I want to loop through until I hits the location I specified. (Everything read will eventually all go to a text file, I'm goofing with a few ideas for an anti cheat of sorts, but this is currently blowing my mind.) Now, for instance, it's starting at 00900000 and going to 0100579C... well...
readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result
result:
mov eax, dword ptr [buffer]
invoke wsprintf, addr buffer, addr format, eax
invoke SetDlgItemText, hwnd, IDC_EDT1, addr buffer
this works no problem... but... Instead of 3, it spews out 300, 7 would turn into 700. 10F would turn into 10F00, etc. basically, it's correct... except it's uh... moved over.
Now if I for example start at 0100579C and just do this...
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
mov eax, dword ptr [buffer]
invoke wsprintf, addr buffer, addr format, eax
invoke SetDlgItemText, hwnd, IDC_EDT1, addr buffer
It ends up perfectly fine. I'm confused. I've looked at it in OllyDBG but I still can't figure out the difference that is causing it. In the the second one, EAX jumps to say... 3 for example when it hits the mov eax, dword ptr [buffer] line. Yet in the first one it would just go straight to 300.
Is there anything glaringly obvious that I'm missing?
Quote from: slovach on November 19, 2007, 11:10:05 PM
Is there anything glaringly obvious that I'm missing?
How about giving us the string in
addr format so it is at least possible to answer your question, without that it is impossible to determine the cause of the problem.
Donkey
Quote from: donkey on November 20, 2007, 03:14:01 AM
How about giving us the string in addr format so it is at least possible to answer your question, without that it is impossible to determine the cause of the problem.
Donkey
this is what you mean right?
format db "%x", 0
readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result
This looks like you are reading 4 bytes into buffer but only incrementing base by 1 and not incrementing buffer at all, so you're overwriting it.
result:
mov eax, dword ptr [buffer]
All this gets you is the bytes from base to base+3 i.e. the dword at 0100579Ch.
Unless some code is missing?
Quote from: sinsi on November 20, 2007, 04:27:17 AM
readloop:
invoke ReadProcessMemory, gameProcess, base, addr buffer, 4, NULL
add base, 00000001h
cmp base, 0100579Ch
jne readloop
je result
This looks like you are reading 4 bytes into buffer but only incrementing base by 1 and not incrementing buffer at all, so you're overwriting it.
result:
mov eax, dword ptr [buffer]
All this gets you is the bytes from base to base+3 i.e. the dword at 0100579Ch.
Unless some code is missing?
1. Overwriting what's in buffer each time should be fine for the time being.
2. Yeah, I want to read what's at 0100579Ch, which it does... except it returns weird in the first example. Like what should be 3, would be 300, 8 would turn out 800. What I'm trying to do is loop through the memory locations until I hit the one specified (0100579C), then it should display what's there at 0100579C. If I just read straight from 0100579C, like in the second example, it works fine. This is all there is to the code, once I actually figure out why it comes out strange, I can actually get to business.
When you do the compare, you are not actually reading 0100579C:
 add base,1
 cmp base,0100579ch
 jne readloop
That code will not jump if base=0100579ch, so that address will never be read, because you do the add before the read.
 add base,1
 cmp base,0100579ch
 jbe readloop
And if you're reading DWORDs, I would be using
 add base,4
So when you get to your condition, buffer contains the 4 bytes from 0100579bh and that's what is printed.
Wow, that turned out to be it. I'll have to be more careful in the future so I don't make such a small and silly mistake again. Thanks! :U