Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


LDS - instruction of coordinates

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
AntonVit
Advanced Cheater
Reputation: 0

Joined: 25 Jan 2014
Posts: 73

PostPosted: Thu Jan 11, 2018 11:53 am    Post subject: LDS - instruction of coordinates Reply with quote

Hello there,

Can you help me, what mean this instruction, and how to use it for change coordinates

Code:

push ebp
mov ebp,esp
mov eax,[ecx+0C]
mov ecx,[ebp+08]
lds edi,eax
sub [ecx],al -- This read coordinates
lds edi,eax
sub [eax+000001D0],eax
pop ebp
ret 0004
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Thu Jan 11, 2018 11:55 am    Post subject: Reply with quote

So, how's your assembly?
That instruction you marked does not read anything. It writes.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Jan 11, 2018 12:40 pm    Post subject: Reply with quote

Code:
lds ; load far pointer from data segment

side note:
i would not trust the asm code, why?
there is no reason for the compiler to duplicate lds two times, so its probably bad compiler.

and as the user above said, this instruction does not read from memory location.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
AntonVit
Advanced Cheater
Reputation: 0

Joined: 25 Jan 2014
Posts: 73

PostPosted: Fri Jan 12, 2018 1:09 am    Post subject: Reply with quote

I used fresh CE 6.7, and i use "find out what accesses this address" on Z coordinates of car. (Up/Down). Another coordinates use the same instruction.

Game has 2 exe files in game folder: grid_2 and grid_2_avx. (cracked Reloaded game version). On my first PC with i5 processor game use only grid_2_avx exe and it has this instruction (this is for write coordinates)
Code:

29 40 20 -       sub [eax+20],eax
C5 F8 -          lds edi,eax
28 47 30 -       sub [edi+30],al
50 -             push eax
8B CE -          mov ecx,esi
C5 F8 -          lds edi,eax
29 40 30 -       sub [eax+30],eax -- THIS IS WRITE TO COORDINATES
E8 F702FDFF -    call grid2_avx.AK::Monitor::GetTimeStamp+7352B0
8B 45 FC -       mov eax,[ebp-04]
C5 F8 -          lds edi,eax
28 86 00120000 - sub [esi+00001200],al
40 -             inc eax
C5 F8 -          lds edi,eax
29 86 E00F0000 - sub [esi+00000FE0],eax[quote]


But on my old second PC where AMD processor game use only grid_2 exe and it has this write instruction for coordinate

Code:

0F29 40 20            - movaps [eax+20],xmm0
0F28 47 30            - movaps xmm0,[edi+30]
50                    - push eax
8B CE                 - mov ecx,esi
0F29 40 30            - movaps [eax+30],xmm0 - THIS IS WRITE TO COORDINATES
E8 1E0BFDFF           - call grid2.AK::Monitor::GetTimeStamp+2005C0
8B 45 FC              - mov eax,[ebp-04]
0F28 86 00120000      - movaps xmm0,[esi+00001200]
40                    - inc eax
0F29 86 E00F0000      - movaps [esi+00000FE0],xmm0
0F28 86 10120000      - movaps xmm0,[esi+00001210]
0F29 86 F00F0000      - movaps [esi+00000FF0],xmm0


Is it CE show me wrong code, or its just game has specific code in AVX version?
I tryed also CE 6.4 and code in AVX the same like in CE 6.7
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Jan 12, 2018 1:35 am    Post subject: Reply with quote

for sure every executable is different, im not sure if they meant avx for advanced vector extensions .. but yeah i cant see any avx instructions here.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
AntonVit
Advanced Cheater
Reputation: 0

Joined: 25 Jan 2014
Posts: 73

PostPosted: Fri Jan 12, 2018 2:58 am    Post subject: Reply with quote

How can i use/run grid_2.exe file on processor with AVX (i5), if when i run it file, game automaticly load grid_2_avx.exe file? I watched in CE memory viewer. and there is always grid_2_avx.exe module.

On old PC grid_2_avx.exe file just nor running, onlygrid_2.exe file, but it not need it on old PC.

**Updating************************************************************
I found in net way to disable AVX using
Code:
bcdedit /set xsavedisable 1


So now i can run grid_2.exe file on i5 processor.

I made scan in CE (with disables AVX on i5 PC), for this instuction
by arrayofbytes
Code:
sub [eax+30],eax

and i found this instruction, but i scroll up some in memory viever and it show me after some scrolls normal code
Code:

movaps [eax+30],xmm0


Then i enable back AVX and run grid_2_avx exe, and made again scan for this instruction
Code:
sub [eax+30],eax

but scrolling now not helped me to see normal instruction.

I calculate how much i scroll before it (with disabled AVX) and it was 15 (diferents between finded array adress and normal instruction), so i sub from adress of it instuction 15, and went to it new adress, but there was not normal instrucion view.

So CE maybe not correct shows instructions with AVX mode on.
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Fri Jan 12, 2018 5:11 am    Post subject: Reply with quote

This seems more like it:
Quote:

0F29 40 30 - movaps [eax+30],xmm0 - THIS IS WRITE TO COORDINATES
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Jan 12, 2018 10:48 am    Post subject: Reply with quote

It's a bug in CE's disassembly. lds takes an m16:32 as the source operand - not an r32.

C5 is the first byte of the two-byte form of a VEX prefix (that also happens to be the opcode of lds). The real instruction that's writing to your address is probably vmovaps [eax+30],xmm0.

As far as I'm aware, CE doesn't support VEX yet. Use registerBinUtil (look in celua.txt), or if you just want to view the disassembly, you can use ODA.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Jan 12, 2018 11:17 am    Post subject: Reply with quote

C5 F8 29 86 30000000
i agree with Parkour, first i thought its a bad compiler.
but it seems to be CE's bug, cuz it dont support avx isa.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
AntonVit
Advanced Cheater
Reputation: 0

Joined: 25 Jan 2014
Posts: 73

PostPosted: Fri Jan 12, 2018 12:25 pm    Post subject: Reply with quote

Thanks a lot, now understand.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites