Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Could you kindly help me understand a few lines of this code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
crutchlow
How do I cheat?
Reputation: 0

Joined: 04 May 2022
Posts: 5

PostPosted: Wed Jun 22, 2022 10:56 am    Post subject: Could you kindly help me understand a few lines of this code Reply with quote

Trying to convert this into a mathematical formula and have most of it, but there are some points here I really do not understand and was wondering if you guys could help explain what is going on Smile

First part which uses the floats to seems to be:

SQRT((24.7^2) + (-3.27^2)) = 24.92

However, MOV EAX,10 / MUL DWORD PTR DS:[0A0CF25] / MOV EBX,OFFSET 00A0CF50 is confusing to me. What is happening here?

Then secondly:

((273+120.12)^4) - ((273+20)^4) = 16513591406

And then we see these lines:

00989285 |. 8D4C18 04 LEA ECX,[EBX+EAX+4] ;
00989289 |. D901 FLD DWORD PTR DS:[ECX] ;
0098928B |. D8C9 FMUL ST,ST(1) ;

I tried to do a breakpoint at Load ECX but the value comes out at 0.00. It seems unnecessary to do all that calculation and then multiply by zero. Also, I can see an effect if I delete any of the FMUL or SQRT functions above, so something is going on, but I don't understand what...Would appreciate any guidance

Code:
0098921C      D905 54617700 FLD DWORD PTR DS:[776154]                ; FLOAT 34.15
00989222  |.  D815 D9CEA000 FCOM DWORD PTR DS:[0A0CED9]              ; FLOAT 120.123456
00989228  |.  9B            WAIT
00989229  |.  DFE0          FSTSW AX
0098922B  |.  9E            SAHF
0098922C  |.  77 0C         JA SHORT 0098923A                        ; Taken if ST>[0A0CED9] in preceding FCOM at 00989222
0098922E  |.  D905 D9CEA000 FLD DWORD PTR DS:[0A0CED9]               ; FLOAT 20.00000
00989234  |.  D91D D5CEA000 FSTP DWORD PTR DS:[0A0CED5]              ; FLOAT 120.123456
0098923A  |>  B8 10000000   MOV EAX,10                      
0098923F  |.  F725 25CFA000 MUL DWORD PTR DS:[0A0CF25]            ; Shows in CE as the value (6) but it is not a float
00989245  |.  BB 50CFA000   MOV EBX,OFFSET 00A0CF50           ; Shows in CE as the value 0.05 (float)
0098924A  |.  D905 84AC7800 FLD DWORD PTR DS:[78AC84]                ; FLOAT 24.71
00989250  |.  D9C0          FLD ST                  ;
00989252  |.  D8C9          FMUL ST,ST(1)              ;
00989254  |.  D905 8CAC7800 FLD DWORD PTR DS:[78AC8C]                ; FLOAT -3.27
0098925A  |.  D9C0          FLD ST                      ;
0098925C  |.  D8C9          FMUL ST,ST(1)              
0098925E  |.  D8C2          FADD ST,ST(2)                            ;
00989260  |.  D9FA          FSQRT                                    ;
00989262  |.  D91D 31CFA000 FSTP DWORD PTR DS:[0A0CF31]              ; FLOAT 24.92
00989268  |.  9B            WAIT
00989269  |.  DBE3          FINIT
0098926B  |.  D905 D5CEA000 FLD DWORD PTR DS:[0A0CED5]               ; FLOAT 120.123456
00989271  |.  D805 E1CEA000 FADD DWORD PTR DS:[0A0CEE1]              ; FLOAT 273.0000
00989277  |.  D9C0          FLD ST                      ; Result = 393.123456.
00989279  |.  D8C9          FMUL ST,ST(1)                            ;
0098927B  |.  D8C9          FMUL ST,ST(1)                            ;
0098927D  |.  D8C9          FMUL ST,ST(1)                            ;
0098927F  |.  D825 FDCEA000 FSUB DWORD PTR DS:[0A0CEFD]              ; FLOAT 7.370000e+09

00989285  |.  8D4C18 04     LEA ECX,[EBX+EAX+4]                   ;
00989289  |.  D901          FLD DWORD PTR DS:[ECX]                   ;
0098928B  |.  D8C9          FMUL ST,ST(1)                            ;
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jun 22, 2022 12:12 pm    Post subject: Reply with quote

Code:
mov eax,10
mul dword ptr [0A0CF25]   // edx:eax <- eax * [0A0CF25]
mov ebx,00A0CF50
...
lea ecx,[ebx+eax+4]
fld dword ptr [ecx]
...
Looks like the result of the mul instruction is used later on. The use of the mul instruction itself is weird, as multiplying by 0x10 could simply be a left shift of 4. Maybe it's using the overflow bits in edx later on- I don't know. Could also just be a missed optimization.

The lea and fld instructions are an array access. ebx is the address of the array, eax is the index into the array, and +4 is the offset into the structures contained in the array. I'd assume this instruction accesses several addresses. While this might load 0 for some addresses, it may not be 0 for all.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
crutchlow
How do I cheat?
Reputation: 0

Joined: 04 May 2022
Posts: 5

PostPosted: Wed Jun 22, 2022 10:32 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Code:
mov eax,10
mul dword ptr [0A0CF25]   // edx:eax <- eax * [0A0CF25]
mov ebx,00A0CF50
...
lea ecx,[eax+ebx+4]
fld dword ptr [ecx]
...
Looks like the result of the mul instruction is used later on. The use of the mul instruction itself is weird, as multiplying by 0x10 could simply be a left shift of 4. Maybe it's using the overflow bits in edx later on- I don't know. Could also just be a missed optimization.

The lea and fld instructions are an array access. ebx is the address of the array, eax is the index into the array, and +4 is the offset into the structures contained in the array. I'd assume this instruction accesses several addresses. While this might load 0 for some addresses, it may not be 0 for all.


Thanks for answering. The code was not written by a professional so maybe some parts will be unoptimized or imperfect.

So generally, the mov eax,10 part is not involved in the floating point calculation itself, it's more related to memory management?

About the second part, when I right click on lea ecx,[eax+ebx+4] and select "Show the memory this is accessing", it gives me an address of A0CFB4. When I load this memory area in memory view it shows:

Code:
A0CFB4 - 00 00 00 00    38 1B 30 73    00 00 00 00    CD CC 4C 3D


So when we say EBX+4, is it actually maybe referencing 38 1B 30 73, rather than the 00 00 00 00? And if it was lea ecx,[eax+ebx+8], it would be referencing CD CC 4C 3D?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jun 22, 2022 10:59 pm    Post subject: Reply with quote

I don't know how the debugger you're using works, but I'd assume if it says the instruction is accessing A0CFB4, then that means it's accessing A0CFB4. This is how CE works (right click instruction in disassembler -> "Find out what addresses this instruction accesses"). It would be very strange if it did anything different.

Step through the code and look what happens to the x87 data register stack.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites