FearLess Cheat Engine

Posted: **Mon Nov 27, 2023 7:43 pm**

It's a PCSX2 game.

[ecx+4] (2 byte)
[ecx+6] (2 byte, too)
How can I do something like this: [ecx+6] = [ecx+4] * 10, using CE script?

Thank you.

Posted: **Mon Nov 27, 2023 8:41 pm**

Might help to explain yourself better, I can't seem to see what you are asking to do.

Posted: **Mon Nov 27, 2023 9:39 pm**

Rhark wrote: ↑
Mon Nov 27, 2023 8:41 pm
Might help to explain yourself better, I can't seem to see what you are asking to do.

For example, the ecx register is something like this:

Code: Select all

02   1C   42   32   21   00   39   00 ...

I want to get [ecx+4] (only 2 byte): 21 00

multiply 21 00 with 10, result: XX XX

Place result to [ecx+6]

So in the end the ecx should be:

Code: Select all

02   1C   42   32   21   00   XX   XX ...

Posted: **Tue Nov 28, 2023 12:53 am**

Assuming 10 is integer value.

Code: Select all

push eax  //save eax
xor eax,eax
mov eax,word ptr [ecx+4]
imul eax,a  // or imul eax,#10 or imul eax,(int)10
mov word ptr [ecx+6], eax
pop eax   //recall eax

Posted: **Tue Nov 28, 2023 6:37 am**

^^ #TheByteSize is correct; the "key" thing here is that you use 'word ptr' to collect/manipulate 2 byte info (see also: byte ptr, dword ptr, etc ~ google). for completeness sake, you also might want to work with - in this case - ax...
(seems cleaner, but i always debug it just to make sure

)

Posted: **Tue Nov 28, 2023 7:37 am**

TheByteSize wrote: ↑
Tue Nov 28, 2023 12:53 am
Assuming 10 is integer value.
Code: Select all
push eax  //save eax
xor eax,eax
mov eax,word ptr [ecx+4]
imul eax,a  // or imul eax,#10 or imul eax,(int)10
mov word ptr [ecx+6], eax
pop eax   //recall eax

CE warns me:

Code: Select all

Not all code is injectable.
(Error in line 21 (mov eax,word ptr [ecx+4]): This instruction can't be compiled)
Are you sure you want to edit it to this?

Posted: **Tue Nov 28, 2023 7:55 am**

bbufa wrote: ↑
Tue Nov 28, 2023 7:37 am
CE warns me:
Code: Select all
Not all code is injectable.
(Error in line 21 (mov eax,word ptr [ecx+4]): This instruction can't be compiled)
Are you sure you want to edit it to this?

Try this:

Code: Select all

push eax  //save eax
xor eax,eax
movzx ax,word ptr [ecx+4]
imul ax,#10
mov word ptr [ecx+6], ax
pop eax   //recall eax

Posted: **Tue Nov 28, 2023 8:04 am**

Rhark wrote: ↑
Tue Nov 28, 2023 7:55 am
bbufa wrote: ↑
Tue Nov 28, 2023 7:37 am
CE warns me:
Code: Select all
Not all code is injectable.
(Error in line 21 (mov eax,word ptr [ecx+4]): This instruction can't be compiled)
Are you sure you want to edit it to this?
Try this:
Code: Select all
push eax  //save eax
xor eax,eax
movzx ax,word ptr [ecx+4]
imul ax,#10
mov word ptr [ecx+6], ax
pop eax   //recall eax

Line

Code: Select all

movzx ax,word ptr [ecx+4]

get the same warning as above

Posted: **Tue Nov 28, 2023 8:53 am**

bbufa wrote: ↑
Tue Nov 28, 2023 8:04 am
Line
Code: Select all
movzx ax,word ptr [ecx+4]
get the same warning as above

Code: Select all

push eax  //save eax
xor eax,eax
movzx eax,word ptr [ecx+4]
imul ax,#10
mov [ecx+6], ax
pop eax   //recall eax

Sorry, had a brain fart.

Posted: **Tue Nov 28, 2023 1:26 pm**

Rhark wrote: ↑
Tue Nov 28, 2023 8:53 am
bbufa wrote: ↑
Tue Nov 28, 2023 8:04 am
Line
Code: Select all
movzx ax,word ptr [ecx+4]
get the same warning as above
Code: Select all
push eax  //save eax
xor eax,eax
movzx eax,word ptr [ecx+4]
imul ax,#10
mov [ecx+6], ax
pop eax   //recall eax
Sorry, had a brain fart.

Code: Select all

push eax  //save eax            (1)
xor eax,eax      //             (2)
movzx eax,word ptr [ecx+4]  //  (3)
imul ax,#10           //        (4)
mov [ecx+6], ax        //       (5)
pop eax   //recall eax          (6)

Now line (3) works, thank you.
But line (4) & (5), I think it is eax instead of ax?
Line (5) seems to be problem because: after (2), eax will be cleaned... After (3), except 2 first bytes of eax, the rest are 00 bytes, so eax looks like XX XX 00 00 00 00... In that case, line (5) mov the whole eax to [ecx+6] may replace a lot of bytes in ecx with 00?
Can we use "word ptr" in line (5)?

Posted: **Tue Nov 28, 2023 2:10 pm**

[Link]

Posted: **Tue Nov 28, 2023 10:20 pm**

Rhark wrote: ↑
Tue Nov 28, 2023 2:10 pm
[Link]

Thank you, after reading many times, I finally understand movzx command

However, the code

Code: Select all

imul ax,#10

still causes warning "this instruction can't be compiled".
I tried creating a new script (which has nothing to do with above codes and has only 1 imul code), just to test imul command:

Code: Select all

newmem:
  imul ax,#10

this new script can't be compiled either.
Could you please have a look.

Posted: **Tue Nov 28, 2023 10:31 pm**

This should works.
Also remember that you're converting from 4 bytes into 2 bytes so you might get negative number in game.
if that the case, you will need to add number limit to 32767 before storing it back into pointer.

Code: Select all

push eax  
xor eax,eax
movzx eax,word ptr [ecx+4]
imul eax,#10  
mov word ptr [ecx+6], ax
pop eax

Posted: **Wed Nov 29, 2023 4:07 pm**

TheByteSize wrote: ↑
Tue Nov 28, 2023 10:31 pm
This should works.
Also remember that you're converting from 4 bytes into 2 bytes so you might get negative number in game.
if that the case, you will need to add number limit to 32767 before storing it back into pointer.
Code: Select all
push eax  
xor eax,eax
movzx eax,word ptr [ecx+4]
imul eax,#10  
mov word ptr [ecx+6], ax
pop eax  

I tested these codes dozen times, so far there is no problem.
Just in case bad things happen (negative number), could you please teach me how to fix it?

Thank you so much sirs

Posted: **Wed Nov 29, 2023 5:37 pm**

Here you going to see couple push and pop. When you have multiple of these, remember the concept of First In/Last Out or Last In/First Out.
If you mess up the order, your game data could get wrong saved value in long run as worst case scenario. Immediately crash is better in this situation.
Also, we're going to use comparison in this so it's good idea to save the Flag(comparison result) stack and recall it.

Code: Select all

pushf   //saving flag stack
push eax 
push ebx 
xor eax,eax
xor ebx,ebx
mov ebx,#9999
movzx eax,word ptr [ecx+4]
imul eax,#10  
cmp eax,ebx
cmovg eax,ebx   //copy data of ebx to eax if eax is greater than ebx by the comparison line above.
mov word ptr [ecx+6], ax
pop ebx
pop eax 
popf    //recall flag stack

FearLess Cheat Engine

Working with 2-byte

Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte

Re: Working with 2-byte