revise D3DDevice_KickOff oovpa for 5455, fit 5849 #143
Conversation
revise D3DDevice_KickOff oovpa for 5455 original oovpa won't fit on 5849 the newly revised oovpa is much simpler and fit for 5455~5849 verified with Otogi:5455, 5849 xdk beginpush sample.
github-actions
bot
added
D3D8
revise to OV_MATCH(), remove additional line
revise again, separate lines per opcode, add comment
|
@PatrickvL's quote:
That's not how we do it here. See https://github.com/Cxbx-Reloaded/XbSymbolDatabase/wiki/Maintaining-OOVPAs-for-Symbol-detection#too-long-didnt-read as example reference and active OV_MATCH in the general codebase. There are times we have a comment note on same line as OV_MATCH for any difference recongization over time is what reserved for. |
|
Base on this signature revision, I fail to see how it can increase strength when it's using common known op code. |
OOVPA_XREF(D3DDevice_KickOff, 5455, 1 + 12,
XREF_D3D_CDevice_KickOff,
XRefOne)
{
// mov eax, XREF_D3DDEVICE
XREF_ENTRY(0x1A, XREF_D3DDEVICE), // Derived
// push esi
// mov esi, ecx
OV_MATCH(0x00, 0x56, 0x8B, 0xF1),
// mov eax, [esi + 8]
// test al, 0x04
OV_MATCH(0x03, 0x8B, 0x46, 0x08, 0xA8, 0x04),
// test ah, 0x20
OV_MATCH(0x14, 0xF6, 0xC4, 0x20),
// mov eax, XREF_D3DDEVICE
OV_MATCH(0x19, 0xA1),
} OOVPA_END;Above signature is suggestive way to safeguard false positives and use proper format in our current codebase's method. |
|
@RadWolfie I read your OOVPA, it's very clear and also suit 5849. |
|
Actually, that was my fault. It should be offset 0x1A for XREF_D3DDEVICE address. I didn't use the hexadecimal increment process in my mind. I made a correction in my post. |
revised per @RadWolfie input also correct the offset of XREF_ENTRY(0x1A, XREF_D3DDEVICE), from 0x20 to 0x1A after verification.
|
Haa, I made the same mistake when I checked the code with the disassembly. |
revise D3DDevice_KickOff oovpa for 5455
original oovpa won't fit on 5849
the newly revised oovpa is much simpler and fit for 5455~5849
verified with Otogi:5455, 5849 xdk beginpush sample.