News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

WSPRINTF insanity.

Started by slovach, November 19, 2007, 11:10:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

slovach

November 19, 2007, 11:10:05 PM
I want to loop through until I hits the location I specified. (Everything read will eventually all go to a text file, I'm goofing with a few ideas for an anti cheat of sorts, but this is currently blowing my mind.) Now, for instance, it's starting at 00900000 and going to  0100579C... well...

Code Select
readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result

result:
mov eax, dword ptr [buffer]
invoke wsprintf, addr buffer, addr format, eax
invoke SetDlgItemText, hwnd, IDC_EDT1, addr buffer

this works no problem... but... Instead of 3, it spews out 300, 7 would turn into 700. 10F would turn into 10F00, etc. basically, it's correct... except it's uh...  moved over.

Now if I for example start at  0100579C and just do this...

Code Select
        invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
mov eax, dword ptr [buffer]
invoke wsprintf, addr buffer, addr format, eax
invoke SetDlgItemText, hwnd, IDC_EDT1, addr buffer


It ends up perfectly fine. I'm confused. I've looked at it in OllyDBG but I still can't figure out the difference that is causing it. In the the second one, EAX jumps to say... 3 for example when it hits the
Code Select
mov eax, dword ptr [buffer] line. Yet in the first one it would just go straight to 300.

Is there anything glaringly obvious that I'm missing?

donkey

#1
November 20, 2007, 03:14:01 AM
Quote from: slovach on November 19, 2007, 11:10:05 PM
Is there anything glaringly obvious that I'm missing?

How about giving us the string in addr format so it is at least possible to answer your question, without that it is impossible to determine the cause of the problem.

Donkey
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

slovach

#2
November 20, 2007, 03:55:30 AM
Quote from: donkey on November 20, 2007, 03:14:01 AM
How about giving us the string in addr format so it is at least possible to answer your question, without that it is impossible to determine the cause of the problem.

Donkey

this is what you mean right?

Code Select
format db "%x", 0

sinsi

#3
November 20, 2007, 04:27:17 AM
Code Select

readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result

This looks like you are reading 4 bytes into buffer but only incrementing base by 1 and not incrementing buffer at all, so you're overwriting it.

Code Select

result:
mov eax, dword ptr [buffer]

All this gets you is the bytes from base to base+3 i.e. the dword at 0100579Ch.

Unless some code is missing?
Light travels faster than sound, that's why some people seem bright until you hear them.

slovach

#4
November 20, 2007, 04:44:07 AM
Quote from: sinsi on November 20, 2007, 04:27:17 AM
Code Select

readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result

This looks like you are reading 4 bytes into buffer but only incrementing base by 1 and not incrementing buffer at all, so you're overwriting it.

Code Select

result:
mov eax, dword ptr [buffer]

All this gets you is the bytes from base to base+3 i.e. the dword at 0100579Ch.

Unless some code is missing?


1. Overwriting what's in buffer each time should be fine for the time being.

2. Yeah, I want to read what's at 0100579Ch, which it does... except it returns weird in the first example. Like what should be 3, would be 300, 8 would turn out 800. What I'm trying to do is loop through the memory locations until I hit the one specified (0100579C), then it should display what's there at 0100579C. If I just read straight from 0100579C, like in the second example, it works fine. This is all there is to the code, once I actually figure out why it comes out strange, I can actually get to business.

sinsi

#5
November 20, 2007, 04:57:54 AM
When you do the compare, you are not actually reading 0100579C:
Code Select

  add base,1
  cmp base,0100579ch
  jne readloop

That code will not jump if base=0100579ch, so that address will never be read, because you do the add before the read.
Code Select

  add base,1
  cmp base,0100579ch
  jbe readloop


And if you're reading DWORDs, I would be using
Code Select

  add base,4


So when you get to your condition, buffer contains the 4 bytes from 0100579bh and that's what is printed.
Light travels faster than sound, that's why some people seem bright until you hear them.

slovach

#6
November 20, 2007, 07:50:21 PM
Wow, that turned out to be it. I'll have to be more careful in the future so I don't make such a small and silly mistake again. Thanks!  :U
Print
Go Up Pages1
User actions