View previous topic :: View next topic |
Author |
Message |
hhhuut Grandmaster Cheater Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Thu Feb 11, 2016 3:04 am Post subject: |
|
|
Not really a bug but I already noticed that behaviour in earlier CE versions:
There are three types of jumps. The short-, near- and far-jumps, right? But CE only seems to know two of them.
So if I have an AA-Script where I put the following instruction, it's just fine (of course only when the target label is within the 1Byte jump range)
But if I now want to tell CE to perform a near jump with
it says that the instruction can't be compiled. Instead I have to write
to get an assembleable jump instruction.
I mean of course I can also just write
and let CE decide what kind of jump to use, but I noticed that behaviour once and wanted to let you know.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Feb 11, 2016 3:20 am Post subject: |
|
|
how would you encode a near jmp ?
as far as I'm aware the 16-bit jump will zero out the upper bits of the EIP register
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
hhhuut Grandmaster Cheater Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Thu Feb 11, 2016 3:46 am Post subject: |
|
|
Dark Byte wrote: | as far as I'm aware the 16-bit jump will zero out the upper bits of the EIP register |
Hm, I haven't thought of that ...
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 92
Joined: 14 Jul 2007 Posts: 3102
|
Posted: Fri Feb 12, 2016 10:05 am Post subject: |
|
|
Dark Byte wrote: | probably 6.5.1 yes, would be fitting with the 5.6.1 which was a long time favourite |
Any chance for a new build for the weekend?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Feb 12, 2016 10:43 am Post subject: |
|
|
I have found other bug related to Win10. DB already know about this.
_________________
|
|
Back to top |
|
|
sh00ter999 Advanced Cheater Reputation: 1
Joined: 17 May 2008 Posts: 89
|
|
Back to top |
|
|
mgostIH Expert Cheater Reputation: 3
Joined: 01 Jan 2016 Posts: 159
|
Posted: Sat Feb 13, 2016 3:05 pm Post subject: |
|
|
I found a little bug for the assembly scanner.
I hardcoded an asm function in a C++ program I needed and tried to search for it on the assembly scanner. Code: | mov eax,fs:[00000030] |
Searching for "mov eax,fs:[30]" wouldn't bring any result, but searching for "mov eax,fs:[00000030]" would list the addresses as fine.
_________________
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Feb 13, 2016 4:01 pm Post subject: |
|
|
Try mov eax,fs:[*30]
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 54
Joined: 01 Oct 2008 Posts: 941
|
Posted: Sat Feb 13, 2016 4:02 pm Post subject: |
|
|
mgostIH wrote: | I found a little bug for the assembly scanner.
I hardcoded an asm function in a C++ program I needed and tried to search for it on the assembly scanner. Code: | mov eax,fs:[00000030] |
Searching for "mov eax,fs:[30]" wouldn't bring any result, but searching for "mov eax,fs:[00000030]" would list the addresses as fine. |
I guess it is suppose to use file/directory command prompt like wildcard:
Code: | d [rax+*03ebf
(1 space after d)
can match
add [rax+0003EBFB],dh
but not
add [rax+0003EBFB],dh
(2 space after add)) |
spaces in between should be 1, but not more.
(oops,WRONG)Leading and trailing space count as wildcard.(WRONG)
_________________
- Retarded. |
|
Back to top |
|
|
mgostIH Expert Cheater Reputation: 3
Joined: 01 Jan 2016 Posts: 159
|
Posted: Sat Feb 13, 2016 4:37 pm Post subject: |
|
|
Dark Byte wrote: | Try mov eax,fs:[*30] |
Yep, works fine.
_________________
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Tue Feb 16, 2016 5:25 am Post subject: |
|
|
Groupscan + out of order + must be type-aligned.
Example, I have this structure in memory (address of that structure is 4 bytes aligned):
dword: 0xdeadbeef
dword: 0 (can be anything)
qword: 0xc0dec0debeefcece
It's size is 16 bytes.
This groupscan command doesn't find it:
BS:16 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece
The same with BS:20 and BS:24
But this groupscan command has higher chances to find it (not always):
BS:32 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece
Even higher chances has this one:
BS:128 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece
Still, not always...
For now, I have to use BS:256 to be 99.99% sure CE doesn't miss something.
_________________
|
|
Back to top |
|
|
hhhuut Grandmaster Cheater Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Tue Feb 16, 2016 5:33 am Post subject: |
|
|
Does it find something like
4:0xdeadbeef w:1 8:0xc0dec0debeefcece
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Feb 16, 2016 5:35 am Post subject: |
|
|
try OOO:U
might be an alignment check issue
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Tue Feb 16, 2016 6:02 am Post subject: |
|
|
@hhhuut, wildcards aren't allowed for OOO.
@DB, it is alignment check issue.
Steps to reproduce:
1) Execute this in tutorial process.
Code: | [ENABLE]
alloc(newmem,4096)
newmem+D18:
dd deadbeef
dd 0
dq c0dec0debeefcece
[DISABLE]
dealloc(newmem) |
2) Try those:
BS:16 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
BS:20 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - -//-
BS:24 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - -//-
BS:28 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - -//-
BS:32 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - -//-
BS:36 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:40 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
BS:44 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:48 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
BS:52 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:56 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
BS:60 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
BS:64 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:128 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:256 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:260 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:264 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:268 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:272 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:276 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece WORKS
BS:280 OOO:A 4:0xdeadbeef 8:0xc0dec0debeefcece - doesn't work
_________________
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 92
Joined: 14 Jul 2007 Posts: 3102
|
Posted: Tue Feb 16, 2016 8:37 am Post subject: |
|
|
Hmmm. I've been trying to find grouped values that should have been there.
Now I know why I never found anything.
Thanks for the find and the fix!
|
|
Back to top |
|
|
|