Page 1 of 1
Compare big address in assembly
Posted: Tue Nov 26, 2019 12:35 am
by nihilism
Using the new CE feature, it found a commonality and I would like to compare it out in a script. However, seems that the value is large or my syntax is incorrect.
Any help to put me in the right direction would be appreciated
cmp rcx,7FF477AA1240
Re: Compare big address in assembly
Posted: Tue Nov 26, 2019 1:09 am
by nihilism
After some trial and error, was able to get it working by storing big value some place in memory and referencing that in the compare.
If there is an easier/more efficient method for doing this, please still let me know.
compareaddy:
dq 7FF477AA1240
newmem:
cmp rax,1
je incItems
cmp rcx,[compareaddy]
je health
jne code
Re: Compare big address in assembly
Posted: Tue Nov 26, 2019 9:05 am
by Eric
You could use a mov reg64,value64 and then cmp that but takes one more instruction (and more if you need to restore the register)
also, a value like that will likely only work for you on that one run. See if there is a way to figure out what that value really is and then deal with it accordingly
e.g if 7FF477AA1240 is an address inside a module, then the 7FF477AA part can change next run. But the 1240 part will be the same, so you could do a cmp cx,1240 and have the same effect and will work between different runs/systems
Re: Compare big address in assembly
Posted: Tue Dec 10, 2019 5:05 pm
by SunBeam
^ ..as long as the .exe is the same
Enphasizing it as people often confuse what you explained with 'working across game updates'.
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 12:07 am
by Akhent
for compare where the problems on my script
push rdi // or rcx // or rax
mov rdi,[rbx+78]
mov rdi,[rdi+c40]
cmp [rdi+598],#0
pop rdi
jne code
always display "fatal error" on game
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 12:17 am
by Akhent
Akhent wrote: ↑Wed Jan 08, 2020 12:07 am
for compare where the problems on my script
push rdi // or rcx // or rax
mov rdi,[rbx+78]
mov rdi,[rdi+c40]
cmp [rdi+598],#0
pop rdi
jne code
always display "fatal error" on game
this the full script,, if whitout compare the script will run perfectly but enemy have same effect
newmem:
push rdi
mov rdi,[rbx+78]
mov rdi,[rdi+c40]
cmp [rdi+598],#0
pop rdi
jne code
mov eax,[rsi+000007ac] //7ac //f14 (max health) to eax
cvtsi2ss xmm0,eax //max health to health
code:
movss [rsi+00000AB8],xmm0 //originalcode
jmp return
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 2:03 am
by TimFun13
The fatal error is likely due to rax/eax not being saved and restored, or because rbx+78 or one of the others used isn't always an address. As far as rax/eax goes, you don't need to use it at all, just use that xmm0 (i.e.
movss xmm0,[rsi+7AC]). And for the address you read from, put in a check.
Code: Select all
push rdi
mov rdi,[rbx+78]
test rdi,rdi
jz code
mov rdi,[rdi+C40]
test rdi,rdi
jz code
cmp [rdi+598],0
jne code
movss xmm0,[rsi+7AC]
code:
pop rdi
movss [rsi+00000AB8],xmm0 //originalcode
jmp return
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 8:14 am
by Akhent
ShyTwig16 wrote: ↑Wed Jan 08, 2020 2:03 am
The fatal error is likely due to rax/eax not being saved and restored, or because rbx+78 or one of the others used isn't always an address. As far as rax/eax goes, you don't need to use it at all, just use that xmm0 (i.e.
movss xmm0,[rsi+7AC]). And for the address you read from, put in a check.
Code: Select all
push rdi
mov rdi,[rbx+78]
test rdi,rdi
jz code
mov rdi,[rdi+C40]
test rdi,rdi
jz code
cmp [rdi+598],0
jne code
movss xmm0,[rsi+7AC]
code:
pop rdi
movss [rsi+00000AB8],xmm0 //originalcode
jmp return
thank's I had try with your script but have the same result, I have try and error and I figure out the problem on jump command, maybe too far (I don't know exactly) the address memory from the original code
because if I disable "//jne code" from my first script it's gonna be ok
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 8:35 am
by Akhent
label(originalcode)
label(return)
label(healmeplease)
newmem:
push rdi
mov rdi,[rbx+78]
mov rdi,[rdi+c40]
cmp [rdi+598],#0
pop rdi
je healmeplease
originalcode:
movss [rsi+AB8],xmm0 //originalcode
jmp return
healmeplease:
cvtsi2ss xmm0,[rsi+7ac] //max health to health
movss [rsi+AB8],xmm0
jmp return
fix,,,,
but have a new problem if heal team again and again, fatal error
Re: Compare big address in assembly
Posted: Wed Jan 08, 2020 5:39 pm
by TheByteSize
It means that at some point the:
mov rdi,[rbx+78]
or
mov rdi,[rdi+c40]
doesn't contain valid address.
Re: Compare big address in assembly
Posted: Thu Jan 09, 2020 3:14 pm
by Bloodybone
Could you try out this and tell me what happens:
Code: Select all
label(originalcode)
label(return)
label(healmeplease)
newmem:
{$try}
push rdi
mov rdi,[rbx+78]
mov rdi,[rdi+c40]
cmp [rdi+598],#0
jne originalcode
healmeplease:
cvtsi2ss xmm0,[rsi+7ac] //max health to health
movss [rsi+AB8],xmm0
pop rdi
jmp return
{$except}
push rbp
mov rbp,rsp
and spl,F0
sub rsp,70
mov [rsp+20],rax
mov [rsp+28],rcx
mov [rsp+30],rdx
mov [rsp+38],r8
mov [rsp+40],r9
mov [rsp+48],r10
mov [rsp+50],r11
mov dword ptr [rsp+58],'Exce'
mov dword ptr [rsp+5C],'ptio'
mov word ptr [rsp+60],006E
xor rcx,rcx
lea rdx,[rsp+58]
xor r8,r8
xor r9,r9
call user32.MessageBoxA
mov r11,[rsp+50]
mov r10,[rsp+48]
mov r9,[rsp+40]
mov r8,[rsp+38]
mov rdx,[rsp+30]
mov rcx,[rsp+28]
mov rax,[rsp+20]
mov rsp,rbp
pop rbp
originalcode:
movss [rsi+AB8],xmm0 //originalcode
pop rdi
jmp return