bug or noob? labels..

Post your topics and discussions here that you can't find a good section for.
Post Reply
_Gonzo_
Noobzor
Noobzor
Posts: 11
Joined: Thu Nov 14, 2019 4:23 pm
Reputation: 8

bug or noob? labels..

Post by _Gonzo_ »

i can't understand, why this work(CE 7.1):
code 1

Code: Select all

[ENABLE]


aobscanmodule(res,OwarOGL_SGUI.exe,8B 43 04 E8 5C 8D E2 FF) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(cratesAmount)
label(oilAmount)
label(syberitAmount)
newmem:
  push ecx
  mov ecx,[cratesAmount]
  mov [ebx+04],ecx //crates
  mov ecx,[oilAmount]
  mov [ebx+08],ecx //oil
  mov ecx,[syberitAmount]
  mov [ebx+0C],ecx //syberit
  pop ecx
code:
  mov eax,[ebx+04]
  call OwarOGL_SGUI.exe+18154
  jmp return

syberitAmount:
dd 12C
oilAmount:
dd 12C
cratesAmount:
dd 12C
res:
  jmp newmem
  nop 3
return:
registersymbol(res)
registersymbol(cratesAmount)
registersymbol(oilAmount)
registersymbol(syberitAmount)
[DISABLE]

res:
  db 8B 43 04 E8 5C 8D E2 FF

unregistersymbol(res)
unregistersymbol(cratesAmount)
unregistersymbol(oilAmount)
unregistersymbol(syberitAmount)
dealloc(newmem)
and this say to me "can't compile(line 13 (imul ecx,edi,[00000000]))":
code 2

Code: Select all

[ENABLE]

aobscanmodule(capExp,OwarOGL_SGUI.exe,29 8C 90 48 02 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(expMult)


newmem:

  imul ecx,edi,[expMult]

code:
  //sub [eax+edx*4+00000248],ecx
  jmp return

expMult:
dd 1

capExp:
  jmp newmem
  nop 2


return:
registersymbol(capExp)
registersymbol(expMult)
[DISABLE]

capExp:
  db 29 8C 90 48 02 00 00

unregistersymbol(capExp)
unregistersymbol(expMult)
dealloc(newmem)
Top
Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: bug or noob? labels..

Post by Eric »

Code: Select all

imul reg,reg,r/m32
does not exist

this one does exist:

Code: Select all

imul reg,reg/m32,imm32
and this one as well:

Code: Select all

imul reg,reg/m32
so what you can do is :

Code: Select all

push edi
imul edi,[expMulti]
mov ecx,edi
pop edi
Top
_Gonzo_
Noobzor
Noobzor
Posts: 11
Joined: Thu Nov 14, 2019 4:23 pm
Reputation: 8

Re: bug or noob? labels..

Post by _Gonzo_ »

hm.. thank you for fast reply.
but why imul ecx,edi,0A work?
Top
Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: bug or noob? labels..

Post by Eric »

as I said, imul ecx,edi,imm32 does exists (also an imm8 version which just takes less bytes)

in this case, 0a is a direct value and not an address . There is no version that takes an address as 3th parameter.
Top
_Gonzo_
Noobzor
Noobzor
Posts: 11
Joined: Thu Nov 14, 2019 4:23 pm
Reputation: 8

Re: bug or noob? labels..

Post by _Gonzo_ »

aaahh... now i understand.. sry for my stupidity))

please close this tread.
Top
Post Reply

Return to “General Discussions”

Who is online

Users browsing this forum: No registered users