View previous topic :: View next topic |
Author |
Message |
dudeswagbrah Newbie cheater Reputation: 0
Joined: 03 Jul 2016 Posts: 22
|
Posted: Thu Sep 21, 2017 7:18 am Post subject: New to writing asm need help |
|
|
Trying to learn asm so i can make my own scripts for games and the one game i'm playing i'm trying to write a script for infinite items. I already found the opcodes two in fact that show an address when i use an item. Problem is i have no real idea how to write the code cause it's confusing.
https://imgur.com/a/mqsoz
These are the two opcodes that have an address show up when i use an item. Just no clue how to write a script for them. If anyone could help me out would appreciate it. |
|
Back to top |
|
|
KalasDev Master Cheater Reputation: 1
Joined: 29 May 2016 Posts: 311
|
Posted: Thu Sep 21, 2017 12:12 pm Post subject: |
|
|
You just want the answer, learning ASM like this is not the way..
Go watch a YouTube video from this channel: Stephan Chapman + Cheat The Game. |
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
Posted: Thu Sep 21, 2017 5:51 pm Post subject: |
|
|
**claps** Now you're teaching/preaching Hilarious |
|
Back to top |
|
|
KalasDev Master Cheater Reputation: 1
Joined: 29 May 2016 Posts: 311
|
Posted: Fri Sep 22, 2017 12:52 am Post subject: |
|
|
Learned from the best.. |
|
Back to top |
|
|
dudeswagbrah Newbie cheater Reputation: 0
Joined: 03 Jul 2016 Posts: 22
|
Posted: Fri Sep 22, 2017 7:05 pm Post subject: |
|
|
kinda just wanted someone to write it for me cause chances are i wouldn't be able to learn it. and watching tons of videos probably wouldn't help me that much ¯\_(ツ)_/¯.
well at least not help me for what i'm looking for which is how to use lea and movzx in a script. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Sep 22, 2017 9:50 pm Post subject: |
|
|
Quote: | kinda just wanted someone to write it for me | lol, at least some can admit it
Quote: | chances are i wouldn't be able to learn it. and watching tons of videos probably wouldn't help me that much ¯\_(ツ)_/¯ | Hey that's where most of us learned, that and practice.
Quote: | how to use lea and movzx | lea is basically mov except that it moves the calculated _address_ into the register instead of the value. If you know C then it's kind of like lea = &(...) vs mov = *(...). movzx is move and zero extend, so if you have a 4 byte value and move it into rax with mov only the lower 4 bytes (EAX) will change but with movzx it'll zero the top half. The best way to learn is to just make a little script that uses them in different ways and step through while watching what happens to the registers (note: https://imgur.com/a/Uzjth).
As for the image, without knowing exactly how you got there it's hard to say anything for sure. Only the movzx actually reads from memory but it's not changing the value at all so... possibly you could simply mov r8d,FF or mov byte ptr [rbx+1EEA], FF to do what you want or perhaps there's a sub/dec/add/inc after the lea that you could simply nop to achieve your goal. |
|
Back to top |
|
|
dudeswagbrah Newbie cheater Reputation: 0
Joined: 03 Jul 2016 Posts: 22
|
Posted: Sat Sep 23, 2017 1:34 am Post subject: |
|
|
FreeER wrote: | Quote: | kinda just wanted someone to write it for me | lol, at least some can admit it
Quote: | chances are i wouldn't be able to learn it. and watching tons of videos probably wouldn't help me that much ¯\_(ツ)_/¯ | Hey that's where most of us learned, that and practice.
Quote: | how to use lea and movzx | lea is basically mov except that it moves the calculated _address_ into the register instead of the value. If you know C then it's kind of like lea = &(...) vs mov = *(...). movzx is move and zero extend, so if you have a 4 byte value and move it into rax with mov only the lower 4 bytes (EAX) will change but with movzx it'll zero the top half. The best way to learn is to just make a little script that uses them in different ways and step through while watching what happens to the registers (note: https://imgur.com/a/Uzjth).
As for the image, without knowing exactly how you got there it's hard to say anything for sure. Only the movzx actually reads from memory but it's not changing the value at all so... possibly you could simply mov r8d,FF or mov byte ptr [rbx+1EEA], FF to do what you want or perhaps there's a sub/dec/add/inc after the lea that you could simply nop to achieve your goal. | It's just an opcode that shows up when i use an item. there's nothing really interesting above the movzx opcode and it didn't relate at all to what i needed. Only the two in the picture give an addresses when i use an item.
But the script would have to take that movzx opcode and try to force the game to not consume the item as if it were set to a 1. |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Sep 23, 2017 1:40 am Post subject: |
|
|
dudeswagbrah wrote: | kinda just wanted someone to write it for me | -CE can build the script out for you, just use the Auto Assemble template. |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sat Sep 23, 2017 5:10 am Post subject: |
|
|
FreeER wrote: | Quote: | kinda just wanted someone to write it for me | lol, at least some can admit it
Quote: | chances are i wouldn't be able to learn it. and watching tons of videos probably wouldn't help me that much ¯\_(ツ)_/¯ | Hey that's where most of us learned, that and practice.
Quote: | how to use lea and movzx | lea is basically mov except that it moves the calculated _address_ into the register instead of the value. If you know C then it's kind of like lea = &(...) vs mov = *(...). movzx is move and zero extend, so if you have a 4 byte value and move it into rax with mov only the lower 4 bytes (EAX) will change but with movzx it'll zero the top half. The best way to learn is to just make a little script that uses them in different ways and step through while watching what happens to the registers (note: https://imgur.com/a/Uzjth).
As for the image, without knowing exactly how you got there it's hard to say anything for sure. Only the movzx actually reads from memory but it's not changing the value at all so... possibly you could simply mov r8d,FF or mov byte ptr [rbx+1EEA], FF to do what you want or perhaps there's a sub/dec/add/inc after the lea that you could simply nop to achieve your goal. |
in simple way:
movsx eax, byte ptr [edx+66]
lets say [edx+66] hold the value 99
so eax now will be FFFFFF63 {sx} sign extend will make it negative, it will place {F} so remember that.
movzx eax, byte ptr [edx+66]
so now eax will be 00000063 {zx} zero extend (positive) so it will put the new value into eax and make all the other hex digits '0' while {sx} will make them 'F'
so they work against each other ( opposite way )
lea means load effective address, assuming current address in ebx register is DDDDAAAA and its holding value 1 for example.
so loading ebx into another register basically making that register hold the same address and value.
lea rsi,[ebx]
just like saying okay mr ESI now ur address is the same as ebx, it should be simple. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sat Sep 23, 2017 5:59 am Post subject: |
|
|
OldCheatEngineUser wrote: | movsx eax, byte ptr [edx+66]
lets say [edx+66] hold the value 99
so eax now will be FFFFFF63 {sx} sign extend will make it negative, it will place {F} so remember that. | um, no. Since 99 is positive for a 1 byte value the sign bit is 0 and movsx repeats the sign bit of the original value. image: https://imgur.com/cXfqmTm
Now if you did the same thing with 0xC7 = 199 = -57 as a 1 byte value, you'll get FFFFFFC7 because C7 is negative so has the sign bit set so movsx fills the register with 1s/Fs, image: https://imgur.com/lYBw5fh
movzx will ignore the sign bit and 0 extend the register, essentially treating it as a positive/unsigned value (no image, try it yourself lol)
as for for lea (Load Effective Address) if you use lea eax,[400290], 400290 will be stored in eax, image (module addresses turned off): https://imgur.com/dOxKyuj
with lea eax, [ebx] you can see that ebx is copied to eax: https://imgur.com/8TXFov5
But the typical/intended use of lea is for arrays where you have a base address like ebx and an index to add like 5 (EDX) after multiplying by some constant value size like 4 bytes. So the 6th 4 byte element (index 5) in an array would be at [ebx+5*4] eg. https://imgur.com/WPW11gg 1723B48 + 5*4 = 0x1723B48 + 0x14 = 0x1723B58 + 4 = 0x1723B5C
image album for potential reference: https://imgur.com/a/BmNq8
dudeswagbrah wrote: | Only the two in the picture give an addresses when i use an item. But the script would have to take that movzx opcode and try to force the game to not consume the item as if it were set to a 1. | but neither of the two opcodes shown actually change your value. The movzx may read it (and the lea may get the address into a register) but they don't change it in any way, for anyone to tell you what instructions to use to make a script to change how the game manipulates that value (other than simply telling you to move your desired value into the register after it's read or move the value you want into memory before it's read as I did before with FF as the example) you would need to provide the instructions that are actually changing the value and writing it back to memory, eg. sub/dec add/inc (potentially lea eg "lea r8d, [r8d-1]") etc., probably followed by a "mov [...], ..." that writes the changed value back to memory (though there are variations of the previous instructions that change the memory directly) |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sat Sep 23, 2017 8:36 am Post subject: |
|
|
FreeER wrote: | um, no. Since 99 is positive for a 1 byte value the sign bit is 0 and movsx repeats the sign bit of the original value. image: https://imgur.com/cXfqmTm
Now if you did the same thing with 0xC7 = 199 = -57 as a 1 byte value, you'll get FFFFFFC7 because C7 is negative so has the sign bit set so movsx fills the register with 1s/Fs, image: https://imgur.com/lYBw5fh |
ehm, idk whats the reason for not being filled with F exactly. (in ur case)
FreeER wrote: | movzx will ignore the sign bit and 0 extend the register, essentially treating it as a positive/unsigned value (no image, try it yourself lol) |
no need for imgs, i already worked with sx and zx many times tho.
and i dont like them honestly, atm working with conditional moves.
lot of stuff in my head from reading intels developer manual, i think my next step is about converting xmm values or i might study the ordered/unordered, packed/unpacked and aligned/unaligned. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sat Sep 23, 2017 8:42 am Post subject: |
|
|
OldCheatEngineUser wrote: | FreeER wrote: | um, no. Since 99 is positive for a 1 byte value the sign bit is 0 and movsx repeats the sign bit of the original value. image: https://imgur.com/cXfqmTm
Now if you did the same thing with 0xC7 = 199 = -57 as a 1 byte value, you'll get FFFFFFC7 because C7 is negative so has the sign bit set so movsx fills the register with 1s/Fs, image: https://imgur.com/lYBw5fh |
ehm, idk whats the reason for not being filled with F exactly. (in ur case) | I literally told you why in the quote that you quoted.
FreeER wrote: | Since 99 is positive for a 1 byte value the sign bit is 0 and movsx repeats the sign bit of the original value |
OldCheatEngineUser wrote: | no need for imgs, i already worked with sx and zx many times tho. | others haven't but clearly you either just woke up, haven't been to bed (or are similarly impaired), or need to work with them more. |
|
Back to top |
|
|
|