2017-12-11 12:04 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000027Cheat Enginepublic2008-01-29 17:23
ReporterCsimbi 
Assigned ToDark Byte 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Summary0000027: CE causes crash by restoring wrong code
DescriptionCE 5.4.0.5
Thief Gold (1.37)
Trying to patch health on falling
Original code:
0052A781 - 8b f1 - mov esi,ecx
0052A783 - 83 c8 ff - or eax,ff
0052A786 - 89 46 24 - mov [esi+24],eax
0052A789 - 89 46 28 - mov [esi+28],eax
0052A78C - 8b 46 38 - mov eax,[esi+38]
0052A78F - 85 c0 - test eax,eax
0052A791 - 74 09 - je 0052a79c

I wrote this script (using auto-assemble) to experiment:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

0052A783:
jmp newmem
nop
returnhere:

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax, 16

originalcode:
or eax,ff
mov [esi+24],eax

exit:
jmp returnhere

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
0052A783:
or eax,ff
mov [esi+24],eax

dealloc(newmem)

After enabling the script and disabling it in the cheat table, the original code is not restored - there is some garbage instead and causes crash:
0052A781 - 8b f1 - mov esi,ecx
0052A783 - 0d ff 00 00 00 - or eax,000000ff
0052A788 - 89 46 24 - mov [esi+24],eax
0052A78B - 28 8b 46 38 85 c0 - sub [ebx-3f7ac7ba],cl
0052A791 - 74 09 - je 0052a79c
As You can see, the original "or eax,ff" mysteriously became "or eax,000000ff".

This I assume is a bug - if not, let me know how can I solve it.
Thanks.
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0000046

Dark Byte (developer)

It's not really a bug
There are mutliple ways to write an instruction and CE doesn't always pick the same instruction as the game used.
In this case it picks the 'smaller' version (83 c8 is 2 bytes, 0d is 1)

If you want to override it you have to use db and fill in the exact bytes.
e.g in your script the disable code should look like:
0052a783:
db 83 c8 ff //or eax,ff
mov [esi+24],eax
+Notes

-Issue History
Date Modified Username Field Change
2008-01-23 17:42 Csimbi New Issue
2008-01-23 23:38 Dark Byte Note Added: 0000046
2008-01-23 23:38 Dark Byte Status new => feedback
2008-01-29 17:23 Dark Byte Status feedback => resolved
2008-01-29 17:23 Dark Byte Resolution open => fixed
2008-01-29 17:23 Dark Byte Assigned To => Dark Byte
+Issue History