AlexS wrote: ↑Sun Apr 06, 2025 1:53 pm
(Google translation)
How to use instructions
lea rax,[rip] in Cheat Engine?
I need to get the
RIP register value. The Cheat Engine program does not allow me to save the AA script with such an instruction and issues a warning about the error "Not All Code Is Injectable".
However, when I instead
lea rax,[rip]
I post a byte code of this instruction in the script script
db 48 8D 05 00 00 00 00
then the Cheat Engine program accepts it and instruction
lea rax,[rip] works fine.
What am I doing wrong? What are the reasons for this phenomenon and how can I use the instruction
lea rax,[rip] without transformation into bytes?
Theres no special phenomenon you are just a misunderstanding how the legendary rip register works.
This "48 8D 05 00 00 00 00" does mean "lea rax, [rip + 0]" but not in that form. It would look like this:
0D3B0000 - 48 8D 05 00000000 - lea rax,[0D3B0007] ; rip+ 0
0D3B0007 - C3 - ret
This is how rip relative addressing works it's always relative as the name suggests. Any assembler that lets you do something like mov rax,[rip+10] isnt actually accessing rip adding 10 and then grabbing whatever is at that location. When assembled it generates 'Position Independent Code' the assembler calculates the offset from the current instruction location and encodes it directly. Like in the example above its not dynamically reading rip its just using a precomputed offset.
Take a look at these below they may help you:
call @f
@@:
pop rax
or
lea rax,[@f]
@@:
Your not meant to be able to touch rip because its not a generel purpose register its hidden away in cave somewhere in the cpu its a special register that isnt designed to be exposed to general purpose data manipulation.
