Cheat Engine

[Classicus]

I tried searching for something related but couldn't necessarily find the info I'm looking for. I'm trying to compare xmm0 to a float value of 1.1, but I'm still inexperienced with float values and how to write assembly for them. Any help is appreciated!

Here is the original code:

[panraven]

xmm register seems only work with xmm register or a memory address,
(float)1.1 is an immediate value, will not work as well as integer register.

May try ucomiss/comiss http://x86.renejeschke.de/html/file_module_x86_id_44.html

It seems jle or jge will always fail after these 2 command, should only use jl or jg. To simulate jle or jge combine with the corresponding test jmp individually, eg

[ParkourPenguin]

OP:
You can use cmpss to do this, but there's a bit more to this instruction than the simpler instruction cmp.

cmpss needs a destination XMM, a source XMM/m32, and an imm8 that tells it what type of comparison to perform. It stores the result (True = 0xFFFFFFFF, False = 0x00000000) into the lowest dword of the destination operand.
More info on CMPSS

[Classicus]

Thanks for the links, good to read!

panraven:
Thanks for the info. I tried this code but it froze the game.

ParkourPenguin:
In this case, I do not want to use the newcode if xmm0 equals (float)1.1, so using jl is what I'd need. I tried both codes you posted. The first one crashed the game, I think because xmm1 is being used above the code. The second script didn't work. Maybe this is because of the surrounding code? Pasted surrounding code below:

[ParkourPenguin]

My bad. You're suppose to use (edit)JB/JBE/JA/JAE for comparing values using comiss. See the Jcc reference for more info on what flags all the conditional jumps check.

I'd recommend replacing the jl code with jbe code since it avoids a useless move (if xmm0 == [number], moving [number] into xmm0 is useless).

But yes, you should save the flags and restore them later. Generally, it would be better to use PUSHFQ / POPFQ (edit: pushf/pushfd/pushfq are the same bytecode, just different mnemonics for different bit modes); however, in this case, it's perfectly fine to do the comparison again since you don't modify any flags it doesn't modify.

[Zanzer]

Your injection is jumping to "code" instead of "newmem" like you want.

[Classicus]

Wow, thanks Zanzer! What an oversight on my part, lol.

Combined that with using jb and it's working now. Awesome, thanks for your help everyone! And thanks for the info too.

I know about pushad/popad when dealing with other instructions. Is pushfq/popfq for dealing with floats like xmm0 or fstp dword ptr?

Also, for pushad/popad, I know when dealing with x64 applications, those don't work and you have to push/pop everything individually to achieve the same result. Might this also be the case with pushfq/popfq?

[ParkourPenguin]

Zanzer - derp. Can't believe I missed that

Classicus - pushfq/popfq are for pushing and popping the eflags register- it's the thing that controls what the jumps do (e.g. je checks the zero flag, jb checks the carry flag).

[Classicus]

ParkourPenguin - Ok I think I understand. So pushfq/popfq would be especially useful in situations like my script here if I didn't add comiss xmm1,xmm7 at the end? I always wondered if there was a better way to deal with a code I want to modify when it's between a compare and a jump (and I'm adding a new compare).

[mgr.inz.Player]

[Classicus]

mgr.inz.Player - Thanks for the reply. I figured it was a typo and he meant JA/JAE instead of JG/JGE. Looks like he corrected it in his post too. Thanks for the links as well, good to save and read.