Solved How does jb opcode modify memory?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

snorble

Newbie
Full Member
Jan 30, 2016
9
52
0
Using Cheatengine I found the string I am looking for in memory, and when I change it, "find out what writes to this address" gives me this line:

jb w3mif190.dll+1C834

That DLL is related to a Pervasive database. Does that just mean some function in that DLL is what is writing to the memory address? So I need to go look at the DLL to see what is happening?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,099
78,998
2,373
Using Cheatengine I found the string I am looking for in memory, and when I change it, "find out what writes to this address" gives me this line:

jb w3mif190.dll+1C834

That DLL is related to a Pervasive database. Does that just mean some function in that DLL is what is writing to the memory address? So I need to go look at the DLL to see what is happening?
jb is "jump if below" so there must have been a previous test or cmp. If the carry flag is set it will jump to w3mif190.dll+1C834

The jb instruction doesn't write to any address so I don't know how you got that as a result from CE's "Find our what writes" :(
 

gyn

Newbie
Full Member
Apr 12, 2014
5
142
1
Still wouldn't make sense as he had placed a bp with 'on write' rules. I would guess that CEs disassembler is having hard time disassembling properly at the offset
 

_kappa

Newbie
Full Member
Jun 24, 2016
31
478
4
Rake;41286 said:
jb is "jump if below" so there must have been a previous test or cmp. If the carry flag is set it will jump to w3mif190.dll+1C834

The jb instruction doesn't write to any address so I don't know how you got that as a result from CE's "Find our what writes" :(
It is because if he follows the conditional jump he most likely get to a operation similar to:
C++:
jmp dword ptr [ecx*4+address]
The counter register (ecx) will be looping with an addition of a jump table (address) to get to its destination. This means that the function which changed his string used a switch statement. What he can do from here is to follow the jump table to see each pointer for each switch case.
 

XdarionX

Dying Light Hacker
Dank Tier VIP
Dank Tier Donator
Mar 30, 2018
846
23,408
113
jb is "jump if below" so there must have been a previous test or cmp. If the carry flag is set it will jump to w3mif190.dll+1C834

The jb instruction doesn't write to any address so I don't know how you got that as a result from CE's "Find our what writes" :(
yeah with CE i saw few weird things like "int3" writes to mem or "nop" writes to mem, sometimes the address of that instruction is not calculated well and the true instruction that accessed that address is few bytes up/down that trash (or maybe anticheat ?)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods