
|
Quote: | SWF 9 and later supports the use of integers encoded with a variable number of bytes. One type of encoded integer is supported.
EncodedU32 - Variable length encoded 32-bit unsigned integer
This is a 32-bit unsigned integer value encoded with a variable number of bytes to save space. All EncodedU32's are encoded as 1-5 bytes depending on the value (larger values need more space). The encoding method is if the hi bit in the current byte is set, then the next byte is also part of the value. Each bit in a byte contributes 7 bits to the value, with the hi bit telling us whether to use the next byte, or if this is the last byte for the value. | Adobe SWF File Format Specification version 19 chapter 1 section "Encoded integers"
Edit: the operand of the pushshort instruction only uses 30 significant bits, not 32. It's still encoded the same way.
25 is the opcode for pushshort. The next byte, 90, is 10010000 in binary. The highest bit is set, so the next byte also contributes to the value. The next byte, 4e (01001110 in binary), does not have its highest bit set, so it's the last byte that contributes to the value.
Take the remaining 7 bits from the operand bytes in little endian order, and that's the value.
Code: | hex: 90 4e // given
binary: 10010000 01001110 // hex -> bin
little endian: 0010000 1001110 // remove highest bit
binary value: 1001110 0010000 // reverse byte order (most significant on left)
decimal value: 10,000 // bin -> dec |
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Fri Mar 02, 2018 5:12 pm; edited 1 time in total |
|
Back to top |
|
|
LtO Advanced Cheater Reputation: 0
Joined: 09 Mar 2015 Posts: 71
|
Posted: Fri Mar 02, 2018 3:32 pm Post subject: |
|
|
ParkourPenguin wrote: | Quote: | SWF 9 and later supports the use of integers encoded with a variable number of bytes. One type of encoded integer is supported.
EncodedU32 - Variable length encoded 32-bit unsigned integer
This is a 32-bit unsigned integer value encoded with a variable number of bytes to save space. All EncodedU32's are encoded as 1-5 bytes depending on the value (larger values need more space). The encoding method is if the hi bit in the current byte is set, then the next byte is also part of the value. Each bit in a byte contributes 7 bits to the value, with the hi bit telling us whether to use the next byte, or if this is the last byte for the value. | Adobe SWF File Format Specification version 19 chapter 1 section "Encoded integers"
25 is the opcode for pushshort. The next byte, 90, is 10010000 in binary. The highest bit is set, so the next byte also contributes to the value. The next byte, 4e (01001110 in binary), does not have its highest bit set, so it's the last byte that contributes to the value.
Take the remaining 7 bits from the operand bytes in little endian order, and that's the value.
Code: | hex: 90 4e // given
binary: 10010000 01001110 // hex -> bin
little endian: 0010000 1001110 // remove highest bit
binary value: 1001110 0010000 // reverse byte order (most significant on left)
decimal value: 10,000 // bin -> dec |
|
Ok, so to what value could I set that maximal? x10 would already be nice but maybe that's not possible...
And I assume I could also make not a short but another kind of value of it?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Fri Mar 02, 2018 3:59 pm Post subject: |
|
|
LtO wrote: | Ok, so to what value could I set that maximal? |
Using only 2 bytes for the operand, it would be 2^14-1, or 16,383.
LtO wrote: | And I assume I could also make not a short but another kind of value of it? |
You'd need to use a different instruction. Search for "AVM2 instructions" to find a list.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
LtO Advanced Cheater Reputation: 0
Joined: 09 Mar 2015 Posts: 71
|
Posted: Fri Mar 02, 2018 4:14 pm Post subject: |
|
|
ParkourPenguin wrote: | LtO wrote: | Ok, so to what value could I set that maximal? |
Using only 2 bytes for the operand, it would be 2^14-1, or 16,383.
LtO wrote: | And I assume I could also make not a short but another kind of value of it? |
You'd need to use a different instruction. Search for "AVM2 instructions" to find a list. |
Ah ye, that's why it crashed probably, but I read a short can take at least up to 65000... But I guess the 2 characters limit it.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Fri Mar 02, 2018 4:30 pm Post subject: |
|
|
A short in the context of many languages (Java, C#, VB, many C/C++ implementations, et al.) is a 2 byte integer. An unsigned short can take on any value between 0 and 65535.
The pushshort instruction (contradictory to its name) does not push a 2 byte integer onto the stack: it pushes an EncodedU32 value. If you want to know what that value type is or how it works, read my first post.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
LtO Advanced Cheater Reputation: 0
Joined: 09 Mar 2015 Posts: 71
|
Posted: Fri Mar 02, 2018 4:54 pm Post subject: |
|
|
Thanks, why is this so complicated I tried now with an int 2d ff ff but that crashed my game too :/ shouldn't be a problem tho to just raise that time period...
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
|
Back to top |
|
|
LtO Advanced Cheater Reputation: 0
Joined: 09 Mar 2015 Posts: 71
|
Posted: Mon Mar 05, 2018 4:52 am Post subject: |
|
|
Thanks, I wonder if this is even possible (and within the same bytespace). I solved it now in another way, I realized there must be more ways to do this, with changing some true/false commands.I didn't even see the command to push long in that avm2. I'd have to change more code if I wasn't able to spawn that item cuz I logon with a webdebugger and just have to change the time it is running then, tho u have to watch out not to change other important values...
|
|
Back to top |
|
|
|