| View previous topic :: View next topic |
| Author |
Message |
icp
Newbie cheater
 Reputation: 0
Joined: 09 Dec 2021
Posts: 24
|
 Posted: Sat Apr 13, 2024 4:46 pm Post subject: I do not understand how to use relative addressing in table |
 |
|
There is such a code.
I find it and can change the instructions. Add't 10 but 1 or nothing. But I want to add this value to the table for editing. The problem is that to the x64 value of the address you need to add a negative dword from memory. Preferably simply announcing the symbol in the right place. But I can’t do it in any way. Without complications.
Now my code is like that
| Code: | [ENABLE]
{$lua}
local res = assert(AOBScan('83 05 * * * * 0a 8b 0d','+X+W-C'), 'no results found')
local address = res[0]
res.destroy()
return string.format('define(STAMMS,%s)', address)
{$asm}
label(pointerBase)
registersymbol(pointerBase)
STAMMS+2:
pointerBase:
[DISABLE]
unregistersymbol(pointerBase) |
The symbol is created on the dword displacement. But I don’t understand how to apply it to the table.
| Description: |
|
| Filesize: |
13.01 KB |
| Viewed: |
645 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25304
Location: The netherlands
|
| Posted: Sat Apr 13, 2024 5:05 pm Post subject: |
|
|
the instruction is at 7ffa535b4fd3
it's 7 bytes long, so the reference start is at 7ffa535b4fd3+7=7ffa535b4fda
the offset is fee75e0a, since the most significant bit is set the value needs to be extended. fee75e0awill become fffffffffee75e0a (it's a negative value, but you can just add it to the values for calculations and ignore overflow)
so, the reference + offset=7ffa535b4fda+fffffffffee75e0a =7FFA5242ADE4
you can use the lua command signExtend(0xfee75e0a,31) to help you with the extending of the value (31 designates that bit 31 is the most significant bit in the value so it won't extend when not needed)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
icp
Newbie cheater
Reputation: 0
Joined: 09 Dec 2021
Posts: 24
|
| Posted: Sat Apr 13, 2024 6:55 pm Post subject: ... |
|
|
The principle of compiling the transition is understandable to me. I just can’t understand how to create the desired design with minimal corrections. Neither in terms of Lua nor in part of the assembler. This should be done quite simply, without the introduction of additional functions and mathematics. But I can’t convey to the ASM to be already compiled there.
I will supplement. I decided the situation in this way. But I don't really like this solution. It should somehow be easier to gather at the stage of asm. From one digit transmitted from Lua. But I can’t do anything there.
| Code: | [ENABLE]
{$lua}
local res = assert(AOBScan('83 05 * * * * 0a 8b 0d','+X+W-C'), 'no results found')
local address = res[0]
res.destroy()
local hexString = string.format("%x+%x",getAddress(address)+7,signExtend(readInteger(getAddress(address)+2),31));
return string.format('define(STAMMS_1,%s) \n define(STAMMS_2,%s)', address, hexString)
{$asm}
label(pointerBase)
label(pointerValue)
registersymbol(pointerBase)
registersymbol(pointerValue)
STAMMS_1:
pointerBase:
STAMMS_2:
pointerValue:
[DISABLE]
unregistersymbol(pointerBase)
unregistersymbol(pointerValue) |
And thanks for the hint "signExtend(0xfee75e0a, 31)". Without it, the decision would be even worse.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4311
|
| Posted: Sun Apr 14, 2024 11:37 am Post subject: |
 |
|
readInteger can take a second parameter. If true, it reads the value as a signed 4-byte integer (i.e. sign-extends it automatically).
How I'd do it:
| Code: | {$lua}
if syntaxcheck then return [[
define(STAMMS_1,0)
define(STAMMS_2,0)
]] end
local codeAddr = assert(AOBScanUnique('83 05 * * * * 0a 8b 0d','+X+W-C'), 'AOB pattern not found')
local ptrAddr = codeAddr + 7 + readInteger(codeAddr + 2, true)
return ([[
define(STAMMS_1,%X)
define(STAMMS_2,%X)
]]):format(codeAddr, ptrAddr)
{$asm}
... |
Alternatively:
| Code: | ...
local instruction = getDefaultDisassembler().disassemble(codeAddr)
local ptrAddr = getAddress(instruction:match'%[([^%]]+)%]')
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
icp
Newbie cheater
Reputation: 0
Joined: 09 Dec 2021
Posts: 24
|
| Posted: Sun Apr 14, 2024 12:38 pm Post subject: ... |
|
|
I thought that by transferring the address of the instructions I could collect the desired transition in the part of the ASM.
Your code is much better. It is much better read. The only negative is the search for a unique value. Any repeated signature will give an error. And with such a short search line, this option cannot be excluded.
Although it turned out almost the same. All the same, I am grateful for the hint how it could be done in other ways at the Lua level.
|
|
| Back to top |
|
|
Csimbi
I post too much
 Reputation: 94
Joined: 14 Jul 2007
Posts: 3110
|
| Posted: Mon Apr 15, 2024 4:02 am Post subject: |
|
|
| ParkourPenguin wrote: |
Alternatively:
| Code: | ...
local instruction = getDefaultDisassembler().disassemble(codeAddr)
local ptrAddr = getAddress(instruction:match'%[([^%]]+)%]')
... |
|
Sweet!
What would be the equivalent of this in assembly? (to get ptrAddr without LUA)
x86/x64 compatible constructs like these would be nice in the next CE release  :
| Code: | aobscan(instrAddr,83 05 * * * * 0a 8b 0d)
alloc(newmem,4096)
label(ptrAddrRel)
label(ptrAddrAbs)
registersymbol(ptrAddrRel)
registersymbol(ptrAddrAbs)
newmem:
ptrAddrRel:
dq getinstroffsetrelative(instrAddr) // Same as it is in the instruction.
ptrAddrAbs:
dq getinstroffsetabsolute(instrAddr) // Converted to absolute offset (address).
|
|
|
| Back to top |
|
|
icp
Newbie cheater
Reputation: 0
Joined: 09 Dec 2021
Posts: 24
|
| Posted: Mon Apr 15, 2024 6:33 am Post subject: ... |
|
|
All clear. If at the moment there are no simple options, then at this time I will use the proposed solution from Lua.
Thanks everyone for your help.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4311
|
| Posted: Mon Apr 15, 2024 11:14 am Post subject: |
|
|
| Csimbi wrote: | | What would be the equivalent of this in assembly? (to get ptrAddr without LUA) |
The closest thing to that disassemble alternative is the AA command `reassemble`, which disassembles the instruction at the specified address and reassembles it in place. This reassembles the entire instruction: you don't get just the address.
You could abuse the symbol handler a bit and let it do the math:
| Code: | aobscan(foo,83 05 * * * * 0a) // add dword ptr[address],0A
label(bar)
foo+7+(LONG)[foo+2]:
bar:
// `bar` is now the address being accessed |
The AA's syntax check will complain the address specifier isn't valid (probably because foo = 0), but it works when executed regardless. A small bug in CE.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
icp
Newbie cheater
Reputation: 0
Joined: 09 Dec 2021
Posts: 24
|
| Posted: Mon Apr 15, 2024 11:43 am Post subject: ... |
|
|
Crap!! This is exactly what I was looking for. That's what I've been trying to do for a long time. What stopped me was the presence of an error when saving. I never tried to save in any way and try to execute. I thought that if there was an error, it wouldn’t work.
This is how it should have been done from the very beginning. And no pain.
| Code: | STAMMS:
pointerBase:
STAMMS+7+(LONG)[STAMMS+2]:
pointerValue: |
I wrote from the very beginning that it should be somehow simple. Why should I bother with unnecessary lua variables if everything is so easy?
Why didn't anyone tell me that I should try to ignore the error? Just create the desired sequence and force save. It works!
Thanks a lot! Of course, the table already worked, but I felt that these complications were unnecessary.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
