Register for your free account! | Forgot your password?

You last visited: Today at 03:34

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

COF

Discussion on COF within the Planetside forum part of the Shooter category.

Reply
 
Old   #1
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2005
Posts: 119
Received Thanks: 12
COF

Well, this is for people who know what they are talking about (boomer,burnz,joltting)

I just found some time, I am beginning to learn to read through ASM and decipher this. I am having some particular trouble with floating point operations. I just can't figure out how to introduce the values I want into them (directly editing the assembly in memory, no injection yet)

Case in point, this code is used to calculate COF/bullet trajectory: I am just having a hard time understanding it.

This is all around [planetside+008fb150]
PHP Code:
fld dword ptr [eax+0c]
fdiv dword ptr [ebp-08]
fmul dword ptr [00b7f440] : 447A0000
fsubr dword ptr [ebp-0c]
fstp dword ptr [ebp-08]
fld dword ptr [ebp-08]
fcomp dword ptr [ebp-04]
fnstsw ax
test ah,05
jp 008fb160
mov edx,[ebp-04]
mov [ebp-08],edx
fld dword ptr [ebp-08]
fcomp dword ptr [ebp-10]
fnstsw ax
test ah,41
jne 008fb173
mov eax,[ebp-10]
mov [ebp-08],eax
mov ecx,[ebp-08]
push ecx
mov ecx,edi
call 00908320
pop edi
pop esi
mov esp,ebp
pop ebp 
What I really want to focus on figuring out, is exactly what the instructions collectively do. If I nop the initial floating point manip operations (fdiv, fsubr, fmul), I can get the COF to stay at 0. This is actually a nice way of eliminating COF, if I am thinking about it correctly. (versus the way I saw in PSide, moving a COF value into position. had some issues with changing weapons, maxes, etc)

I am just needing some insight as to how this entire little section operates. I know it loads the current COF value from [eax+0c], and then does a few operations and stores it. How would I go about manipulating these operations to introduce my own COF values?
chiefioso is offline  
Thanks
1 User
Old 12/24/2009, 08:35   #2
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2005
Posts: 119
Received Thanks: 12
Quote:
Originally Posted by Itburnz View Post
You need to understand the math befind those instructions. There is an ASM reference linked somewhere in ePVPers that explains the instructions.

fld dword ptr [eax+0c] // loads a float value
fdiv dword ptr [ebp-08] // devides a float value
fmul dword ptr [00b7f440] : 447A0000 // multiplies a float value
fsubr dword ptr [ebp-0c] // subtracts a float value
fstp dword ptr [ebp-08] // stores a float value
fld dword ptr [ebp-08] // loads a float value
fcomp dword ptr [ebp-04] // compares a float value
...
test ah,05 // compares the AH register with value 0x5
jp 008fb160 // jumps to instruction if parity...

When you start reading the asm code it's pretty hard to understand because basically you dont know what those instructions really mean. Check out each instruction in the asm reference and try to understand whats going on. It will takes you alot of time to understand the code since you need to check up on each instruction but at some point you will simply know what each instruction means...

Also experimenting with other instructions helps understanding that function. E.g. replacing the jp with jmp or NOP, replacing fld with fldz etc...

Oh, and also get IDA Pro, it will allow you to read the functions and their structure a bit easier.
Will do on the IDA pro thing. I knew what most of the functions did. I am just having a hard time understanding the whole concept of the 'stack'; it isn't used in any other mainstream languages. Some of those instructions 'pop' the stack. I've read all of the pages on those instructions and basic ASM stuff (on GD, etc.).. the Stack and a few functions are confusing me. I don't see the difference between MOV and FST(P) (other than that the P would pop the stack after copying.) I know FLD loads to the stack. I know that those other floating point ops modify the stack, I just find it confusing as hell.


I looked at PSide and how Joltting pulls off his COF, he just MOV's the value he likes into place in place of another function. I looked through the code for a possible point that this could be inserted or replaced, I couldn't seem to find one.

ASM definitely is a lot less defined in my opinion.

One more thing, probably getting annoying here, are you guys using memory editors to find some of values in the .DATA section before editing the .code section? I have been using CheatEngine to find the particular ASM that accesses and writes to the addresses I want (How I found the COF manip functions, and the manipulation functions for each weapon's per-shot COF value), but I was wondering if you guys did it some other, better way?

I eventually believe I will take the course of writing injected DLLs in C, with generated DX menu overlays (I was a big CS:S fan of this kind of stuff) and detouring particular pieces of ASM into my dll. Seems easy enough, I don't seem to have much of a problem understanding C or any of the things outside of the ASM. It's just the reverse engineering that is giving me the hard time, and obviously its one of the more important times (Anticheat bypass, etc)

no clue where you guys got started
chiefioso is offline  
Reply

« BFR Imprint HACK | DLLS and Memory Modification. »



All times are GMT +2. The time now is 03:34.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.