ForumsResourcesTutorials & FAQsAVM2 Jumps To Heaven (Page 1)
AVM2 Jumps To Heaven
-migrated-
AVM2 Jumps To Heaven Posted on: 11/19/2010 5:59pm
Quote Post
Im sick of people misunderstanding jumps, so I am making this tutorial. AVM0 works the same way as AVM2, but the format MAY be different, so im not making any promises.


First off, lets get technical.

if statements (conditionals) have the folowing form
BranchCondition Offset
Offset is an s24 that is the number of bytes to jump
The type s24 represents a three-byte signed integer value.
Multi-byte primitive data are stored in little-endian order (less significant bytes precede more significant bytes). Negative integers are represented using two
Re: AVM2 Jumps To Heaven Posted on: 11/20/2010 2:16pm
Quote Post
AS3 Offsets - Jumps and conditionals
Note: If you know any programming languages, this is going to be super easy for you.

First of all, a short list: (opcodes on left, what they mean on right)
  • 10    Jump
  • 11    iftrue
  • 12    iffalse

  • 13    ifeq (if equal)
  • 14    ifne (if not equals)
  • 15    iflt (if lesser than)
  • 16    ifle (if lesser equals)
  • 17    ifgt (if greater than)
  • 18    ifge (if greater equals)

  • 0c    ifnlt (if not lesser than)
  • 0d    ifnle (if not lesser equals)
  • 0e    ifngt (if not greater than)
  • 0f    ifnge (if not greater equals)

Now, what do all of these mean? Here's a few examples (you can skip this part if you understand):
[spoiler=Examples:18fb8msf]
Code: [Select]
if (notDead) {
    //This code will execute if the condition in brackets is met.
    //In this case, if the variable notDead is set to true.
}

if (!notDead) {
    //Will execute if the variable notDead is set to false.
}

if (time == 0) {
    //Will execute if the variable time is equal to 0.
}

if (health <= 0) {
    //Will execute if health is lesser or equals to 0.
}

if (bombCount != 5) {
   //Will execute if bombCount does not equal 5.
}


Now, let's get this box rolling on the boat. For the first example, we'll hack the game Demons Took My Daughter.

What we're looking for is making the enemies instantly die after they spawn. I'll give you 5 minutes to look for it. We'll be back after a short commercial break.

Ok, we're back. Did you find it on your own? Great!/Too bad. The line you should have found is:
Code: [Select]
                   if (_loc_2.hp <= 0)It's in the dtmd_complete_fla folder, MainTimeline file, line 3186. The raw data to go along with it is:
Code: [Select]
//66 8b 10
_as3_getproperty hp
//24 00
_as3_pushbyte 0
//0d 10 01 00
_as3_ifnle offset: 272

Now, notice anything familiar? Let's look at how the last raw data is made out of:
0d 10 01 00

The first part is the opcode 0d. Quickly looking at the list at the top, you notice that ifnle means "if not lesser equals".
The second part is the number of bytes to skip in reverse (meaning, turn the 10 01 00 to 00 01 10; that's the hex number: 110; but never mind that. For those interested, it's called Little Endian.) This is called the offset.

By now, you're probably thinking: This is stupid. The opcode is the exact reverse of what we're checking. The condition is that if health is lesser or equal, but the opcode says if NOT lesser or equal!
Well my friends, it does make sense. What this little line of code means is that if the condition is not met, you skip all over the code that was meant to execute if the condition was indeed met.

Now you're asking: Well then, how do we make the code ALWAYS execute? Easy peasy. If the offset is the number of bytes we skip, let's make it skip 0 bytes.

0d 10 01 00
0d 00 00 00

Let's take the code above above, and turn it into an AoB:
66 8b 10 24 00 0d 10 01 00 =>
66 8b 10 24 00 0d 00 00 00