GFreak01
How do I cheat?
![]() Reputation: 0
Joined: 21 Apr 2025
Posts: 1
|
 Posted: Mon Apr 21, 2025 5:22 pm Post subject: Full Injection - Check FP6 |
 |
|
I'm trying to inject some code that will do something IF the FP6 is a given value.
I noticed that repeated calls to fstp seems to cycle the FPURegisters.
However, when stepping through during execution, the address I'm writing to is given "NaN", instead of the number I'm looking at on the stack.
At Enable, I'm allocating the following addresses
| Code: | alloc(tempfloat,$4)
alloc(trash,$4) |
| Code: | //store 6th float, and finish cycle to ensure state matches starting
fstp dword ptr [trash] // FP0
fstp dword ptr [trash] // FP1
fstp dword ptr [trash] // FP2
fstp dword ptr [trash] // FP3
fstp dword ptr [trash] // FP4
fstp dword ptr [trash] // FP5
fstp dword ptr [tempfloat] // FP6
//Do Something
//cycle again to return to starting state
fstp dword ptr [trash] // FP7 |
Can anyone help me out?
--------
edit1:
I'm thinking the issue might be due to this program being 32 bit.
When I display the FPURegisters as 4 bytes, each one is 00000000 XXXXXXXX. So maybe it's grabbing the wrong word from the stack.
-------
edit2:
Continuing the explore this. I happened across this post that explains it could be the FPU Environment having those set to "empty".
Forum post: p=5693220
I need to figure out how to adjust that.
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
