[SOLVED] AutoAssemble and float values

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
3oddbits
Noobzor
Noobzor
Posts: 10
Joined: Thu Jul 06, 2017 6:32 pm
Reputation: 0

[SOLVED] AutoAssemble and float values

Post by 3oddbits » Sat Jul 22, 2017 6:50 pm

I am trying to use a AoB Code Injection to lock-in a constantly overwritten static address / constant ( float type ) value.
Tried using the FPU commands but couldn't figure out how to get a float ( example : 0.67 ) generated in the FPU.

Question #1 :
I my searches, I stumbled across this in the CE Forums :

Code: Select all

mov [eax],(int)500000
Is there a float version of this command, and is that value NOT in Hex? ( It still works in AutoAssemble )

Question #2 :

Code: Select all

game.exe+5D987C - 00 00                 - add [eax],al
The values contained in the registers before the 'add' command executed, how do I determine what they are?

Question #3 :
'eax' is a 32bit register, 'al' is an 8bit register. How does the 'Qword/Dword/Word/Byte' designation effect the numbers contained and their manipulation? ( I do not understand what is going on in these code snippet(s). )

Code: Select all

game.exe+5D984C - 00 80 BB439A99        - add [eax-6665BC45],al
game.exe+5D9852 - 99                    - cdq			// cdq == Convert Word to Doubleword / Convert Doubleword to Quadword
game.exe+5D9853 - 3E 1A 00              - sbb al,byte ptr [eax]	// sbb == Integer Subtraction with Borrow
----
game.exe+5D986D - 00 80 3E9A9919        - add [eax+19999A3E],al
game.exe+5D9873 - 3F                    - aas			// aas == ASCII Adjust AL after Subtraction
Any help is appreciated.
Thanks.
Last edited by 3oddbits on Fri Aug 04, 2017 9:52 pm, edited 1 time in total.

Squall8
Expert Cheater
Expert Cheater
Posts: 185
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 102

Re: [HELP] AutoAssemble and float values

Post by Squall8 » Sat Jul 22, 2017 8:19 pm

Question 1: mov [eax],(float)500000 (yes its a decimal value)

Question 2: Do you know what is in Eax before hand? If you do its just simple math. If you don't, set a breakpoint on that instruction. It'll tell you what it was before it has a chance to execute.

Question 3: CDQ just converts a Dword to Qword. It sets the Signed Flag and extends the signed bytes of what looks like in this case Eax--->Edx.
CWD is basically the same. Converts whatever register (ax,bx..) and moves signed bytes into dx.

SBB subtracts the the value of the Source+Carry Flag from the destination. You'll need to follow the code a few lines up with break and trace to get a better grasp.

Not sure about AAS.

qword - 8 Byte Value
dword - 4 Byte
word - 2 Byte
byte - Pretty Obvious lol

3oddbits
Noobzor
Noobzor
Posts: 10
Joined: Thu Jul 06, 2017 6:32 pm
Reputation: 0

Re: [HELP] AutoAssemble and float values

Post by 3oddbits » Mon Jul 24, 2017 1:41 am

@squall8

Thanks for the info.

Taking some time to learn about the 'breakpoint' tool.

One thing is becoming clear, the code base for this game is really screwy.
Put '- add [eax],al' thirty times / lines, consecutively, for a rough picture of it.

User avatar
FreeER
Cheater
Cheater
Posts: 48
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 5
Contact:

Re: [HELP] AutoAssemble and float values

Post by FreeER » Mon Jul 24, 2017 2:24 am

Code: Select all

add [eax],al
is just 0 bytes which is almost certainly just unused memory when you have several of them in a row (it was initialized to 0 to prevent data leakage from the previous program that used the memory but is unused by the current program). The same thing will happen when you allocate memory from CE, it's initially set to 0, and if you accidentally forget to jmp back you'll find yourself executing that "code" until it inevitably crashes lol

3oddbits
Noobzor
Noobzor
Posts: 10
Joined: Thu Jul 06, 2017 6:32 pm
Reputation: 0

Re: [HELP] AutoAssemble and float values

Post by 3oddbits » Fri Aug 04, 2017 9:50 pm

@FreeER

Thanks for the info.

I think that I might probe even further back on "what accesses this".
The true value has to be read in from the disk at some point.
Locating that would work around the constant overwrite problem.

Post Reply

Who is online

Users browsing this forum: No registered users