Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


***UNIQUE FEATURE SUGGESTION FOR CE DONT IGNORE, TRUST ME***
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Wed Dec 21, 2016 9:46 am    Post subject: ***UNIQUE FEATURE SUGGESTION FOR CE DONT IGNORE, TRUST ME*** Reply with quote

After dabbling in Auto Assembler for sometime, it occurs to me that some kind of predictive guessing algorithm might help casual users.
something that will make suggestions after analyzing your code and tell you straight away at least basic things like reminding about the register to register rules, and maybe more useful things like explaining in a simplified form what your AA will do in the game.

CE doesn't need to be kept Elitist does it?
Or do the Forum members like the Elitism of CE.

I don't mean that negatively, Elitism I suppose can have its advantages. Smile

Maybe Dark byte and the developers could implement something like that for CE, so that casual users/noobs who don't or haven't the time to spend every waking hour learning assembly. Can have the AA Predictive/contextual Guessing say things like:

Are you trying to do this, if so may I suggest, you try this opcode instead.
I mean just a friendly reminder that your cant do register to register, would be nice. There are people out there who dont even know the hotkeys for copy and paste( Ctrl+C, Ctrl+V Ctrl+X) what are they suppose to do?
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676

PostPosted: Wed Dec 21, 2016 10:14 am    Post subject: Reply with quote

You know you can learn all this in less than an hour. The instructions are so simple, they're pretty much basic Engliish.

Anyhow what you're asking for requires Artificial intelligence and i don't think we have advanced that much yet. If it was possible, we might as well have trainers go and make themselves

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4695

PostPosted: Wed Dec 21, 2016 10:58 am    Post subject: This post has 1 review(s) Reply with quote

So... static code analysis.

First of all, you're delusional. It is virtually impossible to write a magic program that knows what the user wants done and can tell the user how to do it, and all the more so that CE can guess what a code injection will do to the target in terms of high-level concepts (e.g. this gives infinite ammo). It might be useful to know that overwriting executable memory will not end in the middle of an instruction (as is the case with the single-line assembler), but even that could give false positives and won't be completely comprehensive. Meager optimizations like "This register was set but is never used" would identify even less errors and would be more of an annoyance than it's worth IMO.

Errors are already handled sufficiently. If an instruction can't be assembled, CE will tell the user so and will point out which instruction it was. Any attempt to guess what the user intended would commonly result in failure and confusion for the ignorant. Higher-level analysis using the order instructions appear in doesn't make sense for a low-level language like assembly. Write instructions down, and the processor will execute them in the order they appear in. It's up to the user to know what the instructions do.

If you want to know what an instruction does and/or why an instruction can't be assembled, use a manual (see Intel's Software Developer's Manuals). There are also many basic instruction set references online you can find by using a search engine.

You don't need to spend that much time to learn assembly. Having no previous knowledge of assembly, I learned the basics by spending a couple hours a day studying it for a week. After that, I could easily make sense of the manual and learn everything else there is to know on an as-needed basis.

Someone who doesn't know the shortcuts for cut/copy/paste shouldn't be using the AA in the first place. It shows a lack of basic computer science knowledge in that the shortcuts are so commonplace that searching for it would immediately give you the answer. Ignorance is not an excuse. If you don't know how to do something, learn. There are many people here willing to help correct mistakes. For example, register-to-register operations are allowed for many instructions. It's memory-to-memory operations that aren't allowed.
Code:
// allowed
mov eax,ecx
sub ebx,esi
addss xmm0,xmm1

// not allowed
mov [eax],[ecx]
sub [0051D3E8],[edi]
addss [eax],[ebx]

If you don't want to learn but still want something done, ask someone else to do it for you.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Wed Dec 21, 2016 2:15 pm    Post subject: Thankyou....but... Reply with quote

Quote:
So... static code analysis.

I Don't know what that is..

Quote:
First of all, you're delusional. It is virtually impossible to write a magic program that knows what the user wants done and can tell the user how to do it, and all the more so that CE can guess what a code injection will do to the target in terms of high-level concepts (e.g. this gives infinite ammo).

If you say so.
Delusional, I must point out, implies some prior knowledge. This is something i thought I was communicating to you by, and was evident, in the kinds of questions i am asking. If I don't know about x am I ask whether x is possible then that's not "delusional".

To Reiterate to all Really Techie (everyone) Forum members...
**Ahem....cough...clears throat**
I Have No Idea What I'm doing


Quote:
It might be useful to know that overwriting executable memory will not end in the middle of an instruction (as is the case with the single-line assembler), but even that could give false positives and won't be completely comprehensive. Meager optimizations like "This register was set but is never used" would identify even less errors and would be more of an annoyance than it's worth IMO.

I have NO idea what that means

Quote:
Errors are already handled sufficiently. If an instruction can't be assembled, CE will tell the user so and will point out which instruction it was. Any attempt to guess what the user intended would commonly result in failure and confusion for the ignorant. Higher-level analysis using the order instructions appear in doesn't make sense for a low-level language like assembly. Write instructions down, and the processor will execute them in the order they appear in. It's up to the user to know what the instructions do.

^^That's a very good Point, thankyou.

Quote:
Someone who doesn't know the shortcuts for cut/copy/paste shouldn't be using the AA in the first place. It shows a lack of basic computer science knowledge in that the shortcuts are so commonplace that searching for it would immediately give you the answer. Ignorance is not an excuse. If you don't know how to do something, learn. There are many people here willing to help correct mistakes. For example, register-to-register operations are allowed for many instructions. It's memory-to-memory operations that aren't allowed.


I was using an extreme example to prove a point by analogy.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4695

PostPosted: Wed Dec 21, 2016 2:55 pm    Post subject: Reply with quote

Static code analysis refers to an examination of some code without executing it. This is what you were asking for in your request. It seemed like you didn't know the right term in the first post.

Quote:
www.dictionary.com/browse/delusional
delusional
(adjective)
1 - having false or unrealistic beliefs or opinions

"Delusional" does not have to imply prior knowledge.


The part of my post you didn't understand was just two features that could potentially be useful but actually aren't. Users who know what they're doing have little need for them, and those that don't know what they're doing evidently won't know how to use that information.

I don't know what point you were trying to prove by asking what people who don't know the hotkeys for cut/copy/paste are suppose to do. If you don't know something, learn. You can find pretty much everything by searching for it nowadays. If you can't be bothered to learn, then either give up or get someone else to do it for you.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Wed Dec 21, 2016 5:57 pm    Post subject: Okay then. :) Reply with quote

Fair enough ParkourPenguin. Smile
I suppose that's true. Thankyou for your replies. Smile
I appreciate the help a lot.

I just bloody realised I was using the wrong value in my script as ONE possible reason why it didn't work...see:

[esi+10] Is 2 NOT flipping 10 like i thought, i forget to note it down after I dissected it from the base [ESI].
I only realised later. Grrrrr i'm annoyed with myself for not doing that.
Rolling Eyes

The values are floats in Mysteries Of the Sith, unlike the values i was working with for my Return to Castle Wolfenstein Script.
Which worked like Dream!!. Very Happy

Do floats work differently from non-floats?

Code:
[ENABLE]

aobscanmodule(aobHealth,JKM.EXE,D8 64 24 1C 3B 35 A8 40 8D 00)
alloc(newmem,$2000)
label(onehitkill)
label(hurtsme)
label(playerCheck)
label(return)

newmem:

playerCheck:
  push eax
  mov eax,[esi+10]  (2!!)
  cmp eax,10     (2!!)

  pop eax
  jne onehitkill
  jmp hurtsme

onehitkill:
  mov [esi+0000013C],0
  jmp return

hurtsme:
  fstp dword ptr [esi+0000013C]
  jmp return

aobHealth:
  jmp playerCheck
  nop
return:
registersymbol(onehitkill)

[DISABLE]

aobHealth:
  db D8 64 24 1C 3B 35 A8 40 8D 00

unregistersymbol(aobHealth)
dealloc(newmem)


Basically I still don't know if the above will work on mysteries of the sith. Question
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4695

PostPosted: Wed Dec 21, 2016 6:42 pm    Post subject: Reply with quote

I'm not sure what you mean with 10 and 2: are you talking about the instruction mov eax[esi+10], or cmp eax,10? Is the value at [esi+10] a float, or were you only talking about [esi+13C]?

Yes, floats work differently from integers. However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float):
Code:
mov [ebx],10         // 10 is a 4-byte integer
mov [ebx],(float)10  // 10 is a float
In your case, this is unnecessary since 0 as an integer also translates to 0 as a float.

The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code:
onehitkill:
  fstp st(0)
  mov [esi+0000013C],0
  jmp return

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Wed Dec 21, 2016 7:02 pm    Post subject: Reply with quote

nope. this feature is like intellisense for ASM, not something a single person can code in, and even if it were it would make better sense to patent it or something and sell it to other companies than put it into some open source software. Confused
Back to top
View user's profile Send private message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Thu Dec 22, 2016 5:10 am    Post subject: Cheers all. :-) Reply with quote

predprey wrote:
nope. this feature is like intellisense for ASM, not something a single person can code in, and even if it were it would make better sense to patent it or something and sell it to other companies than put it into some open source software. Confused


That makes sense Smile....

I just figured out SOMETHING ELSE... damn there is so much to learn, AND remember. Smile Wink

If I make an aobscan for a symbol to register on my table and then use that symbol in my data dissect window(something i didn't know), then i can use plus AND(together) minus to find [ESI] in this particular context.

HEALTH+15-13C = [ESI]

^I had to use this jumbled formula because aobscan was having trouble finding any question-marked value that consistently stayed the same with out problems that gave me a pointer i could use.(through registersymbol)
aobscans are still the only reliable way i am able to make pointers.
It seems i find aobscans are more noob friendly.
Can I use as many plus and minuses as i want in data dissect then??

Quote:
However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float):


I did not know that.
Why are they called single precision floating values?



Quote:

Code:
mov [ebx],10 // 10 is a 4-byte integer
mov [ebx],(float)10 // 10 is a float
In your case, this is unnecessary since 0 as an integer also translates to 0 as a float.


So are you saying because 10 has 0 in it, it is unnecessary?
Surprised Smile

Quote:
The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code:
onehitkill:
fstp st(0)
mov [esi+0000013C],0
jmp return


I didn't know that either..

Surprised Smile
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4695

PostPosted: Thu Dec 22, 2016 9:51 am    Post subject: Reply with quote

magellenproject wrote:
Can I use as many plus and minuses as i want in data dissect then??

If you want to, I suppose so. An alternative would be to simplify that expression. 15-13C = -127. Math still works even if you use numbers in a different base.

magellenproject wrote:
Why are they called single precision floating values?

IEEE 754, a standard for floating point arithmetic, defines several binary floating-point formats. The two most commonly used ones are binary32 (aka single-precision floating point, single, or float) and binary64 (aka double-precision floating point or double). As their names imply, a double takes up twice as much memory as a float but offers more precision.
To answer your question exactly, the IEEE are responsible for the nomenclature of their standards. Setting the baseline at a 32-bit format made sense because it was a decent balance between its efficacy (i.e. precision & range) and overhead (i.e. CPU utilization & memory usage).

magellenproject wrote:
So are you saying because 10 has 0 in it, it is unnecessary?

No. The code above that was just an example when the explicit distinction of (float) would make a difference.
In your case (i.e. mov [esi+0000013C],0), putting (float) before 0 won't make a difference.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Fri Dec 23, 2016 9:41 am    Post subject: This is all good to know. :) Reply with quote

ParkourPenguin wrote:
I'm not sure what you mean with 10 and 2: are you talking about the instruction mov eax[esi+10], or cmp eax,10? Is the value at [esi+10] a float, or were you only talking about [esi+13C]?

I think it might be a byte. I think it might be, i could be wrong i will have to recheck.

I dissected a couple of times and forgot to decide what i should write down and what i should not write down. And then write it down.

I meant this in relation to the script i was trying to write for mysteries of the sith, a one hit kill. I started another thread about it. But as you asked i am mentioning it here. :/ Something allong the lines of:
aobscan(&&&&, && && && && &&)
label(&&&&&)
label(&&&&&)
label(&&&&&)
push eax
mov eax,2
cmp eax,[ESI+10]
jne killimperialtroops

killimperialtroops:

mov [esi+0000013C], 0 // I now know i don't have declare this as a float Thankyou Parkourpenguin. Smile Learning is repetition though. Wink


Yes, floats work differently from integers. However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float):
Code:
mov [ebx],10         // 10 is a 4-byte integer
mov [ebx],(float)10  // 10 is a float
In your case, this is unnecessary since 0 as an integer also translates to 0 as a float.

The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code:
onehitkill:
  fstp st(0)
  mov [esi+0000013C],0
  jmp return


If a floating point number does not take up a dword, then i can move them as immediate perfectly fine. Or do you mean by implication that floating point numbers always take up a dword?

Is the FPU stack different from the regular stack?

My Goodness me. Doubles came up in my search results when i did a memory scan, that makes my head hurt. If you saying DOUBLES are 64bit(My OS is 32?) then why in blue yonder would i be getting DOUBLES.
Mysteries of the Sith is a game from the stone age, its probably 16bit, why would i be getting DOUBLES on a Twenty year old game. Confused Confused Confused Why do computers always like to screw with my head.. LOL.
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Dec 23, 2016 11:09 am    Post subject: Reply with quote

Quote:
My Goodness me

You ain't seen nothing yet.


Few of floating type types:
- single, aka float, aka single-precision floating-point, is 32 bit floating point values,
- double, aka double-precision floating-point, is 64 bit floating point values,
- extended, aka double extended, aka long double, is 80 bit floating point values,


All of them were avaible before 64bit CPU (and 64bit OS) appeared.

_________________
Back to top
View user's profile Send private message MSN Messenger
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4695

PostPosted: Fri Dec 23, 2016 11:15 am    Post subject: Reply with quote

magellenproject wrote:
I think it might be a byte. I think it might be, i could be wrong i will have to recheck.

I'm assuming "it" refers to the value at [eax+10]. +2 seems like a strange offset to have, so I'll also assume you mean the immediate 10 should have been 2. If so, this is what you should be doing:
Code:
...
playerCheck:
  cmp byte ptr[esi+10],2
  je hurtsme
onehitkill:
  ...


magellenproject wrote:
If a floating point number does not take up a dword, then i can move them as immediate perfectly fine. Or do you mean by implication that floating point numbers always take up a dword?

There are 5 data types that are fundamental to x86 / x86-64 architectures. The only difference between them is how much memory they take up:
  • Byte - 1 byte
  • Word - 2 bytes
  • DWord - 4 bytes
  • QWord - 8 bytes
  • DQWord - 16 bytes

The instructions used to modify these values determine the semantic value type of the value. They can be treated as generic data (mov), integers (add/sub), unsigned integers (mul,div), signed integers (imul, idiv), single-precision floating point values (addss), double-precision floating point values (addsd), and other less frequently used value types (e.g. bitfield, bcd, etc.).

When I said a float "takes up a dword," I meant a float has the same size as a dword: 4 bytes. A double, on the other hand, takes up twice as much memory as a float: 8 bytes, or a qword. When running 32-bit applications, it is easy to move anything that takes up a dword because it can fit into one of the general-purpose registers:
Code:
// say [ebx] contains a float
mov eax,[ebx]  // moves the 4 bytes at the address ebx into eax
mov [edx],eax  // moves the 4 bytes in eax into the value at the address edx

However, to move a double in a 32-bit application, it would require twice as many memory accesses:
Code:
// now, say [ebx] contains a double
mov eax,[ebx]    // move the first 4 bytes
mov [edx],eax
mov eax,[ebx+4]  // move the last 4 bytes
mov [edx+4],eax

This also applies to immediates.
Code:
mov [ebx],(float)7.7    // perfectly fine
mov [ebx],(double)7.7  // error: will only move the first 4 bytes

// to move a double, you must explicitly move the data 4 bytes at a time
mov [ebx],CCCCCCCD
mov [ebx+4],401ECCCC

In a 64-bit application, this isn't necessary since there are 8-byte registers available for use (e.g. rax) and it is possible to encode 8-byte immediate values for some instructions (e.g. mov r64,imm64).

magellenproject wrote:
Is the FPU stack different from the regular stack?

Yes. "The stack" is more or less the area in memory ESP points to. "The FPU stack" is really just a collection of 8 registers whose interface is that of a stack. In the FPU stack, st(0) represents the register at the top of the stack, st(1) represents the next register, and so on.

Regardless, the original code you overwrote in your code injection was fstp dword ptr [esi+0000013C]. The operation fstp basically means "Take the value at the top of the FPU stack, store it at this address, and remove it from the stack." Storing the value at the address isn't particularly important to the game, but popping the value from the FPU stack is. The game assumes that the value has been popped from the FPU stack. If that assumption is false, and the game tries to access the FPU stack as if a value was popped from it, the game may crash eventually. Thus, it is important to remove the value at the top of the FPU stack with fstp st(0) if you don't want to execute the original code.

magellenproject wrote:
My Goodness me. Doubles came up in my search results when i did a memory scan, that makes my head hurt. If you saying DOUBLES are 64bit(My OS is 32?) then why in blue yonder would i be getting DOUBLES.
Mysteries of the Sith is a game from the stone age, its probably 16bit, why would i be getting DOUBLES on a Twenty year old game.

x87, a floating point-related instruction set extension, has always been able to work on floats and doubles even on 16-bit operating systems (e.g. the 8087 coprocessor). The fact that your OS is 32-bit has no correlation with its ability to work with doubles, nor should it be exceptionally surprising an old game uses doubles for something.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
magellenproject
Advanced Cheater
Reputation: 0

Joined: 23 Nov 2011
Posts: 59

PostPosted: Fri Dec 23, 2016 7:04 pm    Post subject: I have bothered to try to learn! Reply with quote

Quote:
I don't know what point you were trying to prove by asking what people who don't know the hotkeys for cut/copy/paste are suppose to do. If you don't know something, learn. You can find pretty much everything by searching for it nowadays. If you can't be bothered to learn, then either give up or get someone else to do it for you.


I have read a lot of educational based reading on assembly language opcodes etc. I have not really written any programs in Assembler though. Or made any attempt to try and write any programs.
I'm assuming there are some people here who have written programs in assembly? Smile Question Question Smile

I have done the following:

[list=] Registered with this site http://www.tutorialspoint.com/

https://www.tutorialspoint.com/compile_assembly_online.php
(I did the first example, I can't remember if i did the 2nd)

DL and read the Tutorial PDF https://www.tutorialspoint.com//assembly_programming/index.htm
(I read it every now and then, when I cant sleep, or I'm bored, or I need something to sedate me..lol)

Skim read the first 40-90 pages of This: http://amzn.to/2ibemMg Allen Wyatt QUE ( I OWN IT)

Found an old epub scan of a 30 year old book somewhere..cant remember where I got it from.

[/list] ARG why doesn't LIST work?!

The point is, I have persevered when it comes to this stuff. Smile
Obviously there is a big difference between me just persevering and me learning properly from actually writing programs.
I've only done the former.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Dec 23, 2016 7:56 pm    Post subject: Reply with quote

  • They Work
  • Just Fine
  1. For Me
  2. Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites