Pointers through scripts

C

Classicus

Noobzor
Joined
Feb 15, 2020
Messages
5
edit: TheyCallMeTim13 has provided a working solution a few posts down. Thanks again TheyCallMeTim13!

Hi,

I tried my best to see if this was answered somewhere, but couldn't find it in regards to my specific situation. Sometimes I use scripts for finding pointers. Below is an example of one that commonly works:
Code:
newmem:
mov [p_minute],rax

code:
  movss xmm0,[rax+30]
  jmp return
In above example, I can add address p_minute with pointer offset 30. However, I have come across a code that I can't figure out. Below is what I have:
Code:
newmem:
mov [p_clevel],rax

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return
Because its not a simple rax, and instead "rax+r8*4+00000424", I haven't been able to get this to work. I have address p_clevel added with pointer offset 424 but it doesn't point to the right address. I've tried a few things and trying to move different registers into p_clevel or using different offsets, but I can't figure this one out. Does anyone know how to do this one? Let me know if I need to explain it better. Thanks in advance!
 
GreenHouse

GreenHouse

Expert Cheater
Table Maker
Joined
Oct 12, 2018
Messages
463
This should work already. And in case you want to make a group with multiple addresses, just remove the 424 from the first mov.
Code:
newmem:
  push rdi
  mov rdi,[rax+r8*4+00000424]
  mov [p_clevel],rdi
  pop rdi

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return
 
C

Classicus

Noobzor
Joined
Feb 15, 2020
Messages
5
Thanks Greenhouse, although at first I thought it was working since the value of the address seemed proper. But then realized the address is not correct so no luck doing it that way. I also tried removing the 424, but no luck with that either.
 
TheyCallMeTim13

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,799
Try LEA (load effective address) instead of MOV.
Code:
newmem:
  push rdi
  lea rdi,[rax+r8*4+00000424]
  mov [p_clevel],rdi
  pop rdi

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return
 
C

Classicus

Noobzor
Joined
Feb 15, 2020
Messages
5
Thanks TheyCallMeTim13! Using LEA worked! I'm going to edit my main post to mention a working solution has been provided by you.
 
GreenHouse

GreenHouse

Expert Cheater
Table Maker
Joined
Oct 12, 2018
Messages
463
TheyCallMeTim13 said:
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.
 
C

Classicus

Noobzor
Joined
Feb 15, 2020
Messages
5
GreenHouse said:
TheyCallMeTim13 said:
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.
I'm curious about this too. I suspect the "r8" has something to do with it. If it were something like [rax+rbx*4+00000424], then I think mov would work. But I'm not entirely sure.
 
TheyCallMeTim13

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,799
GreenHouse said:
TheyCallMeTim13 said:
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.
MOV moves the value at that address to the operand, where as LEA sets the operand to the address.
mov rax,rbx+rcx*4+18
While this isn't proper ASM, it would in theory work the same as this.
lea rax,[rbx+rcx*4+18]
 
GreenHouse

GreenHouse

Expert Cheater
Table Maker
Joined
Oct 12, 2018
Messages
463
TheyCallMeTim13 said:
MOV moves the value at that address to the operand, where as LEA sets the operand to the address.
mov rax,rbx+rcx*4+18
While this isn't proper ASM, it would in theory work the same as this.
lea rax,[rbx+rcx*4+18]
Ok I see why now. I've always done the mov to an alloc directly. Just "mov [alloc],rax", but as you're moving the [rbx+rcx*4+18] to another register, you need to move the address itself, to the register to then mov it to the alloc. I didn't think about that.
 
Top