I have a problem with a string

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 178
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 149

I have a problem with a string

Post by SilverRabbit90 »

Can anyone help me with a problem? I tried to do a cheat for infinite life, comparing a string with a specific name gives me error saying it can't be compiled.

Like this code:


label(code)
label(return)

newmem:

cmp [esi+A88],'zL$health'
je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return



I tried to remove $ and it no longer gives compile error, but the cheat wan't work, how can I make a code keeping the string 'zl$health' ?



In this code the string work, example:


aobscanmodule(INJECT,Blightbound.exe,F3 0F 11 96 94 00 00 00 0F 57 C9 8B CE C7 46 7C 00 00 00 00 E8 94) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(w)
newmem:

cmp [esi+10],'gold'
jne code

addss xmm2,[w]
movss [esi+00000094],xmm2
jmp return
w:
dq (float)10000

code:
movss [esi+00000094],xmm2
jmp return

INJECT:
jmp newmem
nop 3

return:
registersymbol(INJECT)


This code add money on pick up, the string 'gold' is accepted and does not give a compilation error, how can I do the same thing for the other code?

User avatar
PeaceBeUponYou
Expert Cheater
Expert Cheater
Posts: 77
Joined: Sat Dec 12, 2020 8:09 am
Reputation: 124

Re: I have a problem with a string

Post by PeaceBeUponYou »

First of you need to know that a cmp instruction only supports imm8,imm16 and imm32 , numbers in source operand, and each CHAR in a string is 1 byte that is why in here: cmp [esi+10],'gold' it works as gold = 67 6F 6C 64 and compiles but in here cmp [esi+A88],'zL$health' the zL$health = 7A 6C 24 68 65 61 6C 74 68 it is even bigger than imm64 (8bytes), that is why it is not compiling. But for strings none of these ways are right, sometime it does work but the proper way would be using string specific instructions to compare like so:

Code: Select all

alloc(strCmp,$20)
label(strToCmprWith)
strCmp: //ebp+10 = source1, ebp+C = source2 , ebp+8= #source1
push ebp
mov ebp,esp

push esi
push edi
push ecx
xor eax,eax

mov esi,[ebp+10]
mov edi,[ebp+C]
mov ecx,[ebp+8]
loophere:
 cmpsb
 jne popregs
 loop loophere
 mov eax,01 //if match successful
 
popregs:
pop ecx
pop edi
pop esi

mov esp,ebp
pop ebp
ret C


newmem:
push eax
lea eax,[strToCmprWith] //source1
push eax
lea eax,[esi+A88] //source2
push eax
mov eax,9 //== no of chars in strToCmprWith
push eax //
call strCmp
test eax,eax 
pop eax
je failed
//cmp [esi+A88],'zL$health'
//je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return
strToCmprWith:
  db 'zL$health',0

User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 178
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 149

Re: I have a problem with a string

Post by SilverRabbit90 »

PeaceBeUponYou wrote:
Tue Aug 10, 2021 5:17 pm
First of you need to know that a cmp instruction only supports imm8,imm16 and imm32 , numbers in source operand, and each CHAR in a string is 1 byte that is why in here: cmp [esi+10],'gold' it works as gold = 67 6F 6C 64 and compiles but in here cmp [esi+A88],'zL$health' the zL$health = 7A 6C 24 68 65 61 6C 74 68 it is even bigger than imm64 (8bytes), that is why it is not compiling. But for strings none of these ways are right, sometime it does work but the proper way would be using string specific instructions to compare like so:

Code: Select all

alloc(strCmp,$20)
label(strToCmprWith)
strCmp: //ebp+10 = source1, ebp+C = source2 , ebp+8= #source1
push ebp
mov ebp,esp

push esi
push edi
push ecx
xor eax,eax

mov esi,[ebp+10]
mov edi,[ebp+C]
mov ecx,[ebp+8]
loophere:
 cmpsb
 jne popregs
 loop loophere
 mov eax,01 //if match successful
 
popregs:
pop ecx
pop edi
pop esi

mov esp,ebp
pop ebp
ret C


newmem:
push eax
lea eax,[strToCmprWith] //source1
push eax
lea eax,[esi+A88] //source2
push eax
mov eax,9 //== no of chars in strToCmprWith
push eax //
call strCmp
test eax,eax 
pop eax
je failed
//cmp [esi+A88],'zL$health'
//je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return
strToCmprWith:
  db 'zL$health',0

Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD

User avatar
notpikachu
Table Makers
Table Makers
Posts: 311
Joined: Wed Apr 01, 2020 10:32 am
Reputation: 331

Re: I have a problem with a string

Post by notpikachu »

SilverRabbit90 wrote:
Wed Aug 11, 2021 10:18 am
Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD
You could always do it like this if that's to complex.

Code: Select all

label(code)
label(return)

newmem:
cmp dword ptr [esi+A88],'zL$h'
jne code
cmp word ptr [esi+A8C],'ea'
jne code
cmp word ptr [esi+A8E],'lt'
jne code
cmp byte ptr [esi+A90],'h'
jne code
db 90 90 90 90 90
jmp return

code:
movss [esi+48],xmm0
jmp return
but I highly recommend you check out the cmps[b, w, d, q] like the post above :).
edit1:I checked back the original code and look back at mine and it seems that's a wrong way to put je if you trying to nop the damage on your own character, unless that string is actually own by the enemies? please ignore this if that's exactly what you trying to do. but if it's otherwise, please use jne.
Last edited by notpikachu on Wed Aug 11, 2021 3:14 pm, edited 1 time in total.

User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 178
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 149

Re: I have a problem with a string

Post by SilverRabbit90 »

notpikachu wrote:
Wed Aug 11, 2021 10:30 am
SilverRabbit90 wrote:
Wed Aug 11, 2021 10:18 am
Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD
You could always do it like this if that's to complex.

Code: Select all

label(code)
label(return)

newmem:
cmp dword ptr [esi+A88],'zL$h'
je code
cmp word ptr [esi+A8C],'ea'
je code
cmp word ptr [esi+A8E],'lt'
je code
cmp byte ptr [esi+A90],'h'
je code
db 90 90 90 90 90
jmp return

code:
movss [esi+48],xmm0
jmp return
but I highly recommend you check out the cmps[b, w, d, q] like the post above :).

Oh this is much simpler, I can understand it too XD

GreenHouse
Expert Cheater
Expert Cheater
Posts: 857
Joined: Fri Oct 12, 2018 10:25 pm
Reputation: 889

Re: I have a problem with a string

Post by GreenHouse »

This is what I recommend. As it's easier to add multiple strings and not make it a mess.
It's a little bit more advanced in terms of ASM, but it should work.

Code: Select all

label(code)
label(return)
label(string)
alloc(stringCheck,4)
registersymbol(stringCheck)

string:
db 'zL$health' 00

newmem:
pushad
lea eax,[esi+A88]
mov [stringCheck],eax
push string
push [stringCheck]
call strstr
add esp,08
test eax,eax
popad
je code //If it's not equal, jump to code
**Do whatever here**

code:
movss [esi+48],xmm0
jmp return

User avatar
PeaceBeUponYou
Expert Cheater
Expert Cheater
Posts: 77
Joined: Sat Dec 12, 2020 8:09 am
Reputation: 124

Re: I have a problem with a string

Post by PeaceBeUponYou »

SilverRabbit90 wrote:
Wed Aug 11, 2021 10:18 am
I could never have imagined such a complex code, it will take me a while to understand it completely XD
Well this is the right way to compare a string in ASM, you can also use scasb and derivatives if you want to scan for a pattern in a string.

Besides this method does not only allows you to compare the whole string but you can also limit the number of chars to compare at line: mov eax,9 //== no of chars in strToCmprWith, if you want to compare limited part only. But if you want to compare the whole string and do not want to manually put CHAR count each time, you can use this script to get string length and use its return value at that line:

Code: Select all

strlengthA: //ebp+8=*stringToLength
 enter 4,0
 push edi
 mov edi, [ebp+8]
 xor eax,eax
 mov [ebp-4],eax //tempVar
loophere:
 inc dword ptr [ebp-4]
 scasb
 jne loophere
 dec dword ptr [ebp-4]
 mov eax, [ebp-4]
 pop edi
 leave
 ret 4
 
newmem:
 push eax
 lea eax,[ptrToStringVariable] //*stringToLength
 push eax
 call strlengthA
 //length is return in eax, you can store it in some variable is you want or use it directly
 pop eax

Post Reply

Who is online

Users browsing this forum: No registered users