| View previous topic :: View next topic |
| Author |
Message |
NanoByte
Expert Cheater
![]() Reputation: 1
Joined: 13 Sep 2013
Posts: 222
|
 Posted: Sun Aug 31, 2014 1:39 pm Post subject: double value = fstp dword ptr..... |
 |
|
trying to make a script that mov the double value that im targeting to 100 or more, what access it is the fstp qword ptr [esi+08].
so fare all my attempts have failed, any tips would be appreciated
004D98CC - C7 46 04 00000000 - mov [esi+04],00000000
004D98D3 - 0F57 C0 - xorps xmm0,xmm0
004D98D6 - F2 0F11 46 08 - movsd [esi+08],xmm0
004D98DB - 5E - pop esi
004D98DC - 5D - pop ebp
004D98DD - C3 - ret
somereadAOB- DD 45 08 - fld qword ptr [ebp+08]
004D98E1 - C7 46 04 00000000 - mov [esi+04],00000000
004D98E8 - DD 5E 08 - fstp qword ptr [esi+08] // access this code
004D98EB - 5E - pop esi
004D98EC - 5D - pop ebp
004D98ED - C3 - ret |
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Sun Aug 31, 2014 5:00 pm Post subject: |
|
|
You have to use qword, not dword. The code that you have found is also using qword.
Here is an example script made with the CE tutorial:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
alloc(double,4)
double:
dd (int)200
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
fstp qword ptr [ebx+00000498]
fild qword ptr [double]
fstp qword ptr [ebx+00000498]
exit:
jmp returnhere
"Tutorial-i386.exe"+25FCB:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-i386.exe"+25FCB:
fstp qword ptr [ebx+00000498]
//Alt: db DD 9B 98 04 00 00 |
You can also use 2 mov commands to move 2x4 bytes, to the address.
Double 100 = 40590000 00000000
But normally you will not see this in a program.
_________________
|
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Sun Aug 31, 2014 6:00 pm Post subject: |
|
|
Since the first 4 bytes are always(?) 00000000 you only have to move 1x4 bytes to write a double value.
However if using CE's AA only you can stick to Geri's solution as it's more readable. |
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Sun Aug 31, 2014 6:13 pm Post subject: |
|
|
It's not always 0. For 100, yes. But check some other possibilities too.
Eg
1 = 3ff0000000000000
but
1.1 = 3ff199999999999a
It's not enough to replace 4 bytes only, unless he knows for sure that the rest will be really just 0.
_________________
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Aug 31, 2014 6:34 pm Post subject: |
|
|
There are many ways to achieve this, more or less complicated
| Code: | originalcode:
fstp ST(0) // pop from FPU stack
push (float)105.4 // push on CPU stack this floating-point single-precision value
fld dword ptr [esp] // load floating-point single-precision value
add esp,4 // restore previous CPU stack pointer
fstp qword ptr [ebx+00000498] // store as floating-point double-precision value
exit: |
_________________
|
|
| Back to top |
|
|
NanoByte
Expert Cheater
![]() Reputation: 1
Joined: 13 Sep 2013
Posts: 222
|
| Posted: Mon Sep 01, 2014 4:36 pm Post subject: |
|
|
Thx alot guys  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
