[SOLVED] AutoAssemble and float values

Jul 6, 2017
I am trying to use a AoB Code Injection to lock-in a constantly overwritten static address / constant ( float type ) value.
Tried using the FPU commands but couldn't figure out how to get a float ( example : 0.67 ) generated in the FPU.

Question #1 :
I my searches, I stumbled across this in the CE Forums :
mov [eax],(int)500000
Is there a float version of this command, and is that value NOT in Hex? ( It still works in AutoAssemble )

Question #2 :
game.exe+5D987C - 00 00                 - add [eax],al
The values contained in the registers before the 'add' command executed, how do I determine what they are?

Question #3 :
'eax' is a 32bit register, 'al' is an 8bit register. How does the 'Qword/Dword/Word/Byte' designation effect the numbers contained and their manipulation? ( I do not understand what is going on in these code snippet(s). )
game.exe+5D984C - 00 80 BB439A99        - add [eax-6665BC45],al
game.exe+5D9852 - 99                    - cdq			// cdq == Convert Word to Doubleword / Convert Doubleword to Quadword
game.exe+5D9853 - 3E 1A 00              - sbb al,byte ptr [eax]	// sbb == Integer Subtraction with Borrow
game.exe+5D986D - 00 80 3E9A9919        - add [eax+19999A3E],al
game.exe+5D9873 - 3F                    - aas			// aas == ASCII Adjust AL after Subtraction
Any help is appreciated.


RCE Fanatics
Mar 3, 2017
Question 1: mov [eax],(float)500000 (yes its a decimal value)

Question 2: Do you know what is in Eax before hand? If you do its just simple math. If you don't, set a breakpoint on that instruction. It'll tell you what it was before it has a chance to execute.

Question 3: CDQ just converts a Dword to Qword. It sets the Signed Flag and extends the signed bytes of what looks like in this case Eax--->Edx.
CWD is basically the same. Converts whatever register (ax,bx..) and moves signed bytes into dx.

SBB subtracts the the value of the Source+Carry Flag from the destination. You'll need to follow the code a few lines up with break and trace to get a better grasp.

Not sure about AAS.

qword - 8 Byte Value
dword - 4 Byte
word - 2 Byte
byte - Pretty Obvious lol
Jul 6, 2017

Thanks for the info.

Taking some time to learn about the 'breakpoint' tool.

One thing is becoming clear, the code base for this game is really screwy.
Put '<COLOR color="#008040">- add [eax],al</COLOR>' thirty times / lines, consecutively, for a rough picture of it.


RCE Fanatics
Mar 10, 2017
add [eax],al
is just 0 bytes which is almost certainly just unused memory when you have several of them in a row (it was initialized to 0 to prevent data leakage from the previous program that used the memory but is unused by the current program). The same thing will happen when you allocate memory from CE, it's initially set to 0, and if you accidentally forget to jmp back you'll find yourself executing that "code" until it inevitably crashes lol
Jul 6, 2017

Thanks for the info.

I think that I might probe even further back on "what accesses this".
The true value has to be read in from the disk at some point.
Locating that would work around the constant overwrite problem.
Top Bottom