 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Autem
Expert Cheater
![]() Reputation: 1
Joined: 30 Jan 2023
Posts: 149
|
 Posted: Mon Nov 20, 2023 11:12 am Post subject: How do I cmp this large value from scanning commonalities? |
 |
|
When I see what addresses an instruction writes to, and I assign them into groups to scan for commonalities, I am having trouble dealing with this type of situation...
R12 - "group 2" has a common value 0x7FF7849EAEC8
What I need to do is find out if R12 is high up in that 7FF range so I made some attempts but nothing is working. Started with very basic cmp R12 to the value but that wouldn't be accepted by CE. Then I started trying to get more creative with it in case it's something like this:
| Code: | newmem:
push rax
mov rax,0x700000000000 //I have rewritten this value every way I can think of and it always gets a cannot be assembled error
cmp r12,rax
pop rax
jea code
mov [r12],r8d |
One of my other many attempts:
| Code: | allbs:
dq 700000000000
newmem:
cmp r12,[allbs]
jea code //also tried jg
mov [r12],r8d |
I've also tried passing the large value into xmm0 but that wouldn't even let me save the changes in the AA script. How do I cmp this value? I've used these kinds of compares on values I find in commonality searches for years now and never had an issue until today. I feel like I must be missing something obvious but I'm lost. [/code]
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Mon Nov 20, 2023 12:50 pm Post subject: |
|
|
`cmp` can't take a 64-bit immediate directly. At best it can sign-extend a 32-bit immediate. Typically you do this through a register as you're doing.
`mov rax,0x700000000000`assembles fine for me. The `0x` is unnecessary, but it doesn't cause it to fail. Whatever error you have is somewhere else- i.e. `jea` instead of `jae`
clang / LLVM has an interesting way of doing this:
| Code: | push rax
mov rax,r12
shr rax,2C
cmp eax,7
pop rax
jae ... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Autem
Expert Cheater
![]() Reputation: 1
Joined: 30 Jan 2023
Posts: 149
|
| Posted: Mon Nov 20, 2023 1:05 pm Post subject: |
|
|
| ParkourPenguin wrote: | Typically you do this through a register as you're doing.
`mov rax,0x700000000000`assembles fine for me. The `0x` is unnecessary, but it doesn't cause it to fail. Whatever error you have is somewhere else- i.e. `jea` instead of `jae` |
I fixed the jae but this method causes a crash... Any idea what I need to fix?
| Code: | [ENABLE]
aobscanmodule(INacfdgg,WWE2K22_x64.exe,45 89 04 24 48 31 DF) // should be unique
alloc(newmem,$1000,INacfdgg)
label(code)
label(return)
newmem:
push rax
mov rax,700000000000
cmp r12,rax
pop rax
jae code
mov [r12],r8d
code:
xor rdi,rbx
jmp return
INacfdgg:
jmp newmem
nop 2
return:
registersymbol(INacfdgg)
[DISABLE]
INacfdgg:
db 45 89 04 24 48 31 DF
unregistersymbol(INacfdgg)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K22_x64.exe+5645D39
WWE2K22_x64.exe+5645D01: 4D 0F B7 E4 - movzx r12,r12w
WWE2K22_x64.exe+5645D05: 49 C7 C1 00 04 00 00 - mov r9,00000400
WWE2K22_x64.exe+5645D0C: 4D 09 CA - or r10,r9
WWE2K22_x64.exe+5645D0F: 49 81 C5 78 00 00 00 - add r13,00000078
WWE2K22_x64.exe+5645D16: 49 01 EC - add r12,rbp
WWE2K22_x64.exe+5645D19: 49 C7 C7 00 00 00 00 - mov r15,00000000
WWE2K22_x64.exe+5645D20: 48 81 F6 40 00 00 00 - xor rsi,00000040
WWE2K22_x64.exe+5645D27: 48 81 E6 78 00 00 00 - and rsi,00000078
WWE2K22_x64.exe+5645D2E: 4D 8B 24 24 - mov r12,[r12]
WWE2K22_x64.exe+5645D32: 49 81 E6 FF FF FF 7F - and r14,7FFFFFFF
// ---------- INJECTING HERE ----------
WWE2K22_x64.exe+5645D39: 45 89 04 24 - mov [r12],r8d
// ---------- DONE INJECTING ----------
WWE2K22_x64.exe+5645D3D: 48 31 DF - xor rdi,rbx
WWE2K22_x64.exe+5645D40: 4C 01 F7 - add rdi,r14
WWE2K22_x64.exe+5645D43: 49 81 EC 01 00 00 00 - sub r12,00000001
WWE2K22_x64.exe+5645D4A: 49 C7 C0 00 00 00 00 - mov r8,00000000
WWE2K22_x64.exe+5645D51: 4D 89 C2 - mov r10,r8
WWE2K22_x64.exe+5645D54: 48 C7 C1 12 00 00 00 - mov rcx,00000012
WWE2K22_x64.exe+5645D5B: 49 81 EE 80 00 00 00 - sub r14,00000080
WWE2K22_x64.exe+5645D62: 49 01 DE - add r14,rbx
WWE2K22_x64.exe+5645D65: 49 81 F6 FF FF 00 00 - xor r14,0000FFFF
WWE2K22_x64.exe+5645D6C: 49 81 CE 04 00 00 00 - or r14,00000004
} |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Mon Nov 20, 2023 1:17 pm Post subject: |
|
|
I don't see anything wrong with the script itself. Maybe the logic is inverted? e.g. `jb` instead of `jae`
Perhaps not executing `mov [r12],r8d` has side effects that causes crashes elsewhere.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Autem
Expert Cheater
![]() Reputation: 1
Joined: 30 Jan 2023
Posts: 149
|
| Posted: Mon Nov 20, 2023 1:22 pm Post subject: |
|
|
| I got it worked out! Yeah the mov being skipped was causing an issue because I had forgotten about adjusting a different value elsewhere to prepare for it. This is great! Thanks a million!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
