| View previous topic :: View next topic |
| Author |
Message |
Iamhere55
How do I cheat?
![]() Reputation: 0
Joined: 06 Sep 2016
Posts: 2
|
 Posted: Tue Sep 06, 2016 12:22 pm Post subject: Different byte generation |
 |
|
While I was looking to freeze a time for a game I found something weird.
Since I can't post urls yet I'll add the screenshots as an attachment.
See "Before activation.png"
When I tried to edit the line:
State of War.exe+26ED1 A3 94727000 mov ["State of War.exe"+307294],eax (eax contains the seconds of the time)
and saved it without making a change it would give me the message:
"The generated code is 6 byte(s) long, but the selected opcode is 5 byte(s) long! Do you want to replace the incomplete opcode(s) with NOP's?"
Why would it change the bytes of an unchanged code?
Anyway, I did a code injection and make the following script:
| Code: |
[ENABLE]
alloc(seconds,100)
label(returnhere)
label(exit)
seconds:
mov ["State of War.exe"+307294],3B //Set seconds to 59 so minutes never gets changed
jmp exit
exit:
jmp returnhere
"State of War.exe"+26ED1:
jmp seconds
returnhere:
[DISABLE]
dealloc(seconds)
"State of War.exe"+26ED1:
mov ["State of War.exe"+307294],eax
|
When enabled it would show this:
See "Enabled.png"
The problem occurs when I disable it again, the previous code gets replaced back but the byte length changes from 5 to 6:
See "Disabled.png"
The bytes changed from A3 94 72 70 00 to 89 05 94 72 70 00 for some reason, thus changing other code and crashing the game.
I fixed the problem by editing the last line of the script to:
db A3 94 72 70 00
But I'm still wondering what's causing this? Am I missing something?
| Description: |
|
| Filesize: |
13.1 KB |
| Viewed: |
3851 Time(s) |
|
| Description: |
|
| Filesize: |
12.13 KB |
| Viewed: |
3851 Time(s) |
|
| Description: |
|
| Filesize: |
11.29 KB |
| Viewed: |
3851 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Tue Sep 06, 2016 12:42 pm Post subject: |
|
|
they are both valid lines.
tbat's why the template adds the db line as secondary option
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
kuntz
Cheater
![]() Reputation: 0
Joined: 29 Aug 2016
Posts: 44
Location: Canada
|
| Posted: Tue Sep 06, 2016 4:19 pm Post subject: |
|
|
MOV [M32], EAX has multiple encodings and in this case CE's assembler is choosing the longer 6-byte encoding over the smaller 5-byte variant:
www-felixcloutier-com/x86/MOV-html
CE has no way of knowing what the original code is, so if you provide it a script with an ambiguous statement such as "mov [m32], EAX" there's no telling what it's going to do. Always use db's when replacing existing code since it is the only way to guarantee compatibility.
|
|
| Back to top |
|
|
Iamhere55
How do I cheat?
![]() Reputation: 0
Joined: 06 Sep 2016
Posts: 2
|
| Posted: Tue Sep 06, 2016 4:40 pm Post subject: |
|
|
| I understand it now, thank you for your answers.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
