| View previous topic :: View next topic |
| Author |
Message |
byteburner
Cheater
![]() Reputation: 0
Joined: 09 Feb 2023
Posts: 31
|
 Posted: Mon Feb 13, 2023 5:13 pm Post subject: |
 |
|
Hey,
please check it in disassembler window and post some lines above and under it
|
|
| Back to top |
|
 |
byteburner
Cheater
![]() Reputation: 0
Joined: 09 Feb 2023
Posts: 31
|
| Posted: Mon Feb 13, 2023 5:32 pm Post subject: |
|
|
I see now,
movsd will moves 4 bytes at the address in ESI to the address in EDI.
So this is the one accessing your address. Rep there to repeat it by the value in ECX.
|
|
| Back to top |
|
|
byteburner
Cheater
![]() Reputation: 0
Joined: 09 Feb 2023
Posts: 31
|
| Posted: Mon Feb 13, 2023 5:40 pm Post subject: |
|
|
| You are welcome. I'm new to these things as well. It's lovely to see all these people ready to help. But how did you post an image here when I tried it didn't allow me.
|
|
| Back to top |
|
|
byteburner
Cheater
![]() Reputation: 0
Joined: 09 Feb 2023
Posts: 31
|
| Posted: Mon Feb 13, 2023 6:02 pm Post subject: |
|
|
| Oh I see. Thanks. Though it was only for files containing texts since [img][/img] already exist.
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Tue Feb 14, 2023 5:40 am Post subject: |
|
|
| byteburner wrote: | I see now,
movsd will moves 4 bytes at the address in ESI to the address in EDI.
So this is the one accessing your address. Rep there to repeat it by the value in ECX. |
movsd = move scalar-double. Double values are 8-bytes in size.
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Thu Feb 16, 2023 11:53 am Post subject: |
|
|
| Pingy Boy wrote: | | Actually when MOVSD dosen't have operand it's not move scalar double to xmm or something it's move string double word so it's 4 byte because if i remember right, byte = byte, 2 byte = word, 4 byte = double word and 8 byte = quad word, i maybe wrong tho |
Perhaps you're right. My apologies. I found some more info by ParkourPenguin:
| ParkourPenguin wrote: | I don't know why CE is translating that as "repe movsd", I think "rep movsd" is a better mnemonic (and ODA translates it as that), but I'll explain both.
"movsd" as a standalone instruction moves the doubleword at the address in ESI to the address in EDI. After it does this, it increments both ESI and EDI by the size of the data you moved (4 in the case of a dword).
More info on movsd
"rep" and "repe" are very similar. They aren't instructions, but act like prefixes to a certain instruction. They repeat this instruction using ECX as a counter. ECX is decremented by 1 after each iteration, and if ECX is ever 0, it stops and goes on to the next instruction.
More info on rep/repe
The main difference is that "repe" will also exit if the zero flag isn't set. Since neither "movsd" nor "rep/repe" modify any flags, I don't think "repe" is a correct interpretation of those specific opcodes. If it was trying to check if the ZF is set initially, I think JNZ/JNE would've been preferred prior to all the setup for the "rep movsd" instruction.
(from this point on, "strength" refers to the address your strength value is stored at, not the value itself)
Anyways, in order to get what address is being read from and put into strength (or vise versa for instructions reading from strength), you have to look at ESI if the instruction is writing to strength or EDI if the instruction is reading form strength. You can tell whether that instruction is writing to / reading from strength by setting a breakpoint and looking at ECX, ESI, and EDI, which you'd need to do anyway for finding ESI/EDI.
TLDR: In all honesty, though, I wouldn't recommend trying to increase the max this way. It's not worth the effort IMO. |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
