View previous topic :: View next topic |
Author |
Message |
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Wed Mar 04, 2015 5:22 pm Post subject: Auto Assembly Script Crashes Game? |
|
|
So I found the right AOB and when I nop it using the memory viewer I works fine, I know the correct number of bytes to nop but for some reason this script crashes the game whenever I activate it when fire my weapon. Any one have any ideas? I know theres a working script and table out there, but I'd like to work on my own and learn but this has me stumpt...
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"WolfNewOrder_x64.exe"+9978BA)
label(returnhere)
label(originalcode)
label(exit)
aobscan(aobscan2, 01 51 20 48 8B D9)
newmem:
db 90 90 90 90 90 90
originalcode:
// add [rcx+20],edx
// mov rbx,rcx
exit:
jmp returnhere
"WolfNewOrder_x64.exe"+9978BA:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"WolfNewOrder_x64.exe"+9978BA:
add [rcx+20],edx
mov rbx,rcx
//Alt: db 01 51 20 48 8B D9 |
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Wed Mar 04, 2015 9:01 pm Post subject: |
|
|
When it was working, did you NOP both instructions or just the first?
The game may need you to move RCX into RBX for some later code.
Considering RCX is a pointer, that's probably the problem. Uncomment mov rbx,rcx.
Also, are you certain the JMP to your injection point isn't using up 6 bytes already?
That extra NOP after jmp newmem may be causing the problem (probably not).
You really should let Cheat Engine insert all of that boiler plate code.
You could possibly get by with just the following:
Code: | [ENABLE]
aobscan(myhack, 01 51 20 48 8B D9)
myhack:
db 90 90 90
registersymbol(myhack)
[DISABLE]
myhack:
db 01 51 20
unregistersymbol(myhack) |
|
|
Back to top |
|
|
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Thu Mar 05, 2015 3:29 pm Post subject: |
|
|
Zanzer wrote: | When it was working, did you NOP both instructions or just the first?
The game may need you to move RCX into RBX for some later code.
Considering RCX is a pointer, that's probably the problem. Uncomment mov rbx,rcx.
Also, are you certain the JMP to your injection point isn't using up 6 bytes already?
That extra NOP after jmp newmem may be causing the problem (probably not).
You really should let Cheat Engine insert all of that boiler plate code.
You could possibly get by with just the following:
Code: | [ENABLE]
aobscan(myhack, 01 51 20 48 8B D9)
myhack:
db 90 90 90
registersymbol(myhack)
[DISABLE]
myhack:
db 01 51 20
unregistersymbol(myhack) |
|
I nopped the one instruction, I assumed I had to db 90 the rest of the bytes. Must be a mistake I didn't think of that. As it's only 01 51 20 which is the bytes of the instruction, it's just when I nop it in memory viewer theres three nops. I must've misunderstood what that means.
EDIT: Yeah I needed to uncomment mov rbx,rcx so rcx is asm for pointer. Nice one cheers
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Mar 05, 2015 3:37 pm Post subject: |
|
|
Well, in your original script, it is jumping to your custom code.
The JMP command takes up 5 bytes.
This is why CE needed to copy the two instructions (6 bytes) to your jump.
The only problem you made originally was commenting both instructions.
Should have only commented: add [rcx+20],edx
|
|
Back to top |
|
|
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Thu Mar 05, 2015 3:56 pm Post subject: |
|
|
Zanzer wrote: | Well, in your original script, it is jumping to your custom code.
The JMP command takes up 5 bytes.
This is why CE needed to copy the two instructions (6 bytes) to your jump.
The only problem you made originally was commenting both instructions.
Should have only commented: add [rcx+20],edx |
I see, this is now the script:
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"WolfNewOrder_x64.exe"+9978BA)
label(returnhere)
label(originalcode)
label(exit)
aobscan(InfAmmo, 01 51 20 48 8B D9)
newmem:
db 90 90 90 90 90 90
originalcode:
// add [rcx+20],edx
mov rbx,rcx
exit:
jmp returnhere
"WolfNewOrder_x64.exe"+9978BA:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"WolfNewOrder_x64.exe"+9978BA:
add [rcx+20],edx
mov rbx,rcx
//Alt: db 01 51 20 48 8B D9 |
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Mar 05, 2015 4:02 pm Post subject: |
|
|
Just so you know, your AOB scan and the 'db' command after newmem are doing nothing.
|
|
Back to top |
|
|
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Thu Mar 05, 2015 6:42 pm Post subject: |
|
|
Zanzer wrote: | Just so you know, your AOB scan and the 'db' command after newmem are doing nothing. |
Whys it work?
|
|
Back to top |
|
|
Doctor Death Cheater Reputation: 1
Joined: 26 Apr 2014 Posts: 42 Location: Breaking Code
|
Posted: Thu Mar 05, 2015 6:46 pm Post subject: |
|
|
I'm sorry, but you need to jump to a codecave that does nothing?.. Why don't you just overwrite the original instruction to do nothing?...
|
|
Back to top |
|
|
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Thu Mar 05, 2015 7:02 pm Post subject: |
|
|
Doctor Death wrote: | I'm sorry, but you need to jump to a codecave that does nothing?.. Why don't you just overwrite the original instruction to do nothing?... |
I just used the templates and did the db 90, how would I do what you say?
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Sat Mar 07, 2015 1:40 pm Post subject: |
|
|
GreatUnknown wrote: | Doctor Death wrote: | I'm sorry, but you need to jump to a codecave that does nothing?.. Why don't you just overwrite the original instruction to do nothing?... |
I just used the templates and did the db 90, how would I do what you say? |
Zanzer gave you the answer in the very first reply. If it doesn't work, just extend the nops out for the full 6 bytes.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
GreatUnknown Cheater Reputation: 0
Joined: 19 Oct 2014 Posts: 47
|
Posted: Sat Mar 07, 2015 11:39 pm Post subject: |
|
|
justa_dude wrote: | GreatUnknown wrote: | Doctor Death wrote: | I'm sorry, but you need to jump to a codecave that does nothing?.. Why don't you just overwrite the original instruction to do nothing?... |
I just used the templates and did the db 90, how would I do what you say? |
Zanzer gave you the answer in the very first reply. If it doesn't work, just extend the nops out for the full 6 bytes. |
Cheers sorry I didn't think it would work, I'm to use to templates, nice one.
EDIT:
The inf ammo works but one for inf health doesn't for some reason:
Code: | [ENABLE]
aobscan(InfHealth, F3 0F11 43 08)
InfHealth:
db 90 90 90 90 90
registersymbol(InfHealth)
[DISABLE]
InfHealth:
db F3 0F11 43 08
unregistersymbol(InfHealth) |
0F11 is like that in memory so I kept it like that...
|
|
Back to top |
|
|
|