Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Offset too big - reassemble

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Csimbi
I post too much
Reputation: 98

Joined: 14 Jul 2007
Posts: 3344
PostPosted: Sat Jun 11, 2022 4:12 pm    Post subject: Offset too big - reassemble Reply with quote
Hi all,
have you ever got an 'offset too big' message for the reassemble instruction?

It's a mono game (with JIT code) and I can't seem to allocate memory near the original code, causing this issue in CE.
I am guessing the issue is that the instruction to be reassembled cannot be done automatically (required some register magic for jump).

Is there an alternative reassemble that can deal with very far jumps?
Are there any ways to work around it?

Thank you!

Code:
//Alt: movss xmm1,[20F57246CD0]           ; F3 0F10 0D 14120000
//db F3 0F 10 0D 14 12 00 00
//readmem(aobBenchProgressChecker,8)
reassemble(aobBenchProgressChecker)
Back to top
View user's profile Send private message
Bloodybone
Newbie cheater
Reputation: 0

Joined: 07 Dec 2016
Posts: 21
Location: Germany
PostPosted: Sat Jun 11, 2022 7:03 pm    Post subject: Reply with quote
I would probably do something like this:

Code:
push rax
push rcx
mov rax,aobBenchProgressChecker
add rax,8 // Make rax Point to next Instruction
movsxd rcx,dword ptr [rax-4] // Get Relative Offset
add rax,rcx // Calculate Absolute Address
movss xmm1,[rax]
pop rcx
pop rax
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4724
PostPosted: Sat Jun 11, 2022 8:15 pm    Post subject: Reply with quote
If I couldn't do it inline (no alloc), I'd use Lua, but that would push the burden of aobscans onto Lua as well. That might be better anyway if it only scans through non-writable executable memory.
Something like this:
Code:
[ENABLE]
{$lua}
if syntaxcheck then return [[
define(INJECT,0)
define(original_addr_float,0)]]
end

local addr_inject = assert(AOBScanUnique('F3 0F 10 0D ?? ?? ?? ?? ...', '+X-C-W'))

local displacement = readInteger(addr_inject + 4, true) -- signed displacement

local addr_float = addr_inject + 8 + displacement

return ([[
define(INJECT,%08X)
define(original_addr_float,%08X)]]):format(addr_inject, addr_float)

{$asm}

...

newmem:
  mov rax,original_addr_float
  mov xmm0,[rax]
...

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25858
Location: The netherlands
PostPosted: Sun Jun 12, 2022 2:44 am    Post subject: Reply with quote
put this in the initial memrec or in the lua section of the table, it'll add the reassemble2(address) AA command which should be able to deal with instructions like that

Code:

if ra2 then
  unregisterAutoAssemblerCommand(ra2)
  ra2=nil
end
ra2=registerAutoAssemblerCommand('reassemble2', function(params, syntaxcheck)
  local dis=createDisassembler()
  local d=dis.disassemble(params)
  d=dis.LastDisassembleData.opcode..' '..dis.LastDisassembleData.parameters
  --print("d="..d)
  local isripchanger=dis.LastDisassembleData.isCall or dis.LastDisassembleData.isJump
  dis.destroy()

  local address=d:match('%b[]')
  local addressnobrackets=address:sub(2,-2)
  if (address==nil) or (getAddressSafe(addressnobrackets)==nil) then
    return 'reassemble('..params..')'
  end

  if isripchanger then
    return nil,'*IP changers are not supported right now. Perhaps later'
--maybe:
--jmp:
--sub rsp,8
--push rax
--mov rax,[address]
--mov [rsp+8],rax //+8 as [rsp] contains the old rax
--pop rax
--ret

--call:
--sub rsp,10
--push rax
--mov rax,[address]
--mov [rsp+8],rax
--mov rax,aftercall
--mov [rsp+10],rax
--pop rax
--ret
--aftercall:


  else
    local newinstruction=d:gsub('%b[]','[rax]')
    local r=string.format([[push rax
mov rax,%s
%s
pop rax]],addressnobrackets,newinstruction)

   -- print(r)
    return r

  end
end)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Csimbi
I post too much
Reputation: 98

Joined: 14 Jul 2007
Posts: 3344
PostPosted: Sun Jun 12, 2022 6:09 am    Post subject: Reply with quote
@Bloodybone
Thanks, I prefer the automation.

@ParkourPenguin
Works well, but this has to be tailored to every new instruction as well.

@Dark Byte
Perfect, there's only one quirk.
It won't work with constructs where an offset is included.
E.g.
reassemble2(here+0x04)
Can this be improved?

Thank you all!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites