Like I said, you want some solid logic. If you want, you can get IDA, open you .exe in IDA, then let it finish the analysis. Then go to your function and see how many xrefs are to it (assuming it's not a dynamic function, called in the fashion "call qword ptr [rax+D0]"). Based on that you can tell which other places are going to call the function you're about to hook. Thus obtain a better certainty that, if the function is called from a different location than expected, your stack will look good and the [esp+offset] will always contain what you're looking for.
On the other hand, it's not always registers comparing. Have you ever checked out what the ADDRESS in the register contains? Most, if not all, functions are called with parameters.
In C++ world an example would be DealDamage( Character, amount ).
In x86 ASM that would be:
push amount //+8 to esp
push Character //+8 to esp
call DoDamage //+8 to esp when looked at from inside the function
In x64 ASM that would be:
mov rdx,amount //2nd param
mov rcx,Character // 1st param
call DoDamage
So in x86 your "Character" structure (thus an address) will be in [esp+8]. Amount is in [esp+10].
In the x64 version, your "Character" structure (the address) will be in RCX. The amount in RDX.
So rather than discussing shit from 2000+ when people still flaunted these "compare registers" crap, please pull yourselves together and learn how a function is structured and called. The calling conventions. You can then later on devise "comparison" approaches.
Right now you're just mumbling and creating convoluted code that, while it's working and you're feeling self-sufficient, it's nowhere close to the programming logic of how these games were conceived. If you're happy it works and can't be bothered to learn more, then so be it.
Code: Select all
newmem:
pushf
cmp rbx,0
jne code
cmp rdx,4
jne code
cmp r12,0
jne code
cmp [r8+14],#0 //energy range
jl code
cmp [r8+14],#11 //energy range
jge code
cmp [r8+10],#1 //hours left in day range
jl code
cmp [r8+10],#24 //hours left in day range
jg code
cmp [r8+E4],#128 //Compare whats left
jne code
popf
mov [xp],r8
mov rax,[rcx]
mov rdx,r9
jmp return
code:
popf
mov rax,[rcx]
mov rdx,r9
jmp return
What if r8 is 0? Are you checking that anywhere? Cuz "cmp [r8+14]" will result in a big ass crash. Please don't say "yeah, but I know r8 is valid there, cuz I debugged the code". If so, then please read again what I said 2 posts back and the beginning of this post. I really doubt you've thoroughly tested all possibilities of your code being used by OTHER callers. So.. while r8 now is valid, there may be a loading screen in which your hook is ran and r8 is 0. Then you'll waste several more hours not understanding why it crashes, when you could've done this:
test r8,r8
je exit // if 0
Code: Select all
newmem:
pushf
cmp rbx,0
jne code
cmp rdx,4
jne code
cmp r12,0
jne code
test r8,r8
je code
cmp [r8+14],#0 //energy range
jl code
cmp [r8+14],#11 //energy range
jge code
cmp [r8+10],#1 //hours left in day range
jl code
cmp [r8+10],#24 //hours left in day range
jg code
cmp [r8+E4],#128 //Compare whats left
jne code
@@:
popf
mov [xp],r8
mov rax,[rcx]
mov rdx,r9
jmp return
code:
popf
mov rax,[rcx]
mov rdx,r9
jmp return
BR,
Sun