View previous topic :: View next topic |
Author |
Message |
fred26 Expert Cheater Reputation: 0
Joined: 20 Dec 2014 Posts: 103
|
Posted: Sun Dec 03, 2017 4:53 am Post subject: CE Assembly Decomposer not showing correct Code in x64 |
|
|
I have been using cheat ending 6.6.
I am trying to recompile the output of the assembly shown by CE and I came across some discrepancies when the binary code is decompose:
I2d1.dll+D9063 - 48 C7 43 18 00000000 - mov [rbx+18],00000000 { 0 }
I2d1+D906B - 48 8D 05 F67D8A00 - lea rax,[I2d1.dll+980E68] { [7FF86739F470] }
I2d1.dll+D9072 - 48 89 03 - mov [rbx],rax
I2d1.dll+D9075 - C7 43 08 FFFFFFFF - mov [rbx+08],FFFFFFFF { -1 }
The correct code (verified in IDA and other debuggers as well) is:
I2d1.dll+D9063 - 48 C7 43 18 00000000 - mov qword ptr [rbx+18],00000000 { 0 }
I2d1+D906B - 48 8D 05 F67D8A00 - lea rax,[I2d1.dll+980E68] { [7FF86739F470] }
I2d1.dll+D9072 - 48 89 03 - mov [rbx],rax
I2d1.dll+D9075 - C7 43 08 FFFFFFFF - mov dword ptr [rbx+08],FFFFFFFF { -1 }
There is nowhere distinction between dword and qword instructions, the first and the last line of code respectively.
How can I figure out which instruction will read a dword or a qword ? The REX prefix is present in the qword instruction, but there are other instructions that are not really straightforward or the REX prefix is present not in the first Byte of the instruction opcode.
Dark Byte or any one can you help?
Thanks
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sun Dec 03, 2017 6:07 am Post subject: |
|
|
mov [rbx+18],00000000 is a bug, it should say qword
mov [rbx+08],FFFFFFFF is ok, the default addressing mode is dword unless specified otherwise (or indicated by the registers)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
fred26 Expert Cheater Reputation: 0
Joined: 20 Dec 2014 Posts: 103
|
Posted: Mon Dec 04, 2017 5:50 am Post subject: |
|
|
Thanks. Are you planning to fix it ?
Also mov [rbx+08],FFFFFFFF does not compile for example with MASM. You need to specify QWORD or DWORD PTR
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Dec 04, 2017 6:11 am Post subject: |
|
|
it is fixed already
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
fred26 Expert Cheater Reputation: 0
Joined: 20 Dec 2014 Posts: 103
|
Posted: Mon Dec 04, 2017 6:45 am Post subject: |
|
|
Which version is fixed ?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Dec 04, 2017 6:57 am Post subject: |
|
|
if you compile the github source you'll find it's fixed
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
fred26 Expert Cheater Reputation: 0
Joined: 20 Dec 2014 Posts: 103
|
Posted: Sun Dec 17, 2017 8:27 am Post subject: |
|
|
Thanks Dark Byte
|
|
Back to top |
|
|
|