Single Shared Instruction for lots of things?
Posted: Sat Feb 08, 2020 1:26 am
Lets say we have something like this (for the pre-release of Cook Serve Delicious 3):
So no offset there and while I can do dissect data/structures and get something to use a compare with, all I get is a crash when trying to do a compare in a script. I once saw a game (don't remember which) that used a single instruction that accessed thousands of addresses (maybe most of everything i n the game) including all the player ones. Also in both of these cases even viewing "Which addressees this instruction accesses" causes the game to slow to a crawl and sometimes the address you are looking for never even shows up among the dozens or hundreds of addresses in that window. So, what do we do in such cases?
Code: Select all
"CSD3.exe"+177499: 8B 01 - mov eax,[ecx]
"CSD3.exe"+17749B: 89 47 F0 - mov [edi-10],eax
"CSD3.exe"+17749E: 85 C0 - test eax,eax
"CSD3.exe"+1774A0: 74 54 - je CSD3.exe+1774F6
"CSD3.exe"+1774A2: FF 00 - inc [eax]
"CSD3.exe"+1774A4: 8B 47 F0 - mov eax,[edi-10]
"CSD3.exe"+1774A7: 83 78 08 00 - cmp dword ptr [eax+08],00
"CSD3.exe"+1774AB: 75 49 - jne CSD3.exe+1774F6
"CSD3.exe"+1774AD: 89 48 08 - mov [eax+08],ecx
"CSD3.exe"+1774B0: EB 44 - jmp CSD3.exe+1774F6
// ---------- INJECTING HERE ----------
"CSD3.exe"+1774B2: F2 0F 10 01 - movsd xmm0,[ecx]<----------access many dozens of addresses that have nothing to do with my value
"CSD3.exe"+1774B6: F2 0F 11 47 F0 - movsd [edi-10],xmm0
// ---------- DONE INJECTING ----------
"CSD3.exe"+1774BB: EB 39 - jmp CSD3.exe+1774F6
"CSD3.exe"+1774BD: 8B 01 - mov eax,[ecx]
"CSD3.exe"+1774BF: 89 47 F0 - mov [edi-10],eax
"CSD3.exe"+1774C2: 8B 41 04 - mov eax,[ecx+04]
"CSD3.exe"+1774C5: 89 47 F4 - mov [edi-0C],eax
"CSD3.exe"+1774C8: EB 2C - jmp CSD3.exe+1774F6
"CSD3.exe"+1774CA: 8B 01 - mov eax,[ecx]
"CSD3.exe"+1774CC: 85 C0 - test eax,eax
"CSD3.exe"+1774CE: 74 23 - je CSD3.exe+1774F3
"CSD3.exe"+1774D0: FF 40 04 - inc [eax+04]