A test won't filter out invalid pointers. There's no way of doing that in ASM.
So, in that script you move [eax] inside eax, lets say that it's a 1, and you test it. That will already return as true, so you'll go next and try to access inside it, but it's not a pointer, so it will crash.
moving [eax] inside eax will test the register / pointer is not null/invalid so if null then will jump to invalid address otherwise it will continue to next function
If you already know the base, why not just make a pointer record with it? There's also no reason to do it the way you have with assembly since you can accomplish the same thing using lua with the ability to check if the pointer is valid at each stage as well.
Also, you completely ignored what Greenhouse said. Test will only satisfy the jump if equal when the argument is 0, if it is non-zero it will not work.
moving [eax] inside eax will test the register / pointer is not null/invalid so if null then will jump to invalid address otherwise it will continue to next function
A mov doesn't test the register. Trying to access something that doesn't exist, will always crash the game. If you do mov eax,[eax] and inside [eax] there's a 0x1, the next test won't say that it's invalid, because it's not a 0. So on the next mov, it'll try to access something inside 0x1, which is not a pointer, so there's nothing to check and it will crash.
actually I was doing the same instructions as I saw in another website to check if the pointer is valid, here the link:
[Link]
the main thing I want to do is reaching the value by making pointer from script because I couldn't make compare through these offsets below, if you have any other method can you please suggest.
[ENABLE]
aobscan(aobPointer, [aob])
alloc(newmem,$1000,aobPointer)
alloc(myPointer,8) // Use 4 if it's 32-bit
label(code)
label(return)
newmem:
mov [myPointer],eax // or whichever register the pointer is held in
code:
// original instructions
jmp return
aobPointer:
jmp newmem
nop 3
return:
registersymbol(aobPointer)
registersymbol(myPointer)
[DISABLE]
aobPointer:
db // original bytes (will be the same as the aob)
unregistersymbol(aobPointer)
unregistersymbol(myPointer)
dealloc(newmem)
dealloc(myPointer)
While test ?,? can kind of work to test pointers, all you really tend to do is test for zero. And with a lot of games this will work, but as it's been pointed out it's not actually testing the pointer. To test the pointer you need to use [Link].
push 4 // The size of the memory block, in bytes. If this parameter is zero, the return value is zero.
// So 32 bit process is 4 bytes, and 64 bit process is 8 bytes.
push ecx // A pointer to the first byte of the memory block.
call isbadreadptr
cmp eax,0 // EAX is the return
// If the calling process has read access to all bytes in the specified memory range, the return value is zero.
// If the calling process does not have read access to all bytes in the specified memory range, the return value is nonzero.
jne badpointer_lbl
