I have a problem with a string

[SilverRabbit90]

Can anyone help me with a problem? I tried to do a cheat for infinite life, comparing a string with a specific name gives me error saying it can't be compiled.

Like this code:


label(code)
label(return)

newmem:

cmp [esi+A88],'zL$health'
je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return



I tried to remove $ and it no longer gives compile error, but the cheat wan't work, how can I make a code keeping the string 'zl$health' ?



In this code the string work, example:


aobscanmodule(INJECT,Blightbound.exe,F3 0F 11 96 94 00 00 00 0F 57 C9 8B CE C7 46 7C 00 00 00 00 E8 94) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(w)
newmem:

cmp [esi+10],'gold'
jne code

addss xmm2,[w]
movss [esi+00000094],xmm2
jmp return
w:
dq (float)10000

code:
movss [esi+00000094],xmm2
jmp return

INJECT:
jmp newmem
nop 3

return:
registersymbol(INJECT)


This code add money on pick up, the string 'gold' is accepted and does not give a compilation error, how can I do the same thing for the other code?

[PeaceBeUponYou]

First of you need to know that a cmp instruction only supports imm8,imm16 and imm32 , numbers in source operand, and each CHAR in a string is 1 byte that is why in here: cmp [esi+10],'gold' it works as gold = 67 6F 6C 64 and compiles but in here cmp [esi+A88],'zL$health' the zL$health = 7A 6C 24 68 65 61 6C 74 68 it is even bigger than imm64 (8bytes), that is why it is not compiling. But for strings none of these ways are right, sometime it does work but the proper way would be using string specific instructions to compare like so:

Code: Select all

alloc(strCmp,$20)
label(strToCmprWith)
strCmp: //ebp+10 = source1, ebp+C = source2 , ebp+8= #source1
push ebp
mov ebp,esp

push esi
push edi
push ecx
xor eax,eax

mov esi,[ebp+10]
mov edi,[ebp+C]
mov ecx,[ebp+8]
loophere:
 cmpsb
 jne popregs
 loop loophere
 mov eax,01 //if match successful
 
popregs:
pop ecx
pop edi
pop esi

mov esp,ebp
pop ebp
ret C


newmem:
push eax
lea eax,[strToCmprWith] //source1
push eax
lea eax,[esi+A88] //source2
push eax
mov eax,9 //== no of chars in strToCmprWith
push eax //
call strCmp
test eax,eax 
pop eax
je failed
//cmp [esi+A88],'zL$health'
//je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return
strToCmprWith:
  db 'zL$health',0

[SilverRabbit90]

First of you need to know that a cmp instruction only supports imm8,imm16 and imm32 , numbers in source operand, and each CHAR in a string is 1 byte that is why in here: cmp [esi+10],'gold' it works as gold = 67 6F 6C 64 and compiles but in here cmp [esi+A88],'zL$health' the zL$health = 7A 6C 24 68 65 61 6C 74 68 it is even bigger than imm64 (8bytes), that is why it is not compiling. But for strings none of these ways are right, sometime it does work but the proper way would be using string specific instructions to compare like so:

Code: Select all

alloc(strCmp,$20)
label(strToCmprWith)
strCmp: //ebp+10 = source1, ebp+C = source2 , ebp+8= #source1
push ebp
mov ebp,esp

push esi
push edi
push ecx
xor eax,eax

mov esi,[ebp+10]
mov edi,[ebp+C]
mov ecx,[ebp+8]
loophere:
 cmpsb
 jne popregs
 loop loophere
 mov eax,01 //if match successful
 
popregs:
pop ecx
pop edi
pop esi

mov esp,ebp
pop ebp
ret C


newmem:
push eax
lea eax,[strToCmprWith] //source1
push eax
lea eax,[esi+A88] //source2
push eax
mov eax,9 //== no of chars in strToCmprWith
push eax //
call strCmp
test eax,eax 
pop eax
je failed
//cmp [esi+A88],'zL$health'
//je code

nop
nop
nop
nop
nop

jmp return


code:
movss [esi+48],xmm0
jmp return
strToCmprWith:
  db 'zL$health',0

Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD

[notpikachu]

Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD

You could always do it like this if that's to complex.

Code: Select all

label(code)
label(return)

newmem:
cmp dword ptr [esi+A88],'zL$h'
jne code
cmp word ptr [esi+A8C],'ea'
jne code
cmp word ptr [esi+A8E],'lt'
jne code
cmp byte ptr [esi+A90],'h'
jne code
db 90 90 90 90 90
jmp return

code:
movss [esi+48],xmm0
jmp return

but I highly recommend you check out the cmps[b, w, d, q] like the post above .
edit1:I checked back the original code and look back at mine and it seems that's a wrong way to put je if you trying to nop the damage on your own character, unless that string is actually own by the enemies? please ignore this if that's exactly what you trying to do. but if it's otherwise, please use jne.

[SilverRabbit90]

Thank you very much, I could never have imagined such a complex code, it will take me a while to understand it completely XD

You could always do it like this if that's to complex.

Code: Select all

label(code)
label(return)

newmem:
cmp dword ptr [esi+A88],'zL$h'
je code
cmp word ptr [esi+A8C],'ea'
je code
cmp word ptr [esi+A8E],'lt'
je code
cmp byte ptr [esi+A90],'h'
je code
db 90 90 90 90 90
jmp return

code:
movss [esi+48],xmm0
jmp return

but I highly recommend you check out the cmps[b, w, d, q] like the post above .

Oh this is much simpler, I can understand it too XD

[GreenHouse]

This is what I recommend. As it's easier to add multiple strings and not make it a mess.
It's a little bit more advanced in terms of ASM, but it should work.

Code: Select all

label(code)
label(return)
label(string)
alloc(stringCheck,4)
registersymbol(stringCheck)

string:
db 'zL$health' 00

newmem:
pushad
lea eax,[esi+A88]
mov [stringCheck],eax
push string
push [stringCheck]
call strstr
add esp,08
test eax,eax
popad
je code //If it's not equal, jump to code
**Do whatever here**

code:
movss [esi+48],xmm0
jmp return

[PeaceBeUponYou]

I could never have imagined such a complex code, it will take me a while to understand it completely XD

Well this is the right way to compare a string in ASM, you can also use scasb and derivatives if you want to scan for a pattern in a string.

Besides this method does not only allows you to compare the whole string but you can also limit the number of chars to compare at line: mov eax,9 //== no of chars in strToCmprWith, if you want to compare limited part only. But if you want to compare the whole string and do not want to manually put CHAR count each time, you can use this script to get string length and use its return value at that line:

Code: Select all

strlengthA: //ebp+8=*stringToLength
 enter 4,0
 push edi
 mov edi, [ebp+8]
 xor eax,eax
 mov [ebp-4],eax //tempVar
loophere:
 inc dword ptr [ebp-4]
 scasb
 jne loophere
 dec dword ptr [ebp-4]
 mov eax, [ebp-4]
 pop edi
 leave
 ret 4
 
newmem:
 push eax
 lea eax,[ptrToStringVariable] //*stringToLength
 push eax
 call strlengthA
 //length is return in eax, you can store it in some variable is you want or use it directly
 pop eax