Page 1 of 1

bug or noob? labels..

Posted: Fri Sep 11, 2020 8:05 pm
by _Gonzo_
i can't understand, why this work(CE 7.1):
code 1

Code: Select all

[ENABLE]


aobscanmodule(res,OwarOGL_SGUI.exe,8B 43 04 E8 5C 8D E2 FF) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(cratesAmount)
label(oilAmount)
label(syberitAmount)
newmem:
  push ecx
  mov ecx,[cratesAmount]
  mov [ebx+04],ecx //crates
  mov ecx,[oilAmount]
  mov [ebx+08],ecx //oil
  mov ecx,[syberitAmount]
  mov [ebx+0C],ecx //syberit
  pop ecx
code:
  mov eax,[ebx+04]
  call OwarOGL_SGUI.exe+18154
  jmp return

syberitAmount:
dd 12C
oilAmount:
dd 12C
cratesAmount:
dd 12C
res:
  jmp newmem
  nop 3
return:
registersymbol(res)
registersymbol(cratesAmount)
registersymbol(oilAmount)
registersymbol(syberitAmount)
[DISABLE]

res:
  db 8B 43 04 E8 5C 8D E2 FF

unregistersymbol(res)
unregistersymbol(cratesAmount)
unregistersymbol(oilAmount)
unregistersymbol(syberitAmount)
dealloc(newmem)
and this say to me "can't compile(line 13 (imul ecx,edi,[00000000]))":
code 2

Code: Select all

[ENABLE]

aobscanmodule(capExp,OwarOGL_SGUI.exe,29 8C 90 48 02 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(expMult)


newmem:

  imul ecx,edi,[expMult]

code:
  //sub [eax+edx*4+00000248],ecx
  jmp return

expMult:
dd 1

capExp:
  jmp newmem
  nop 2


return:
registersymbol(capExp)
registersymbol(expMult)
[DISABLE]

capExp:
  db 29 8C 90 48 02 00 00

unregistersymbol(capExp)
unregistersymbol(expMult)
dealloc(newmem)

Re: bug or noob? labels..

Posted: Fri Sep 11, 2020 8:17 pm
by Eric

Code: Select all

imul reg,reg,r/m32
does not exist

this one does exist:

Code: Select all

imul reg,reg/m32,imm32
and this one as well:

Code: Select all

imul reg,reg/m32
so what you can do is :

Code: Select all

push edi
imul edi,[expMulti]
mov ecx,edi
pop edi

Re: bug or noob? labels..

Posted: Fri Sep 11, 2020 8:19 pm
by _Gonzo_
hm.. thank you for fast reply.
but why imul ecx,edi,0A work?

Re: bug or noob? labels..

Posted: Fri Sep 11, 2020 8:39 pm
by Eric
as I said, imul ecx,edi,imm32 does exists (also an imm8 version which just takes less bytes)

in this case, 0a is a direct value and not an address . There is no version that takes an address as 3th parameter.

Re: bug or noob? labels..

Posted: Fri Sep 11, 2020 8:45 pm
by _Gonzo_
aaahh... now i understand.. sry for my stupidity))

please close this tread.