Page 1 of 1

Pointers through scripts

Posted: Sat Feb 15, 2020 12:59 pm
by Classicus
edit: ShyTwig16 has provided a working solution a few posts down. Thanks again ShyTwig16!

Hi,

I tried my best to see if this was answered somewhere, but couldn't find it in regards to my specific situation. Sometimes I use scripts for finding pointers. Below is an example of one that commonly works:

Code: Select all

newmem:
mov [p_minute],rax

code:
  movss xmm0,[rax+30]
  jmp return
In above example, I can add address p_minute with pointer offset 30. However, I have come across a code that I can't figure out. Below is what I have:

Code: Select all

newmem:
mov [p_clevel],rax

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return
Because its not a simple rax, and instead "rax+r8*4+00000424", I haven't been able to get this to work. I have address p_clevel added with pointer offset 424 but it doesn't point to the right address. I've tried a few things and trying to move different registers into p_clevel or using different offsets, but I can't figure this one out. Does anyone know how to do this one? Let me know if I need to explain it better. Thanks in advance!

Re: Pointers through scripts

Posted: Sat Feb 15, 2020 1:23 pm
by GreenHouse
This should work already. And in case you want to make a group with multiple addresses, just remove the 424 from the first mov.

Code: Select all

newmem:
  push rdi
  mov rdi,[rax+r8*4+00000424]
  mov [p_clevel],rdi
  pop rdi

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return

Re: Pointers through scripts

Posted: Sat Feb 15, 2020 1:52 pm
by Classicus
Thanks Greenhouse, although at first I thought it was working since the value of the address seemed proper. But then realized the address is not correct so no luck doing it that way. I also tried removing the 424, but no luck with that either.

Re: Pointers through scripts

Posted: Sat Feb 15, 2020 5:17 pm
by TimFun13
Try LEA (load effective address) instead of MOV.

Code: Select all

newmem:
  push rdi
  lea rdi,[rax+r8*4+00000424]
  mov [p_clevel],rdi
  pop rdi

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return

Re: Pointers through scripts

Posted: Sun Feb 16, 2020 12:25 am
by Classicus
Thanks ShyTwig16! Using LEA worked! I'm going to edit my main post to mention a working solution has been provided by you.

Re: Pointers through scripts

Posted: Sun Feb 16, 2020 8:59 am
by GreenHouse
ShyTwig16 wrote:
Sat Feb 15, 2020 5:17 pm
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.

Re: Pointers through scripts

Posted: Sun Feb 16, 2020 11:37 am
by Classicus
GreenHouse wrote:
Sun Feb 16, 2020 8:59 am
ShyTwig16 wrote:
Sat Feb 15, 2020 5:17 pm
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.
I'm curious about this too. I suspect the "r8" has something to do with it. If it were something like [rax+rbx*4+00000424], then I think mov would work. But I'm not entirely sure.

Re: Pointers through scripts

Posted: Mon Feb 17, 2020 11:33 am
by TimFun13
GreenHouse wrote:
Sun Feb 16, 2020 8:59 am
ShyTwig16 wrote:
Sat Feb 15, 2020 5:17 pm
Try LEA (load effective address) instead of MOV.
Why does LEA work instead of MOV? I've always used MOV to do that.
MOV moves the value at that address to the operand, where as LEA sets the operand to the address.
mov rax,rbx+rcx*4+18
While this isn't proper ASM, it would in theory work the same as this.
lea rax,[rbx+rcx*4+18]

Re: Pointers through scripts

Posted: Mon Feb 17, 2020 12:07 pm
by GreenHouse
ShyTwig16 wrote:
Mon Feb 17, 2020 11:33 am
MOV moves the value at that address to the operand, where as LEA sets the operand to the address.
mov rax,rbx+rcx*4+18
While this isn't proper ASM, it would in theory work the same as this.
lea rax,[rbx+rcx*4+18]
Ok I see why now. I've always done the mov to an alloc directly. Just "mov [alloc],rax", but as you're moving the [rbx+rcx*4+18] to another register, you need to move the address itself, to the register to then mov it to the alloc. I didn't think about that.

Re: Pointers through scripts

Posted: Tue Sep 08, 2020 11:48 am
by jmark81976
ShyTwig16 wrote:
Sat Feb 15, 2020 5:17 pm
Try LEA (load effective address) instead of MOV.

Code: Select all

newmem:
  push rdi
  lea rdi,[rax+r8*4+00000424]
  mov [p_clevel],rdi
  pop rdi

code:
  movss xmm0,[rax+r8*4+00000424]
  jmp return
How about this?

Code: Select all

alloc(newmem,$1000)
globalalloc(hp,8)

hp:
dq (float)0

label(code)
label(return)

newmem:
mov [hp],rax

code:
movss [rax+14],xmm5
jmp return
Top
Is this the same process or is it different? I've try your example but it wouldn't work.