| View previous topic :: View next topic |
| Author |
Message |
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
 Posted: Wed Nov 21, 2007 9:54 pm Post subject: Bug? |
 |
|
I've been playing around with the DB (Define Byte) instruction in the Memory View.
So here I typed in
The instruction that came out was:
| Code: |
mov [eax+90909006],eax
|
And the array of bytes that came out was:
| Code: |
db 89 04 05 06 90 90 90
|
I understand where he went wrong with this:
It's hard to explain, but here:
89 = Mov opcode
04 means that there will be another byte following with parameters
05 means that since the previous byte was <= to 3F, there will be a 32 bit (4 byte) thing following
06 90 90 90 were the 4 bytes;
What should have been there was:
rather than the 90's which are nops.
|
|
| Back to top |
|
 |
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Nov 21, 2007 10:01 pm Post subject: |
|
|
| That isn't a bug, you told it to define those bytes, so it did. When the computer went to execute it, it just picked up 3 extra bytes that were after the function (the 3 nops). Unless of course you mean that those nops were not there before.
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Wed Nov 21, 2007 10:06 pm Post subject: |
|
|
Nope.
Edit:
Yes, they were, but this is quite weird.
I did it somewhere else and got this:
| Code: |
mov [eax+08e6e806],eax
|
Do you disagree that this should be fixed?
It wouldn't be hard to pad it with 0's.
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Nov 21, 2007 10:25 pm Post subject: |
|
|
There is absolutely nothing wrong with it. It is doing exactly what you tell it too. If you had:
| Code: | | 12 34 56 78 90 12 34 |
Then if you injected your code it would look like this:
| Code: | | 89 04 05 06 90 12 34 |
| Code: | | mov [eax+34129006],eax |
As you can see, you have to pad the bytes after it. Also, how would you know if they wanted it padded or not? It could very well be they want to preserve those next 3 bytes (for whatever reason). Asking them for every address would be really redundant.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Nov 22, 2007 1:45 am Post subject: |
|
|
go to settings->extra and disable replace inclomplete opcodes with nops.
the way you're asking you've probably already disabled the question else you'd have known it was replacing the current selected opcode with nops before writing a smaller instruction
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
