 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
 Posted: Tue Apr 19, 2016 12:07 pm Post subject: registerAssembler bug? |
 |
|
These also applied to ce 6.4.
It seems there is a bug in the address parameter received by the registered custom assembler lua function.
| Code: | | registerAssembler(function(address, instruction):bytetable) |
The following generated by the attached ct, which have a simple 'assembler' function registered, just to print the received address and instruction parameters.
It run with different target, the 32-bit mono target allow allocating memory in 2G+ range.
| Code: | == 32-bit normal target == == 64-bit target == == 32-bit mono target ==
0:( ) <mov eax,1111> 0:( ) <mov eax,1111> 0:( ) <mov eax,1111>
-- snip --
0:( ) <jmp 00000000> 0:( ) <jmp ffffffffffffffff> 0:( ) <jmp 00000000>
7EF61100:(+) <mov eax,1111> FFFFFFFF90001100:(-) <mov eax,1111> FFFFFFFF90001100:(-) <mov eax,1111>
7EF61105:(+) <call 029E0000> FFFFFFFF90001105:(-) <call 06420000> FFFFFFFF90001105:(-) <call 04F10000>
7EF6110A:(+) <jmp 7EF60000> FFFFFFFF90001115:(-) <jmp 90000000> FFFFFFFF9000110A:(-) <jmp 90000000>
29E2200:(+) <mov eax,2222> 6422200:(+) <mov eax,2222> 4F12200:(+) <mov eax,2222>
29E2205:(+) <call 7EF60000> 6422205:(+) <call 90000000> 4F12205:(+) <call 90000000>
29E220A:(+) <jmp 029E0000> 6422215:(+) <jmp 06420000> 4F1220A:(+) <jmp 04F10000>
0:( ) <mov eax,3333> 0:( ) <mov eax,3333> 0:( ) <mov eax,3333>
0:( ) <jmp 00000000> 0:( ) <jmp ffffffffffffffff> 0:( ) <jmp 00000000>
0:( ) <mov edi,edi> 0:( ) <jmp 777D1578> 0:( ) <mov edi,edi>
7EF53300:(+) <mov eax,3333> FFFFFFFFFFFF3300:(-) <mov eax,3333> FFFFFFFFFFEC3300:(-) <mov eax,3333>
7EF53305:(+) <jmp 7EF50000> FFFFFFFFFFFF3305:(-) <jmp 7EFFFF0000> FFFFFFFFFFEC3305:(-) <jmp FFEC0000>
774410FF:(+) <mov edi,edi> 777D1570:(+) <jmp 777D1578> 774410FF:(+) <mov edi,edi> |
The address with 0 is likely in syntaxcheck stage, some of these lines are snipped.
It can be seen that some address is of form 'ffffff...' which is 'negative', these make the registered assembler function not usable, or at least not reliable, for address higher that 2G+ range,ie. in some case, if the actual address in 64bit is 7f00001234, for example, it will truncated to be 1234 when sending to the lua assembler function.
This is in another 64bit target that show the truncation:
| Code: | 0:( ) <mov eax,3333>
0:( ) <jmp ffffffffffffffff>
3300:(+) <mov eax,3333>
3305:(+) <jmp 7F00000000>
|
I checked the ce source, it seem the registered lua assembler function is connected to 'ExtraAssemblers' (@cheat-engine/Cheat Engine/Assemblerunit.pas, line 3377).
Would it be that the address is truncated to 32-bit in ExtraAssemblers, and sign-extended to 64bit in lua side?
Thank you~
ADDED:
Would it be possible that allowing the registered lua assembler function returning a table of zero bytes?
Currently it either return nil or a non-zero-length bytes table, for example, this force mgr.inz.Player's PADDING16 function http://forum.cheatengine.org/viewtopic.php?t=574426 must emit 16bytes nops in case of the address is already 16bytes aligned.
| Description: |
|
Download |
| Filename: |
test_regAssm.CT |
| Filesize: |
1.74 KB |
| Downloaded: |
838 Time(s) |
_________________
- Retarded. |
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
)
