Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


strsrt in x64 mode

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Csimbi
I post too much
Reputation: 97

Joined: 14 Jul 2007
Posts: 3296
PostPosted: Fri Feb 14, 2025 12:07 pm    Post subject: strsrt in x64 mode Reply with quote
Hi all,
I used strstr before in AA scripts successfully with x86 mode games.
I am working on an x64 title and when I call strstr from my AA script, CE will assemble there a far call to ntoskrnl.strsrt - except the memory execution is supposed to be passed to is uninitialized; it's full of ?? marks.

Is this a bug because the assembled call points to the wrong address?
If not a bug, should CE drop an error in this case? (why does it put there something that's invalid?)

Any ideas how to do a case (in)sensitive substring search in x64 mode in an AA script (without LUA)?

Thank you!
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 150

Joined: 06 Jul 2014
Posts: 4641
PostPosted: Fri Feb 14, 2025 1:21 pm    Post subject: Reply with quote
When CE encounters a symbol in an AA script, it uses the first occurrence of that symbol it happens to find. If you want a specific one, define it in your script manually. (labels local to the script seem to be preferred during symbol lookup)
Code:
[ENABLE]
globalalloc(foo,4096)

// without this, CE would've automatically used ntdll.strstr on my setup
label(strstr)

msvcrt.strstr:
strstr:

foo:
{$ccode}
char* strstr( const char* str, const char* substr );
char *a = "123456";
char *b = "345";
char *result = strstr(a, b);
{$asm}
xor eax,eax
ret
[DISABLE]

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 97

Joined: 14 Jul 2007
Posts: 3296
PostPosted: Fri Feb 14, 2025 1:46 pm    Post subject: Reply with quote
Thanks for the tip!
I'll try your CCODE method next and get back.

I can't seem to get the value back in the asm code to action it ('result' is lost?) and I get a crash.

I assume I am doing it wrong, so I posted that question in DB's example thread here.

Thank you!

Edit
This works in AA, no crash.
Quote:
call ntdll.strstr
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 467

Joined: 09 May 2003
Posts: 25700
Location: The netherlands
PostPosted: Sat Feb 15, 2025 2:22 am    Post subject: Reply with quote
I replied in the other thread, just make sure you declare the function else there will be issues

as for it prefering ntoskrnl.strsrt is because you may have ticked kernelmode symbols in memview->view , and most usermode apps have no access to that memory. Do as ParkourPenguin mentions, and define it using a local symbol first

Code:

label(strstr)


msvcrt.strstr:
//or ntdll.strstr:
strstr:

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites