Page 1 of 1
Mov Registered Symbol into register?
Posted: Thu Jan 12, 2023 10:40 pm
by SarashJessicaParker
I am working with the following code and I want to mov [item],r13 and rax. I was trying to create a pointer with item when you enable the script and I have done this before with 1 register but not 2 and can't figure out how to get it to work properly. I am trying to make that address change every time I select another item and I have done something like this before and it worked fine. mov [item],r13 and create a pointer and add an offset of 00 for this example, but I am not sure how to work with [r13+rax+00] sorry for the confusion if I poorly worded this, but if it was just [r13+00] I think I could make the address change each time I select another item any help would be appreciated and thanks in advance.
[ENABLE]
aobscan(iedit,45 8B 64 05 00 45 89 E4 4D 89 A7 A0 00 00 00 48 83 6C 24 20 02 48 83 7C 24 20 00 0F 8F 2F 00 00 00 66 0F 1F 84 00 00 00 00 00 0F 1F 84 00 00 00 00 00 B8 A4 F4 0B 09 49 89 87 00 01 00 00 E9) // should be unique
alloc(newmem,$1000,iedit)
alloc(item,4)
registersymbol(item)
label(code)
label(return)
newmem:
code:
mov [item],r13
mov r12d,[r13+rax+00]
jmp return
iedit+07:
jmp newmem
return:
registersymbol(iedit)
[DISABLE]
iedit+07:
db 45 8B 64 05 00
unregistersymbol(iedit)
dealloc(newmem)
dealloc(item,4)
unregistersymbol(item)
Re: Mov Registered Symbol into register?
Posted: Thu Jan 12, 2023 10:57 pm
by Csimbi
Instead of the solution, here's a generic lesson.
You have two choices.
The x64 safe way:
Code: Select all
mov rax,item // Load address of item into RAX
mov rax,[rax] // Load value from address specified in RAX, which is item's address per previous instruction
The unsafe way:
Code: Select all
mov rax,[item] // Load item's value from address of item directly into RAX
The first one will always be safe, but it's two instructions.
The second one will only work if 'item' is close to the code (can be addressed with 32 bits).
See what you can make of this lesson (trying to use your own head is the best way to learn).
If you have issues, ask again.
PS. you need a better description of the problem, I have no idea what you want
Re: Mov Registered Symbol into register?
Posted: Sun Jan 29, 2023 6:57 am
by LeFiXER
Perhaps something like this:
Code: Select all
[ENABLE]
aobscan(iedit,45 8B 64 05 00 45 89 E4 4D 89 A7 A0 00 00 00 48 83 6C 24 20 02 48 83 7C 24 20 00 0F 8F 2F 00 00 00 66 0F 1F 84 00 00 00 00 00 0F 1F 84 00 00 00 00 00 B8 A4 F4 0B 09 49 89 87 00 01 00 00 E9) // should be unique
alloc(newmem,$1000,iedit)
alloc(item,4)
alloc(idx,4)
label(code)
label(return)
newmem:
push rbx
push rcx
mov rbx,[r13+rax]
mov rcx,item
mov [rcx],rbx
pop rbx
pop rcx
// It's wise to add the changes under newmem for clarity, and when sharing the code with others, they can see what the original instructions are.
code:
//mov [item],r13 // I'm assuming you added this instruction here.
mov r12d,[r13+rax+00]
jmp return
iedit+07:
jmp newmem
return:
registersymbol(iedit)
registersymbol(item)
registersymbol(idx)
[DISABLE]
iedit+07:
db 45 8B 64 05 00
unregistersymbol(iedit)
unregistersymbol(item)
unregistersymbol(idx)
dealloc(newmem)
dealloc(item,4)
dealloc(idx)
Re: Mov Registered Symbol into register?
Posted: Wed Feb 01, 2023 5:20 pm
by AlexS
LeFiXER wrote: ↑Sun Jan 29, 2023 6:57 am
Perhaps something like this:
(Google translation)
Looks like the "push" or "pop" instructions need to swap the registers.
