Difference between revisions of "Talk:014C"
Jump to navigation
Jump to search
(Created page with "Is there more information on the bug? The causes, possible fixes? ~~~~") |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
Is there more information on the bug? The causes, possible fixes? [[User:Seemann|Seemann]] ([[User talk:Seemann|talk]]) 10:45, 13 June 2016 (UTC) | Is there more information on the bug? The causes, possible fixes? [[User:Seemann|Seemann]] ([[User talk:Seemann|talk]]) 10:45, 13 June 2016 (UTC) | ||
+ | |||
+ | :The bug is at around 0x5A7617 where it is making a bad comparison. | ||
+ | :<syntaxhighlight lang="nasm"> | ||
+ | ; the switch/counter is at cargen+0x28, size two bytes | ||
+ | ; using a value of 101 or above stores 0xffff, using a value between 0 and 100 stores the number as-is | ||
+ | .text:005A7617 movzx eax, word ptr [ebx+28h] ; grabs a two-byte value, do an unsigned extension | ||
+ | ; this means 0xffff would change to 0x0000ffff | ||
+ | .text:005A761B cmp eax, 0FFFFFFFFh ; compare against 0xffffffff | ||
+ | .text:005A761E jge short loc_5A7624 ; jump if greater than or equal, signed comparison | ||
+ | ; but ALL resulting values are greater than -1 | ||
+ | .text:005A7620 dec word ptr [ebx+28h] ; decrement cargen+0x28 by 1, which is never reached | ||
+ | .text:005A7624 loc_5A7624: | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | :So here's my fix that worked for me. | ||
+ | :<syntaxhighlight lang="nasm"> | ||
+ | .text:005A7617 movsx eax, word ptr [ebx+28h] ; do a signed extension so that 0xffff would change to 0xffffffff | ||
+ | .text:005A761B cmp eax, 0FFFFFFFFh ; | ||
+ | .text:005A761E jz short loc_5A7624 ; jump if equal, signed comparison | ||
+ | .text:005A7620 dec word ptr [ebx+28h] ; | ||
+ | .text:005A7624 loc_5A7624: | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | :Here's the code for CLEO. | ||
+ | :<syntaxhighlight lang="text"> | ||
+ | 05DF: write_memory 0x5A7618 size 1 value 0xBF virtual_protect 1 | ||
+ | 05DF: write_memory 0x5A761E size 1 value 0x74 virtual_protect 1 | ||
+ | </syntaxhighlight>--[[User:Spaceeinstein|Spaceeinstein]] ([[User talk:Spaceeinstein|talk]]) 16:04, 13 June 2016 (UTC) |
Latest revision as of 16:06, 13 June 2016
Is there more information on the bug? The causes, possible fixes? Seemann (talk) 10:45, 13 June 2016 (UTC)
- The bug is at around 0x5A7617 where it is making a bad comparison.
; the switch/counter is at cargen+0x28, size two bytes ; using a value of 101 or above stores 0xffff, using a value between 0 and 100 stores the number as-is .text:005A7617 movzx eax, word ptr [ebx+28h] ; grabs a two-byte value, do an unsigned extension ; this means 0xffff would change to 0x0000ffff .text:005A761B cmp eax, 0FFFFFFFFh ; compare against 0xffffffff .text:005A761E jge short loc_5A7624 ; jump if greater than or equal, signed comparison ; but ALL resulting values are greater than -1 .text:005A7620 dec word ptr [ebx+28h] ; decrement cargen+0x28 by 1, which is never reached .text:005A7624 loc_5A7624:
- So here's my fix that worked for me.
.text:005A7617 movsx eax, word ptr [ebx+28h] ; do a signed extension so that 0xffff would change to 0xffffffff .text:005A761B cmp eax, 0FFFFFFFFh ; .text:005A761E jz short loc_5A7624 ; jump if equal, signed comparison .text:005A7620 dec word ptr [ebx+28h] ; .text:005A7624 loc_5A7624:
- Here's the code for CLEO.
- --Spaceeinstein (talk) 16:04, 13 June 2016 (UTC)
05DF: write_memory 0x5A7618 size 1 value 0xBF virtual_protect 1 05DF: write_memory 0x5A761E size 1 value 0x74 virtual_protect 1